Question

• Describe key security features of Microsoft’s .NET Framework.
• Explain how to configure ASP.NET securely.
• Prescribe a set of network-based and computer-based controls of applications.

Answer 1

Answer:

Key Security features of Microsoft's .NET Framework:

• A solid and adaptable protection base that can be part of two segments is given by the Microsoft .NET Framework:
  a. Code Access Protection
  b. Identity-based security.
• Instead of client identities, the code access protection (CAS) model emphasizes code identities. Using CAS, as shown by their dealer or where they were stacked from, for example, you set approaches and authorizations for congregations. In the approval granting rationale, the customer personality of the coordinating cycle is unessential.
  Identity-based security, compared with CAS, speaks to an excellent approach that most programmers are confident of. Be it as it might, to take full advantage of the .NET Identity-Based security platform, you may have to confront certain essential principles.

Key Objects and Identity
The .NET System abstracts the concepts of consumers and workers, making them free from the underlying Windows platform. Identity-based authentication for .NET focuses on two basic concepts: identity objects and primary objects.
Subject of identity
Essentially, an identity object is a customer account. The valid identity object to be used in .NET authentication mechanisms is any .NET class that updates the identity interface. Three basic properties were discovered by Identity: AuthenticationType, Is Authenticated, and Name.

Four identity groups out of the box are followed by the .NET Framework:

1. WindowsIdentities

2. IdentityForms

3. IdentityPassPort

4. IdentityGeneric

To promote the progress of custom authentication methods, the Generic Identity class is provided. Yet, without any identity updating training, you will characterize your personalized Identity class since there is no special code you receive from the GenericIdentity class.
You should coordinate a Windows Identity .NET identity, which is what Windows Identity is going for. The key argument is that nothing, to the degree that .NET is concerned, renders a Windows Identity not exactly the same as other identity objects.
The standard structures of .NET authorization are meant to accept and operate with every .NET Principal and Identity objects, completely irresponsible of the whole OS.

Principal object

A Principal Object is a carrier (as per the active authentication mechanism) of all the duties to which the recipient belongs. Again, a key valid property is any .NET class that implements the IPrincipal Interface. The IPrincipal interface exposes the Identity property (that returns the underlying Identity object) as well as the IsInRole method.
In the .NET Application class library, two key items are included: WindowsPrincipal and GenericPrincipal. If you use a WindowsIdentity, WindowsPrincipal pair, the Principal function collection is created with the Windows classes belonging to the Windows owner.