When working with Security , it is important to understand these 2 terms.Authentication is the process of determining whether the user can access the system. Commonly used ways of authentication is the username and a password . Authorization : Once the user is authenticated,this process identifies the level of access allowed to a given user .Security in .NET can be achieved by1. Code access securityCAS would determine whether the code has the ability to access the resource / file and whet actions code can take. Code access securitty in .NET allows different segments of code to be trusted at different levels.Eg : FileIOPermissionsPrintingPermissionRegistryPermission2. Role based security Role based security allows you to specify what permissions a particular user has , often based on the role/windows group . It is about what user can do based on the role or the identity .Both Code access security and Role based security are based on the Permissions . Both the above can be implemented via1. DeclarativeHere , Attributes are used to describe the security .The code/Methods are tagged with security attributes that identify the security rules ..NET automatically controls the access based on the security attributes . It ensures permission demand is executed before the code runs .We can also prohibit the code to execute before it runs .2. Imperative
Read more: Senthil Kumar's Blog
Read more: Senthil Kumar's Blog