다음을 통해 공유


Application Security 

This topic briefly discusses aspects of application security in ADO.NET and provides links to in-depth topics for more information.

Securing Applications

The .NET Framework provides many useful classes and services that support developers in securing applications, enabling the developer to combine Code Access Security (CAS) with role-based security.

Topic Description

Securing Applications

Discusses the advisability of designing for security and contains additional links to topics for securing distributed, mobile, Web, and desktop applications.

Recommendations for Data Access Strategies

Discusses techniques for accessing data efficiently and securely from client applications.

Code Access Security

Discusses the basics of CAS and provides links to additional topics.

Key Security Concepts

Introduces fundamental concepts for understanding security in the .NET Framework.

Securing Assemblies

The links in this section discuss securing your code and your assemblies. Strong-naming gives an application or component a unique identity that other software can use to refer explicitly to it. Strong-naming your assemblies guards them against being spoofed by an assembly that contains hostile code. It also ensures versioning consistency among different versions of a component. You must strong-name assemblies that will be deployed to the Global Assembly Cache (GAC).

Topic Description

Guidelines for Writing Secure Code

Emphasizes the importance of designing security in your applications from the start.

Creating and Using Strong-Named Assemblies

Discusses how to sign an assembly and reference it in an application.

Delay Signing an Assembly

Discusses strong-naming assemblies where the key is protected.

Strong Name Tool (Sn.exe)

Discusses using the command-line tool Sn.exe to strong-name assemblies.

Building Secure Assembl

Contains comprehensive information on writing and deploying secure code. This white paper is part of the Patterns and Practices series on MSDN.

Role-Based Security

Applications are often required to provide access to data or resources based on credentials supplied by the user. Typically, such applications check the role of a user and provide access to resources based on those roles. The Common Language Runtime (CLR) provides support for role-based authorization based on a Windows account or a custom identity. Another option is to use COM+ security with serviced components.

Windows Applications

In the past, Windows applications generally ran with full permissions. The .NET Framework provides the infrastructure to restrict code executing in a Windows application by using Code Access Security (CAS).

  • Windows Forms Security
    Discusses how to secure Windows Forms applications and provides links to related topics.

ASP.NET Applications

ASP.NET applications generally need to restrict access to some portions of the Web site and provide other mechanisms for data protection and site security.

  • Improving Web Ap
    MSDN content discussing many different aspects of Web application security. This content can be downloaded or read online.

Interoperability with Unmanaged Code

Code that runs outside the Common Language Runtime (CLR) is called unmanaged code. COM components, ActiveX interfaces, and Win32 API functions are examples of unmanaged code. Special security considerations apply when executing unmanaged code.

Enterprise Services

The System.EnterpriseServices namespace provides wrappers that allow .NET applications to integrate managed code with COM+ security services through the ServicedComponent class.

See Also

Other Resources

Securing ADO.NET Applications