- What’s
the difference between code-based security and role-based security? Which
one is better? Code security is the
approach of using permissions and permission sets for a given code to
run. The admin, for example, can disable running executables off the
Internet or restrict access to corporate database to only few
applications. Role-based security most of the time involves the code
running with the privileges of the current user. This way the code
cannot supposedly do more harm than mess up a single user account.
There’s no better, or 100% thumbs-up approach, depending on the nature
of deployment, both code-based and role-based security could be
implemented to an extent. - How can you work with permissions from your .NET application?
You can request
permission to do something and you can demand certain permissions from other
apps. You can also refuse permissions so that your app is not inadvertently used
to destroy some data.
- How can C# app request minimum permissions?
using
System.Security.Permissions;
[assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum,
Unrestricted=true)]
System.Security.Permissions;
[assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum,
Unrestricted=true)]
- What’s a code group?
A code group is a set of assemblies that share a security
context.
- What’s
the difference between authentication and authorization?
Authentication happens first. You verify user’s identity based on
credentials. Authorization is making sure the user only gets access to
the resources he has credentials for. - What
are the authentication modes in ASP.NET?
None, Windows, Forms and Passport. - Are the actual permissions for the application defined at run-time or compile-time?
No comments:
Post a Comment
Comment Here