Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Security Application Block addresses the following areas:
- Authorization
- Security-related caching
Design Goals
The Security Application Block is designed to achieve the following goals:
- Provide a simple and intuitive interface to the commonly required authorization functionality.
- Encapsulate the logic used to perform authorization and security-related caching.
- Present a standard provider model for authorization and security-related caching.
- Ensure that the block is extensible.
- Ensure that there is minimal or negligible performance impact compared to security code that access the .NET Framework classes directly to accomplish the same functionality.
- Incorporate best practices for application security, as described in Improving Web Application Security: Threats and Countermeasures.
Design Highlights
The Security Application Block is designed to externalize the implementation of the authorization and caching provider from a running application. This design lets you change implementations without changing the code of the application. The following schematic illustrates the interrelationship between the key classes in the Security Application Block.
.png "Ff664481.c8699177-b0cf-48ee-be7a-1da90a67edb3(en-us,PandP.50).png")