|
Before .NET any code that ran on a user's machine, regardless of the
origin of the code, ran with the same rights as the user. In far too
many cases Windows users run with Administrator privileges meaning that
the code they run can do just about anything it wants.
The .NET Framework introduces a number of important new concepts in
security. Code Access Security together with the policies that govern
it, are referred to as Evidence Based Security. When code is run within
the Common Language Runtime (CLR) it is granted or denied permissions to
system resources based on evidence, for example the origin of the
assembly (local hard drive, network, internet), the assembly publisher,
or the digital signature.
In this session we will discuss how to work with the .NET security
features in code, administer groups and policies using the .NET
Configuration Tools and discuss strategies you can use when developing
applications that will not run with full trust. |