Exam 70-553 - Implement access control by using the System.Security.AccessControl classes.

Section 1
  • Part 4:

    Improving the security of .NET Framework applications by using the .NET Framework 2.0 security features

    • Topic 1

Implement access control by using the System.Security.AccessControl classes.

  • DirectorySecurity class, FileSecurity class, FileSystemSecurity class, and RegistrySecurity class
  • AccessRule class
  • AuthorizationRule class and AuthorizationRuleCollection class
  • CommonAce class, CommonAcl class, CompoundAce class, GeneralAce class, and GeneralAcl class
  • AuditRule class
  • MutexSecurity class, ObjectSecurity class, and SemaphoreSecurity class


The entire System.Security.AccessControl Namespace is new to .Net 2.0. It encapsulated everything that you could manually do to a file or folder by going to the Security tab of the properties dialog and change the access permissions, click on advanced and set up auditing and permissions inheritance.

The DirectorySecurity and FileSecurity Classes represent the access control and security for directories and files. Using these classes you can define the rules for a file and pass it to the System.IO objects as you create them.

The FileSystemSecurity Class is the base class for the directorysecurity and filesecurity classes.

The RegistrySecurity Class represent access control security for registry keys.

The AccessRule Class represents the user, an access mask, control type (allow or deny), and inheritance information. Each Rule can be applied to one of the previously mentioned classes to define policy.

The AuthorizationRule Class is the base class for the AccessRule and AuditRule Classes. The AuthorizationRule Collection is a strongly typed collection of AuthorizationRules.

The CommonAce, CommonAcl, CompoundAce, GeneralAce and GeneralAce Classes all represent Access Control Lists or Access Control Entries.

The AuditRule Class represents the entry you would make to setup auditing of a file or directory.

Object Security is the base class of the CommonObjectSecurity class which exposes methods for accessing the five parts of a security descriptor.

The following is my understanding of MutexSecurity and SemaphoreSecurity. They provide security for instances of the Mutex and Semaphore Classes. Both are used primarily in multithreaded environments to manage access to a resource. Where Semaphores allow more than one accesses, Mutexes can only allow one.

Other Resources & Links:

Setting ACE/ACL permissions in .NET 2.0

Security Enhancements for the .Net Framework 2.0

The Windows Access Control Model Part 3

DirectorySecurity Class

FileSecurity Class

FileSystemSecurity Class

RegistrySecurity Class

AccessRule Class

AuthorizationRule Class

AuthorizationRuleCollection Class

CommonACE Class

CommonACL Class

AuditRule Class

MutexSecurity Class

ObjectSecurity Class


Exam 70-553 - Implement a custom authentication scheme by using the System.Security.Authentication classes.

Exam 70-553 - Compress or decompress stream information and improve the security of application data by using isolated storage.