Security in the .NET Framework
The common language runtime and the .NET Framework provide many useful classes and services that enable developers to easily write secure code and enable system administrators to customize the permissions granted to code so that it can access protected resources. In addition, the runtime and the .NET Framework provide useful classes and services that facilitate the use of cryptography and role-based security.
Effective with the .NET Framework 4, there are major changes to the code access security system. Security policy is no longer applied to applications. All applications that can be run from the desktop are now executed as full-trust applications. This includes both applications on the computer and applications that can be run from a network share. Partially trusted applications must be run in a sandbox, which determines their grant set. The permission system continues to be used, but it is transcended by security transparency rules. For information about these changes, see Security Changes in the .NET Framework.
In This Section
- Security Changes in the .NET Framework
Describes important changes to the .NET Framework security system.
- Key Security Concepts
Provides an overview of common language runtime security features. This section is of interest to developers and system administrators.
- Code Access Security
Describes how to interact with code access security in your code. This section is important to developers and can be of interest to system administrators.
- Role-Based Security
Describes how to interact with role-based security in your code. This section is of interest to developers.
- .NET Framework Cryptography Model
Provides an overview of cryptographic services provided by the .NET Framework. This section is of interest to developers.
- Secure Coding Guidelines
Describes some of the best practices for creating reliable .NET Framework applications. This section is of interest to developers.
- Secure Coding Guidelines for Unmanaged Code
Describes some of the best practices and security concerns when calling unmanaged code.
- How to: Run Partially Trusted Code in a Sandbox
Explains how to run code in a restricted security environment to limit its access permissions.
- Windows Identity Foundation 4.5 Overview
Describes how you can implement claims-based identity in your applications.
- .NET Framework Development Guide
Provides a guide to all key technology areas and tasks for application development, including creating, configuring, debugging, securing, and deploying your application, and information about dynamic programming, interoperability, extensibility, memory management, and threading.