Resource based security in .net  
Author Message
TA123





PostPosted: Common Language Runtime, Resource based security in .net Top

Hi All,

In java we have both role based and resource based security(which is implemented using Access control list).

Do we have something like resource control list in .net.

I don't think CAS is equivalent of resource based because in resource based security we can define who all users are allowed to access a particular resource while in CAS we assign individual assemblies with different resources permissions.So in CAS, we can't list one resource and say that allowed users list for this resource is so and so.

Can somebody please throw some light on this

Regards



.NET Development8  
 
 
Sean Hederman





PostPosted: Common Language Runtime, Resource based security in .net Top

Yes, you can find the classes for it in the System.Security.AccessControl namespace, in mscorlib.

 
 
CanUHelpMe





PostPosted: Common Language Runtime, Resource based security in .net Top

Ya i agree that we can modify the access control of an resource using accesscontrol namespace.

But suppose a malicious code is downloaded from internet (it doesn't have the access contr check).

Then how will we stop that assembly from accessing our resource.

Some people recommend that for four basic types of applciations namely:

1.Standalone desktop application

2.Enterprise application

3.B2C application

4.B2C application

Out of these stanalone applications and B2B applications which are using resources are recomended to use resource based authorization.

while creating a typical applications on any of the four types above, how should we go about security.

Can you please clarify this or provide me some link to any website where i can get more on this

Regards


 
 
Sean Hederman





PostPosted: Common Language Runtime, Resource based security in .net Top

I obviously misunderstood what you mean by resource based authorization. As I see it, CAS defines what code is allowed to do, and access control defines what a user is allowed to do. For any application, it is alowed to do the intersection of the two permission sets.

So where does resource based security fit in How would you say it differs from access control