The .NET runtime provides a simple role-based security mechanism that enables code to make security decisions based on the user that is running the code, and the roles to which the user belongs. .NET's role-based security model is independent of any underlying authentication and authorization mechanism, and relies on two key abstractions that represent the user and their roles: identities and principals. An identity represents an authenticated user, and the principal is a container that holds both the identity and the set of roles to which the identity belongs. Principals are assigned to threads and provide the information necessary for the runtime to authorize and control the actions of the current user.
The System.Security.Principal namespace contains the interfaces that define the functionality of identities and principals, and includes two concrete role-based security implementations. The first implementation consists of the classes named with the prefix "Generic." The generic role-based security implementation is simple and requires direct manipulation to configure identities and principals, but can be used in conjunction with any user authentication and authorization mechanism. The second implementation consists of the classes named with the prefix "Windows." The Windows role-based security implementation integrates with the Windows user accounts mechanism and allows code to base security decisions on Windows user accounts, and the user groups to which they belong.
Role-based security is enforced using security demands similar to those used to enforce code-access security. The System.Security.Permissions.PrincipalPermission class provides support for imperative role-based security demands, and the System.Security.Permissions.PrincipalPermissionAttribute class provides support for declarative demands. When code invokes a role-based security demand, the runtime evaluates the principal of the current thread to ensure that it has the demanded identity and roles. If not, the demand raises a System.Security.SecurityException. Role-based security demands do not cause stack walks.
Figure 29-1 shows the types in this namespace.