.NET Framework Security

The .NET Framework provides several mechanisms for protecting resources and code from unauthorized code and users:

• ASP.NET Web Application Security provides a way to help limit faccess to a site by comparing authenticated credentials (or representations of them) to Microsoft Windows NT file system permissions or to an XML file that lists authorized users, authorized roles, or authorized HTTP verbs.
• Code access security uses permissions to help limit the access that code has to protected resources and operations. It helps protect computer systems from malicious mobile code and helps provide a way to allow mobile code to run safely. (Code access security, together with the policies that govern it, are referred to as evidence-based security.)
• Role-based security provides information needed to make decisions about what a user is allowed to do. These decisions can be based on either the user's identity or role membership, or both.

The following topics describe .NET Framework security:

• Securing ASP.NET Web Applications
• Code Access Security
• Cryptographic Services
• Key Security Concepts
• Role-Based Security
• Secure Coding Guidelines
• Security Policy Best Practices
• Security Policy Management
• Security Tools