Along with speaking at the Boston .NET User Group (at the Microsoft offices in Waltham, MA) on July 14, I will be speaking to the new Downtown Boston .NET User Group on August 5 at 5:30 PM. This group started on July 1 in Boston, and is being held at the Adesso Systems offices.
Rather than present the same topic twice, I will be presenting a general security overview for the developer in Waltham, and a more specific introduction to .Net Security in Boston with a look at Code Access Security:
In unmanaged Win32 applications, the operating system authorized access to resources based solely on who was running the program. In today's highly distributed, component-oriented environment, you need a security model based on what a given piece of code, a component, is allowed to do. .NET allows you to configure permissions for components, and provide an evidence to prove that it has the right credentials to access a resource or perform some sensitive work. This talk will cover evidence, policy, permissions, and runtime enforcement (stalk walking, etc.) I will also show how to manage application security using the .Net configuration tool and programmatically.
I have found that CAS is probably one of the most difficult areas in .Net Security to master, yet it will prove to be more and more important to understand for developing secure applications now and in the future (especially with Longhorn). Don't miss it!
Update: To try to reduce confusion, the official names of the Boston .NET Groups are as follows:
1. Boston .NET User Group (Waltham, MA)
2. Downtown Boston .NET User Group (Boston, MA)