Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Authentication and Authorization

Friday, December 19, 2003 Comments

 .NET  .NET Remoting  ArchitecturePatterns  CLR  COMPlus EnterpriseServices  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

Last night, I had the opportunity to speak to the New Hampshire .Net Users Group about .Net Security, in particular speaking about User (Role-Based) Security and Code Access Security.   My emphasis was on how .Net addresses these important issues in security:

Authentication:  Who are you? 

Authorization:  What are you permitted to do?

While doing some research for this presentation, I found this nice little book from the Microsoft Patterns and Practices Group called Designing Application-Managed Authorization (you can download the PDF here).  This book details some of the ideas I spoke about last night regarding use of the Principal and Identity objects to validate a user (Authentication above) as well as various methods to enforce what that user is able to do (Authorization above).

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook