Mubbasher Mukhtar | Sharing Development Experience

Namespace: System.Security.AccessControl Discretionary Access Control List (DACL) is meant for restricting/granting access to different resources at OS Level to a particular user/group. And Security Access Control Lists (SACL) allows you to audit different resource access permissions. DACL is collection of Access Control Entries (ACE). RegistryRights, FileSystemRights etc. are the ACE enumerations for their respective resources. <Type>Security provides the following Method: (DACL) GetAccessRules , (SACL) GetAuditRules , [ Add | Remove ] AccessRule , [ Add | Remove ] AuditRule . Example: public static void AddFileSecurity(string fileName, string account,             FileSystemRights rights, AccessControlType controlType) {    // Get a FileSecurity object that represents the    // current security settings.    FileSecurity fSecurity = Fil...

Namespace: System.Security.Principal Authenticating is the process of checking a user’s identity. Authorization means verifying user’s right to access the resources according to his identity. Usually authorization happens after authentication . Integrate system with Active Directory using WindowsIdentity and WindowsPrincipal . For straight-forward database, use GenericIdentity and GenericPrincipal . For a better control over user and roles implement IIdentity and IPrinciapl . WindowsIdentity Class : This class represents a windows account, along with user name and authentication code. Instance of WindowsIdentity can be created using: 1.        GetAnonymous : Returns WindowsIdentity Object of an unauthenticated user, which is used to insure that your code runs successfully. 2.        GetCurrent : Returns WindowsIdentity that represents the current logged in user. 3.    ...

Namespace: System.Security.Permissions What is Declarative Code Access Security?                 Declarative Code Access security helps in restricting access to different resources; it also intimates the user if assembly required resource can’t be granted at the time of loading; it also helps in predetermining the resources an application require to run and it also protects system and resource from an attacker who intends to access unintended/protected resources. It also makes fine-tuned permission outline to make your application run in partially-trusted zone. Because permission attribute classes are inherited from CodeAccesSecurityAttribute they share the following two most common properties . Action :                  Specifies the security action to take. Use SecurityAction enumeration. Unrestricted : ...