Security in the .NET Framework

Visual Studio 2010

The common language runtime and the .NET Framework provide many useful classes and services that enable developers to easily write secure code and enable system administrators to customize the permissions granted to code so that it can access protected resources. In addition, the runtime and the .NET Framework provide useful classes and services that facilitate the use of cryptography and role-based security.

Important
Effective with the .NET Framework version 4, there are major changes to the code access security system. Security policy is no longer applied to applications. All applications that can be run from the desktop are now executed as full-trust applications. This includes both applications on the computer and applications that can be run from a network share. Partially trusted applications must be run in a sandbox, which determines their grant set. The permission system continues to be used, but it is transcended by security transparency rules. For information about these changes, see Security Changes in the .NET Framework 4.

Important

Effective with the .NET Framework version 4, there are major changes to the code access security system. Security policy is no longer applied to applications. All applications that can be run from the desktop are now executed as full-trust applications. This includes both applications on the computer and applications that can be run from a network share. Partially trusted applications must be run in a sandbox, which determines their grant set. The permission system continues to be used, but it is transcended by security transparency rules. For information about these changes, see Security Changes in the .NET Framework 4.

In This Section

Security Changes in the .NET Framework 4: Describes important changes to the .NET Framework security system.
Security How-to Topics: Lists links to How-to topics contained in this section.
Key Security Concepts: Provides an overview of common language runtime security features. This section is of interest to developers and system administrators.
Code Access Security: Describes how to interact with code access security in your code. This section is important to developers and can be of interest to system administrators.
Role-Based Security: Describes how to interact with role-based security in your code. This section is of interest to developers.
Cryptographic Services: Provides an overview of cryptographic services provided by the .NET Framework. This section is of interest to developers.
Security Policy Management: (Applies only to code that uses legacy security rules.) Describes how to manage code access security policy. This section is of interest to system administrators who manage .NET Framework applications.
Security Policy Best Practices: (Applies only to code that uses legacy security rules.) Describes some of the best practices for administrating code access security policy. This section is of interest to system administrators who manage .NET Framework applications.
Secure Coding Guidelines: Describes some of the best practices for creating reliable .NET Framework applications. This section is of interest to developers.
ACL Technology Overview: Describes the managed classes that enable you to programmatically create or modify discretionary access control lists (DACLs) and system access control lists (SACLs) for protected resources such as files and folders. This section is of interest to developers.

Related Sections

Security Tools (.NET Framework): Describes command-line tools that help you perform security-related tasks, such as configuring security policy, managing certificates, and digitally signing files.
ASP.NET Web Application Security: Describes ASP.NET security and provides instructions for using it in your code.
Configuring Security Policy: (Aapplies only to code that uses legacy security rules.) Describes how to configure security policy using the .NET Framework Configuration tool and the Code Access Security Policy tool, and how to import security components using XML files.