Secure Coding Guidelines
Evidence-based security policy and code access security provide very powerful, explicit mechanisms to implement security. Most application code can simply use the infrastructure implemented by the .NET Framework. In some cases, additional application-specific security is required, built either by extending the security system or by using new ad hoc methods.
Using the .NET Framework-enforced permissions, and other enforcement in your code, you should erect barriers to prevent malicious code from obtaining information that you do not want it to have or performing other undesirable actions. Additionally, you must strike a balance between security and usability in all the expected scenarios using trusted code.
In This Section
Secure Coding Overview
Provides an overview of basic secure coding techniques.Permission Requests
Describes how to interact with the .NET Framework security system using security requests.Securing State Data
Describes how to protect private members.Securing Method Access
Describes how to help protect methods from being called by partially trusted code.Securing Wrapper Code
Describes security concerns for code that wraps other code.Security and Public Read-only Array Fields
Describes security concerns for code that uses public read-only arrays found in .NET libraries.Securing Exception Handling
Describes security concerns for handling exceptions.Security and User Input
Describes security concerns for applications that accept user input.Security and Remoting Considerations
Describes security concerns for applications that communicate across application domains.Security and Serialization
Describes security concerns when serializing objects.Security and Race Conditions
Describes how to avoid race conditions in your code.Security and On-the-Fly Code Generation
Describes security concerns for applications that generate dynamic code.Dangerous Permissions and Policy Administration
Describes permissions that can potentially allow security to be circumvented.Security and Setup Issues
Describes considerations for testing and setup of your application.How to: Run Partially Trusted Code in a Sandbox
Explains how to run a partially trusted application in a restricted security environment, which limits the code access permissions granted to it.
Related Sections
Securing ASP.NET Web Applications
Describes ASP.NET security in detail and provides instructions for using it in your code.Code Access Security
Describes .NET Framework code access security in detail and provides instructions for using it in your code.Role-Based Security
Describes .NET Framework role-based security in detail and provides instructions for using it in your code.Security Policy Management
Describes the .NET Framework security policy model.