Key Security Concepts

The Microsoft .NET Framework offers security transparency, code access security and role-based security to help address security concerns about mobile code and to provide support that enables components to determine what users are authorized to do. These security mechanisms use a simple, consistent model so that developers familiar with code access security can easily use role-based security, and vice versa. Both code access security and role-based security are implemented using a common infrastructure supplied by the common language runtime.

Note

Starting with the .NET Framework version 4, security transparency is the default enforcement mechanism. Security transparency separates code that runs as part of the application from code that runs as part of the infrastructure. For more information, see Security-Transparent Code.

Because they use the same model and infrastructure, code access security and role-based security share several underlying concepts, which are described in this section. Make sure that you are familiar with these concepts before reading the documentation for .NET Framework code access security and role-based security.

In This Section

• Security Permissions
  Describes permission objects and how they are used by the runtime.

• Type Safety and Security
  Describes memory type safety and the security benefits it provides.

• Principal
  Describes three kinds of principals supported by .NET Framework role-based security.

• Authentication
  Provides an overview of the authentication process used in .NET Framework role-based security.

• Authorization
  Provides an overview of the authorization process used in .NET Framework role-based security.

• Security Concerns for Internal Virtual and Overloads Overridable Friend Keywords
  Explains security concerns when using these keywords.

Related Sections

• ASP.NET Web Application Security
  Describes ASP.NET security in detail and provides instructions for using it in your code.

• Code Access Security
  Describes .NET Framework code access security in detail and provides instructions for using it in your code.

• Role-Based Security
  Describes .NET Framework role-based security in detail and provides instructions for using it in your code.

• Security-Transparent Code, Level 2
  Describes how security transparency is implemented in the .NET Framework 4.