.NET Security Policies and Groups

Overview

The .NET Framework offers a robust security model for dealing with application security. Each application that runs on System must pass the security System.

Let us learn about the .NET Security model and its related policies.

Security Policies

The .Net Framework controls applications in the Common Language Runtime (CLR) with strict security policies. These policies determine how applications are allowed to run and access resources within the CLR.

The CLR security policy is the set of rules, configured by the system administrator that matches permissions with system resources. All managed code within the CLR is governed by the security policies. There are four levels of security policy in the CLR:

1.       Enterprise – level Policies.

2.       Machine – level policies.

3.       User-level policies.

4.       Application Domain Policies.

All the above Security policies mentioned are hierarchical that is security rights flow from Enterprise-level. Lower-level policies cannot increase permissions set at a higher level but they can decrease the permission level.

Enterprise Level Policies

Enterprise-level policies are the highest level of security policies that govern applications in the CLR. These can only be set by the system administrator (or a user within the Administrators group), and they affect all applications running in the enterprise domain.

Machine Level Policies

Machine-level security policies define the security rules for all applications running on an individual computer system. This is the level at which application policies for a system are most commonly set. All applications running on the system are controlled by the machine-level policies.

User Level Policies

User-level policies define the security rules applied to individual user accounts on the computer system. Individual users can be restricted from accessing resources on the system based on user-level policies.

Application Domain Policies

Application domain policies define the security rules applied to all applications running in a set application domain. There may be more than one application domain running on a single system at a time, so an individual application can be affected by several application domain policies.

Security Groups

Security groups are defined to control what policies are applicable for a set of applications. Groups are defined based on Characteristic of the applications such as the application creator or the original location of the application.

Let us have a close look with the CLR Application Groups