-----------------------------------------------------------
New Message on MumbaiUserGroup
-----------------------------------------------------------
From: Saurabh_Rajderkar
Message 1 in Discussion
Securing Windows Forms Applications What are the two major areas of
security in the .NET Framework?
Answer
The two major areas of security in the .NET Framework are code access security
and role-based security.
How are evidence, security policy, and permissions related?
Answer
The runtime uses security policy to map evidence to permissions.
What are the three types of permission requests that you can make?
Answer
You can make minimum, optional, and refused permission requests.
What kind of permissions should you include in a minimum permission
request?
Answer
Include in a minimum permission request any permission that is absolutely
necessary for your code to run successfully.
What are the two ways to configure the security policy to test an
application?
Answer
You can use the .NET Framework Configuration tool (Mscorcfg.msc) or the Code
Access Security tool (Caspol.exe) to configure the security policy.
What are authentication and authorization?
Answer
Authentication is the process of validating a user's credentials. Authorization
is the process of deciding whether an authenticated user is allowed to access a
resource.
Describe when you would use a WindowsPrincipal object and when you
would use a CustomPrincipal object to implement role-based security.
Answer
Use a WindowsPrincipal when your role-based security decisions are based on
Windows users and groups. Use a CustomPrincipal when your role-based security
decisions are based on another authentication mechanism, such as a SQL Server
database.
What method of the Principal class do you use to perform role check?
Answer
You use the IsInRole method of the Principal class.
What are the three main steps to implement role-based security with
GenericIdentity and GenericPrincipal objects in your application?
Answer
The three main steps to implement role-based security with b and
GenericPrincipal objects are: Create a new instance of the
GenericIdentity class and initialize it with the name you want it to hold.
Create a new instance of the GenericPrincipal class and initialize it with
the previously created GenericIdentity object and an array of strings that
represent the roles that you want associated with this principal.
Attach the principal to the current thread. Attaching the principal to the
current thread is valuable in situations where the principal must be validated
several times, it must be validated by other code running in your application,
or it must be validated by a PrincipalPermission object.
Saurabh Rajderkar.
-----------------------------------------------------------
To stop getting this e-mail, or change how often it arrives, go to your E-mail
Settings.
http://groups.msn.com/mumbaiusergroup/_emailsettings.msnw
Need help? If you've forgotten your password, please go to Passport Member
Services.
http://groups.msn.com/_passportredir.msnw?ppmprop=help
For other questions or feedback, go to our Contact Us page.
http://groups.msn.com/contact
If you do not want to receive future e-mail from this MSN group, or if you
received this message by mistake, please click the "Remove" link below. On the
pre-addressed e-mail message that opens, simply click "Send". Your e-mail
address will be deleted from this group's mailing list.
mailto:[EMAIL PROTECTED]
