|
Dotnet
>>
Windows Code
Security Questions
1) What’s the difference between code-based security and
role-based security? Which one is better? Code security is
the approach of using permissions and permission sets for a
given code to run. The admin, for example, can disable
running executables off the Internet or restrict access to
corporate database to only few applications. Role-based
security most of the time involves the code running with the
privileges of the current user. This way the code cannot
supposedly do more harm than mess up a single user account.
There’s no better, or 100% thumbs-up approach, depending on
the nature of deployment, both code-based and role-based
security could be implemented to an extent.
2)How can you
work with permissions from your .NET application? You can
request permission to do something and you can demand certain
permissions from other apps. You can also refuse permissions
so that your app is not inadvertently used to destroy some
data.
3)How can C# app request minimum permissions?
using System.Security.Permissions;
[assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum,
Unrestricted=true)]
4)What’s a code group? A code group is a set of assemblies
that share a security context.
5)What’s the difference between authentication and
authorization? Authentication happens first. You verify
user’s identity based on credentials. Authorization is making
sure the user only gets access to the resources he has
credentials for.
6)What are the authentication modes in ASP.NET? None,
Windows, Forms and Passport.
7)Are the actual permissions for the application defined at
run-time or compile-time? The CLR computes actual permissions
at runtime based on code group membership and the calling
chain of the code.
|
|
