| .NET Development Foundation | |
|---|---|
Exam objective:Improving the security of the .NET Framework applications by using the .NET Framework 2.0 security features
 | Wikipedia has related information atCode access security |
Code access security, CAS, allows the control of various permissions granted to specific managed applications.MSDN
Permissions allow access to system resources. A permission set is a collection of permissions. A code group relates exactly one permission set to exactly one evidence type. Evidence is used to identify an assembly. Evidence types can include the application directory, cryptographic hash of the assembly, publisher's digital signature, site from which the assembly was downloaded, cryptographic strong name of the assembly, URL from which the assembly was downloaded, and the security zone in which the assembly is running. Security zones include the computer zone, local Intranet zone, Internet zone, trusted site, and untrusted sites. See the Internet options security tab in Internet Explorer to view various security zones. An assembly can be associated with multiple code groups. Permission sets can be associated with multiple code groups.
A security policy is a logical grouping of code groups and permission sets. An untrusted managed assembly must pass through four security policies: The Enterprise security policy, machine security policy, user security policy, and application domain security policy. Any one of these security policies can deny an untrusted managed assembly permissions.
Exam objective: Implement code access security to improve the security of a .NET Framework application.
(Refer System.Security namespace)
SecurityManager class -MSDN
CodeAccessPermission class -MSDN
Modify the Code Access security policy at the machine, user, and enterprise policy level by using the Code Access Security Policy tool (Caspol.exe) -MSDN
PermissionSet class, NamedPermissionSet class, and PermissionSetCollection class
Standard Security interfaces
Exam objective:Implement access control by using the System.Security.AccessControl classes.
DirectorySecurity class, FileSecurity class, FileSystemSecurity class, and RegistrySecurity class
AccessRule class -MSDN
AuthorizationRule class and AuthorizationRuleCollection class
CommonAce class, CommonAcl class, CompoundAce class, GenericAce class, and GenericAcl class
AuditRule class -MSDN
MutexSecurity class, ObjectSecurity class, and SemaphoreSecurity class
Exam objective:Implement a custom authentication scheme by using the System.Security.Authentication classes.
(Refer System.Security.Authentication namespace -MSDN)
For a reference on custom authentification schemes seeMSDN
Exam objective:Encrypt, decrypt, and hash data by using the System.Security.Cryptography classes.
(Refer System.Security.Cryptography namespace)
DES class and DESCryptoServiceProvider class
HashAlgorithm class -MSDN
DSA class and DSACryptoServiceProvider class
SHA1 class and SHA1CryptoServiceProvider class
TripleDES and TripleDESCryptoServiceProvider class
MD5 class and MD5CryptoServiceProvider class
RSA class and RSACryptoServiceProvider class
RandomNumberGenerator class -MSDN
CryptoStream class -MSDN
CryptoConfig class -MSDN
RC2 class and RC2CryptoServiceProvider class
AssymetricAlgorithm classMSDN
ProtectedData class and ProtectedMemory class
RijndaelManaged class and RijndaelManagedTransform class
CspParameters class -MSDN
CryptoAPITransform class -MSDN
Hash-based Message Authentication Code (HMAC) -MSDN
Exam objective:Control permissions for resources by using the System.Security.Permission classes.
(Refer System.Security.Permission namespace)
SecurityPermission class -MSDN
PrincipalPermission class -MSDN
FileIOPermission class -MSDN
StrongNameIdentityPermission class -MSDN
UIPermission class -MSDN
UrlIdentityPermission class -MSDN
PublisherIdentityPermission class -MSDN
GacIdentityPermission class -MSDN
FileDialogPermission class -MSDN
DataProtectionPermission class -MSDN
EnvironmentPermission class -MSDN
IUnrestrictedPermission interface -MSDN
RegistryPermission class -MSDN
IsolatedStorageFilePermission class -MSDN
KeyContainerPermission class -MSDN
ReflectionPermission class -MSDN
StorePermission class -MSDN
SiteIdentityPermission class -MSDN
ZoneIdentityPermission class -MSDN
Exam objective:Control code privileges by using System.Security.Policy classes.
(Refer System.Security.Policy namespace)
ApplicationSecurityInfo class and ApplicationSecurityManager class
ApplicationTrust class and ApplicationTrustCollection class
Evidence class and PermissionRequestEvidence class
CodeGroup class, FileCodeGroup class, FirstMatchCodeGroup class, NetCodeGroup class, and UnionCodeGroup class
Condition classes
PolicyLevel class and PolicyStatement class
IApplicationTrustManager interface, IMembershipCondition interface, and IIdentityPermissionFactory interface
Exam objective:Access and modify identity information by using the System.Security.Principal classes.
(Refer System.Security.Principal namespace)
GenericIdentity class and GenericPrincipal class
WindowsIdentity class and WindowsPrincipal class
NTAccount class and SecurityIdentifier class
IIdentity interface and IPrincipal interface
WindowsImpersonationContext class -MSDN
IdentityReference class and IdentityReferenceCollection class