|
.NET Security - August 29, 2008 at 15:00 PM by Amit Satpute
Explain what a permissiong is.
Permissioning is tha ability the CLR possesses to allow or deny a certain
program to access a resource. The .net set of permissions is included in the
System.Security.Permissions namespace. A user can create his own permission set
and should include it in .NET security system.
The list of in-built permission sets is as follows:
- Nothing permission set
- Execution permission set
- Internet permission set
- LocalIntranet permission set
- Everything permission set
- SkipVerification permission set
- FullTrust permission set
What are the differences between declarative and imperative security.
Declarative and imperative are the different syntax schemes used to implement
security declarations in .NET Framework. In declarative security, attribute
syntax is used. The security constraints are stored in the assembly at compile
time. The disadvantage of declarative security is that there are tools which
extract security requirements from the metadata in the assembly.
In imperative implementation, the attribute syntax is not used. It is
implemented by writing the regular code to provide restrictions.
Explain role-based and code based security.
Based on the credentials of the user, the access is provided to the user.
Role-based authorization is provided by the CLR to an account. It mostly
involves the code running with the privileges of the current user.
Code security is about granting and denying permissions from the permission
sets.
|