.NET security

Explain what a permissiong is.

Permissioning is tha ability the CLR possesses to allow or deny a certain program to access a resource. The .net set of permissions is included in the System.Security.Permissions namespace. A user can create his own permission set and should include it in .NET security system.

The list of in-built permission sets is as follows:

- Nothing permission set
- Execution permission set
- Internet permission set
- LocalIntranet permission set
- Everything permission set
- SkipVerification permission set
- FullTrust permission set

What are the differences between declarative and imperative security.

Declarative and imperative are the different syntax schemes used to implement security declarations in .NET Framework. In declarative security, attribute syntax is used. The security constraints are stored in the assembly at compile time. The disadvantage of declarative security is that there are tools which extract security requirements from the metadata in the assembly.

In imperative implementation, the attribute syntax is not used. It is implemented by writing the regular code to provide restrictions.

Explain role-based and code based security.

Based on the credentials of the user, the access is provided to the user.

Role-based authorization is provided by the CLR to an account. It mostly involves the code running with the privileges of the current user.

Code security is about granting and denying permissions from the permission sets