Access Control List in .NET Framework
Once you complete developing a web application, you need to secure it. This is when aspect of security comes into picture. There will be some portions of your application which need to be secured from users. Securing an application may need extra hardware to build complex multi-layer systems with firewalls, and also some highly secure features. Security enables you to provide access to a specified user after user is authenticated and authorized to access resources in your web application. The Access Control List is used in authorization process.
The basic concepts of security are Authentication, Authorization, Impersonation and Data or functional security. Authentication is process that enables to identify a user, so that only that user is provided access to resources. Authorization is process that enables to determine whether a particular user can be given access to resources that user requests. Impersonation is process that provides access to resources requested by a user under a different identity. Data or functional security is process of securing a system physically, updating operating system and using robust software.
Some elements of an operating system, Internet Information Server (IIS), and .NET Framework work in coordination to provide features required to execute security concepts mentioned above. For example, Windows 2000 uses its own list of user accounts for identifying and authenticating users. IIS identifies users based on information provided by Windows, when users access a web site. IIS after identification of users, passes this information to ASP.NET. Then user information is checked for authorization.