.Net Role Based & Code Access Security - Interview Questions

What is code security? What are the types?

Answer - .Framework provides the security features to secure code from unauthorized users and unauthorized uses.
There are two types of code security:
Role based security: This authorizes user.
Code access security: This protects system resources from unauthorized calls.

Define Principal object.

Answer - The Principal object represents authenticated users. It contains information about user’s identity and role. You have PrincipalPermission object in .Framework that specifies user and its role. It has Demand method that checks the current user or Principal against the name and role specified in the PrincipalPermission.

Define declarative and imperative security.

Answer - Security checks can be applied imperatively or declaratively. Declarative security is applied by associating attribute declarations that specify a security action with classes or methods. Imperative security is applied by calling the appropriate methods of a Permission object that represents the Principal (for role-based security) or system resource (for code access security).

Define role-based security.

Answer - Role-based security is to verify the role and/or identity of the current Principal object.

Explain code access security.

Answer - Code access security protects code from unauthorized calls. You can prevent access to the system resources using Permission object. The permission object specifies user and its role. The demand method of permission object checks if specified user and role matches with the current user.

What is Code group?

Answer - Code groups represent collections of code and each code group has an associated set of permissions.

Define the use of Caspol.exe.

Answer - It is DOS command to view and alter code access security policy.