When Should I Use the Security Application Block?
The Security Application Block includes implementations of functionality that makes it easy to perform authorization, security-related caching, and session management. If your applications require the provided implementations, you can use the Security Application Block to provide this functionality. However, the block is also designed to be extensible and includes generic providers for each function. You can adapt the providers to meet your own security requirements.
Scenarios for the Security Application Block
The Security Application Block is designed to address the most common tasks developers face when they are writing applications that require security functionality. These tasks have been arranged according to scenarios. Each scenario gives an example of a real-world situation, such as authenticating a user, discusses the security functions the situation requires, and shows the code that accomplishes the task.
The goal of arranging these tasks according to scenarios is to give the code some context. Instead of showing an isolated group of methods, with no sense of where they can best be used, scenarios provide a setting for the code, putting it in situations familiar to many developers whose applications must use security features.
The Key Scenarios section includes the following scenarios:
- Obtaining a Temporary Token for an Authenticated User
- Authenticating a User Using a Token
- Terminating a User Session (Expiring a Token)
- Determining Whether a User Is Authorized to Perform a Task
Benefits of the Security Application Block
The Enterprise Library Security Application Block helps developers implement common authorization-related functionality in their applications. Applications can use the Security Application Block to support authorization and to cache a user's authorization and authentication data. Together with the Microsoft .NET Framework 2.0 features, developers can easily implement common security-related functionality.
The Security Application Block has the following features:
- It reduces the requirement to write boilerplate code to perform standard tasks.
- It helps maintain consistent security practices, both within an application and across the enterprise.
- It reduces the learning curve for developers by using a consistent architectural model across the various areas of functionality provided.
- It provides implementations that you can use to solve common application security problems.
- It is extensible; it supports custom implementations of security providers.
Limitations of the Security Application Block
If you use the Security Application Block to cache security-related information, the default caching store provider for the security cache is the Caching Application Block. Although the Caching Application Block can be configured to encrypt cache data in backing stores, it does not support encryption of cache data stored in memory. If an attacker compromises the computer and accesses the memory of your process, he or she can access information stored in the cache.
If this threat is significant for your application, you should avoid storing sensitive information such as credit card numbers or passwords in the cache or use an alternate caching store provider that supports in-memory encryption.