Click here to Skip to main content
13,797,606 members
Click here to Skip to main content
Add your own
alternative version


43 bookmarked
Posted 28 Apr 2006

The .NET Framework Security Model

, 28 Apr 2006
Rate this:
Please Sign up or sign in to vote.
An article on the .NET framework security model.


When I was first faced with the .NET Framework security and cryptography fist, I noticed that most of the quick-start articles sufferes from lots of low-level details and explanations of the nuts and bolts of .NET Framework Security.

But for the first time, I needed a brief, easy to understand and remember tutorial, instead. So, actually this is not an article. This is rather a bird's-eye overview of the .NET Framework security model, with visual illustrations.

Security concepts

You can implement the security model in your applications in a declarative and/or an imperative way. In most cases, you should prefer declarative security, and implement the security model only when some application security issues can be known only at runtime.

Sample of declarative security:

[assembly : FileDialogPermissionAttribute(

Sample of imperative security:

FileDialogPermission fileDlgPermission = new 

if (myDlgForm.ShowDialog() == DialogResult.OK)

.NET Framework Security Model

Code Access Security (CAS)


Code groups

CLR examines all code groups in the hierarchy. When the code group is marked as Exclusive, then the CLR stops checking for group membership. Next, the CLR determines the permission sets for each code group. If the code is a member of the code group that is marked as Exclusive, only the permission set of that code group is taken into account, otherwise the CLR calculates the permission as a Union of all permission sets of all code groups that the running code is a member of.

Computing Permissions

Any code group can have a LevelFinal property; in that case, the CLR stops its examinations there.


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Alex Getman
Web Developer
Ukraine Ukraine

You may also be interested in...

Comments and Discussions

GeneralMy vote of 3 Pin
Anirudha_Gohokar16-Mar-12 5:00
memberAnirudha_Gohokar16-Mar-12 5:00 
GeneralTurn Security Off Pin
buyValu18-Jun-07 11:21
memberbuyValu18-Jun-07 11:21 
GeneralComponent level security Pin
Marc Clifton28-Apr-06 10:36
protectorMarc Clifton28-Apr-06 10:36 
What about security at the component level--being able to associate a group or a role with data, and having the security "bits", as it were, control visibility and read/write properties of controls/menus in the application. Nobody seems to go down to that level of granularity.

What about spoofing data, so that when Bill Gates goes to the clinic for his regular physical, he shows up as "Bill Doe", or something, so that the workers don't know they have "the scoop" on his personal diseases?

Does any third party library/security model address these issues, that you know of?


Some people believe what the bible says. Literally. At least [with Wikipedia] you have the chance to correct the wiki -- Jörgen Sigvardsson

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Cookies | Terms of Use | Mobile
Web05 | 2.8.181207.3 | Last Updated 28 Apr 2006
Article Copyright 2006 by Alex Getman
Everything else Copyright © CodeProject, 1999-2018
Layout: fixed | fluid