Conceptual Questions What is .NET? Simply put, Microsoft .NET is Microsoft's strategy for eli!ering soft"are as a ser!ice.

#or complete information, rea this "hitepaper on the topic. $n e%cerpt from that paper &riefly escri&es the 'ey points of .NET(

). Microsoft .NET platform *nclu es .NET infrastructure an tools to &uil an operate a ne" generation of ser!ices, .NET user e%perience to ena&le rich clients, .NET &uil ing &loc' ser!ices an .NET e!ice soft"are to ena&le a ne" generation of smart *nternet e!ices. +. Microsoft .NET pro ucts an ser!ices *nclu es Microsoft Win o"s.NET ,"ith a core integrate set of &uil ing &loc' ser!ices-, MSN.NET, personal su&scription ser!ices, Microsoft .ffice.NET, Microsoft /isual Stu io.NET, an Microsoft &Central0 for .NET. 1. Thir 2party .NET ser!ices $ !ast range of partners an e!elopers "ill ha!e the opportunity to pro uce corporate an !ertical ser!ices &uilt on the .NET platform.
This #$Q targets the .NET #rame"or', "hich is a piece of the .NET platform's infrastructure. See the ne%t 3uestion to learn more a&out the .NET #rame"or'. 4ac' to Top What is the .NET #rame"or'? The .NET #rame"or' is an en!ironment for &uil ing, eploying, an running We& Ser!ices an other applications. *t consists of three main parts( the Common 5anguage 6untime, the #rame"or' classes, an $S7.NET. 4ac' to Top 8oes the .NET #rame"or' only apply to people &uil ing We& sites? The .NET #rame"or' ena&les you to create great We& applications. 9o"e!er, it can also help you &uil the same applications you &uil to ay. *f you "rite any Win o"s soft"are ,using $T5:C.M, M#C, Microsoft /isual 4asic, or e!en stan ar Microsoft Win1+-, .NET offers many a !antages to the "ay you currently &uil applications. .f course, if you o e!elop We& sites, then the .NET #rame"or' has a lot to interest you;starting "ith $S7.NET. 4ac' to Top Where can * get the .NET #rame"or' S8<?

The 4eta ) of the .NET #rame"or' S8< is no" a!aila&le for pu&lic o"nloa at MS8N .nline 8o"nloa s. 4ecause of its si=e, "e offer this &eta as a single o"nloa ,)>? M4-, an ))2part o"nloa , or you can or er the C8 from Microsoft 8e!eloper Store(

). @nite States:Cana a +. *nternational

4ac' to Top .n "hat platforms "ill the .NET #rame"or' run? The 4eta ) !ersion "ill run on Microsoft Win o"s +>>>, Win o"s AB:AC:ME, an Win o"s NT D.>. There is also a !ersion of the .NET #rame"or' calle the .NET Compact #rame"or'. *t is esigne to &ring some of the capa&ilities of the .NET #rame"or' to e!ices such as cell phones an enhance tele!isions. The .NET Compact #rame"or' "ill run on Win o"s CE an other em&e e operating systems. 4ac' to Top What programming languages "ill the .NET #rame"or' support? The .NET #rame"or' is language neutralE !irtually any language can target the .NET #rame"or'. Currently, you can &uil .NET programs in a num&er of languages, inclu ing CFF, Microsoft /isual 4asic.NET, GScript, an Microsoft's ne"est language;CH. $ large num&er of thir 2party languages "ill also &e a!aila&le for &uil ing .NET #rame"or' applications. These languages inclu e C.4.5, Eiffel, 7erl, 7ython, Smalltal', an others. 4ac' to Top What is the relationship &et"een the .NET #rame"or' an C.MF Ser!ices? The .NET #rame"or' gi!es you full access to C.MF ser!ices, "hile also ma'ing it easier to &uil ser!ice components. .NET #rame"or' components can &e a e to a C.MF application. There they can ta'e a !antage of automatic component ser!ices such as transactions, o&Iect pooling, 3ueue components, e!ents, an so on. 4ac' to Top What is the relationship &et"een the .NET #rame"or' an 8C.M? 8C.M is the C.M infrastructure for cross2process communication. The .NET #rame"or' supports a num&er of plugga&le channels an formatters for cross2process communication. When ma'ing transitions &et"een manage an unmanage co e, the .NET #rame"or' uses the C.M infrastructure, specifically, 8C.M. $ll scenarios using C.MF ser!ices use manage 2to2unmanage transitions, an thus use 8C.M &y efault. The .NET #rame"or' also supports S.$7, the Simple .&Iect $ccess 7rotocol, for cross2process communication "here interopera&ility is critical. 4ac' to Top *s the .NET #rame"or' Iust a ne" name for Win o"s 8N$?

No. Win o"s 8N$ is an architecture for &uil ing tightly2couple , istri&ute We& applications. $s the nee s of istri&ute applications change to re3uire more loosely2couple principles, Microsoft e!ol!e the architecture to .NET. The .NET #rame"or' is a part of the .NET architecture. 4ac' to Top 6untime Technical Questions Terminology What is the Common 5anguage 6untime ,C56-? The Common 5anguage 6untime is the e%ecution engine for .NET #rame"or' applications. *t pro!i es a num&er of ser!ices, inclu ing the follo"ing(

). Co e management ,loa ing an e%ecution+. $pplication memory isolation 1. /erification of type safety D. Con!ersion of *5 to nati!e co e B. $ccess to meta ata ,enhance type information?. Managing memory for manage o&Iects J. Enforcement of co e access security C. E%ception han ling, inclu ing cross2language e%ceptions A. *nteroperation &et"een manage co e, C.M o&Iects, an pre2 e%isting 855s ,unmanage co e an ata)>. $utomation of o&Iect layout

)). Support for e!eloper ser!ices ,profiling, e&ugging, an so on4ac' to Top What is the common type system ,CTS-? The common type system is a rich type system, &uilt into the Common 5anguage 6untime, that supports the types an operations foun in most programming languages. The common type system supports the complete implementation of a "i e range of programming languages. 4ac' to Top

What is the Common 5anguage Specification ,C5S-? The Common 5anguage Specification is a set of constructs an constraints that ser!es as a gui e for li&rary "riters an compiler "riters. *t allo"s li&raries to &e fully usa&le from any language supporting the C5S, an for those languages to integrate "ith each other. The Common 5anguage Specification is a su&set of the common type system. The Common 5anguage Specification is also important to application e!elopers "ho are "riting co e that "ill &e use &y other e!elopers. When e!elopers esign pu&licly accessi&le $7*s follo"ing the rules of the C5S, those $7*s are easily use from all other programming languages that target the Common 5anguage 6untime. 4ac' to Top What is the Microsoft *nterme iate 5anguage ,MS*5-? MS*5 is the C7@2in epen ent instruction set into "hich .NET #rame"or' programs are compile . *t contains instructions for loa ing, storing, initiali=ing, an calling metho s on o&Iects. Com&ine "ith meta ata an the common type system, MS*5 allo"s for true cross2language integration. 7rior to e%ecution, MS*5 is con!erte to machine co e. *t is not interprete . 4ac' to Top What is manage co e an manage ata?

Manage co e is co e that is "ritten to target the ser!ices of the Common 5anguage 6untime ,see What is the Common 5anguage 6untime?-. *n or er to target these ser!ices, the co e must pro!i e a minimum le!el of information ,meta ata- to the runtime. $ll CH, /isual 4asic.NET, an GScript.NET co e is manage &y efault. /isual Stu io.NET CFF co e is not manage &y efault, &ut the compiler can pro uce manage co e &y specifying a comman 2line s"itch ,:C56-. Closely relate to manage co e is manage ata; ata that is allocate an e2allocate &y the Common 5anguage 6untime's gar&age collector. CH, /isual 4asic, an GScript.NET ata is manage &y efault. CH ata can, ho"e!er, &e mar'e as unmanage through the use of special 'ey"or s. /isual Stu io.NET CFF ata is unmanage &y efault ,e!en "hen using the :C56 s"itch-, &ut "hen using Manage E%tensions for CFF, a class can &e mar'e as manage &y using the KKgc 'ey"or . $s the name suggests, this means that the memory for instances of the class is manage &y the gar&age collector. *n a ition, the class &ecomes a full participating mem&er of the .NET #rame"or' community, "ith the &enefits an restrictions that &rings. $n e%ample of a &enefit is proper interopera&ility "ith classes "ritten in other languages ,for e%ample, a manage CFF class can inherit from a /isual 4asic class-. $n e%ample of a restriction is that a manage class can only inherit from one &ase class. 4ac' to Top $ssem&lies What is an assem&ly? $n assem&ly is the primary &uil ing &loc' of a .NET #rame"or' application. *t is a collection of functionality that is &uilt, !ersione , an eploye as a single implementation unit ,as one or more files-. $ll manage types an resources are mar'e either as accessi&le only "ithin their implementation unit, or as accessi&le &y co e outsi e that unit. $ssem&lies are self2 escri&ing &y means of their manifest, "hich is an integral part of e!ery assem&ly. The manifest(

). Esta&lishes the assem&ly i entity ,in the form of a te%t name-, !ersion, culture, an igital signature ,if the assem&ly is to &e share across applications-. +. 8efines "hat files ,&y name an file hash- ma'e up the assem&ly implementation. 1. Specifies the types an resources that ma'e up the assem&ly, inclu ing "hich are e%porte from the assem&ly. D. *temi=es the compile2time epen encies on other assem&lies. B. Specifies the set of permissions re3uire for the assem&ly to run properly.
This information is use at run time to resol!e references, enforce !ersion &in ing policy, an !ali ate the integrity of loa e assem&lies. The runtime can etermine an locate the assem&ly for any running o&Iect, since e!ery type is loa e in the conte%t of an assem&ly. $ssem&lies are also the unit at "hich co e access security permissions are applie . The i entity e!i ence for each assem&ly is consi ere separately "hen etermining "hat permissions to grant the co e it contains. The self2 escri&ing nature of assem&lies also helps ma'es =ero2impact install an LC.7M eployment feasi&le. 4ac' to Top What are pri!ate assem&lies an share assem&lies? $ pri!ate assem&ly is use only &y a single application, an is store in that application's install irectory ,or a su& irectory therein-. $ share assem&ly is one that can &e reference &y more than one application. *n or er to share an assem&ly, the assem&ly must &e e%plicitly &uilt for this purpose &y gi!ing it a cryptographically strong name ,referre to as a share name-. 4y contrast, a pri!ate assem&ly name nee only &e uni3ue "ithin the application that uses it. 4y ma'ing a istinction &et"een pri!ate an share assem&lies, "e intro uce the notion of sharing as an e%plicit ecision. Simply &y eploying pri!ate assem&lies to an application irectory, you can guarantee that that application "ill run only "ith the &its it "as &uilt an eploye "ith. 6eferences to pri!ate assem&lies "ill only &e resol!e locally to the pri!ate application irectory. There are se!eral reasons you may elect to &uil an use share assem&lies, such as the a&ility to e%press !ersion policy. The fact that share assem&lies ha!e a cryptographically strong name means that only the author of the assem&ly has the 'ey to pro uce a ne" !ersion of that assem&ly. Thus, if you ma'e a policy statement that says you "ant to accept a ne" !ersion of an assem&ly, you can ha!e some confi ence that !ersion up ates "ill &e controlle an !erifie &y the author. .ther"ise, you onNt ha!e to accept them. #or locally installe applications, a share assem&ly is typically e%plicitly installe into the glo&al assem&ly cache ,a local cache of assem&lies maintaine &y the .NET #rame"or'-. <ey to the !ersion management features of the .NET #rame"or' is that o"nloa e co e oes not affect the e%ecution of locally installe applications. 8o"nloa e co e is put in a special o"nloa cache an is not glo&ally a!aila&le on the machine e!en if some of the o"nloa e components are &uilt as share assem&lies. The classes that ship "ith the .NET #rame"or' are all &uilt as share assem&lies.

4ac' to Top *f * "ant to &uil a share assem&ly, oes that re3uire the o!erhea of signing an managing 'ey pairs? 4uil ing a share assem&ly oes in!ol!e "or'ing "ith cryptographic 'eys. .nly the pu&lic 'ey is strictly nee e "hen the assem&ly is &eing &uilt. Compilers targeting the .NET #rame"or' pro!i e comman line options ,or use custom attri&utes- for supplying the pu&lic 'ey "hen &uil ing the assem&ly. *t is common to 'eep a copy of a common pu&lic 'ey in a source ata&ase an point &uil scripts to this 'ey. 4efore the assem&ly is shippe , the assem&ly must &e fully signe "ith the correspon ing pri!ate 'ey. This is one using an S8< tool calle SN.e%e ,Strong Name-. Strong name signing oes not in!ol!e certificates li'e $uthentico e oes. There are no thir party organi=ations in!ol!e , no fees to pay, an no certificate chains. *n a ition, the o!erhea for !erifying a strong name is much less than it is for $uthentico e. 9o"e!er, strong names o not ma'e any statements a&out trusting a particular pu&lisher. Strong names allo" you to ensure that the contents of a gi!en assem&ly ha!en't &een tampere "ith, an that the assem&ly loa e on your &ehalf at run time comes from the same pu&lisher as the one you e!elope against. 4ut it ma'es no statement a&out "hether you can trust the i entity of that pu&lisher. 4ac' to Top What is the ifference &et"een a namespace an an assem&ly name? $ namespace is a logical naming scheme for types in "hich a simple type name, such as MyType, is prece e "ith a ot2separate hierarchical name. Such a naming scheme is completely un er the control of the e!eloper. #or e%ample, types MyCompany.#ile$ccess.$ an MyCompany.#ile$ccess.4 might &e logically e%pecte to ha!e functionality relate to file access. The .NET #rame"or' uses a hierarchical naming scheme for grouping types into logical categories of relate functionality, such as the $S7.NET application frame"or', or remoting functionality. 8esign tools can ma'e use of namespaces to ma'e it easier for e!elopers to &ro"se an reference types in their co e. The concept of a namespace is not relate to that of an assem&ly. $ single assem&ly may contain types "hose hierarchical names ha!e ifferent namespace roots, an a logical namespace root may span multiple assem&lies. *n the .NET #rame"or', a namespace is a logical esign2time naming con!enience, "hereas an assem&ly esta&lishes the name scope for types at run time. 4ac' to Top $pplication 8eployment an *solation What options are a!aila&le to eploy my .NET applications? The .NET #rame"or' simplifies eployment &y ma'ing =ero2impact install an LC.7M eployment of applications feasi&le. 4ecause all re3uests are resol!e first to the pri!ate application irectory, simply copying an applicationNs irectory files to is' is all that is nee e to run the application. No registration is re3uire . This scenario is particularly compelling for We& applications, We& Ser!ices, an self2containe es'top applications. 9o"e!er, there are scenarios "here LC.7M is not sufficient as a istri&ution mechanism. $n e%ample is "hen the application has little pri!ate co e an relies on the a!aila&ility of share assem&lies, or "hen the application is not locally installe ,&ut rather o"nloa e on eman -. #or these cases, the .NET #rame"or' pro!i es e%tensi!e co e o"nloa ser!ices an integration "ith the Win o"s *nstaller. The co e o"nloa support pro!i e &y the .NET #rame"or' offers se!eral a !antages o!er current platforms, inclu ing incremental o"nloa , co e access security ,no more $uthentico e ialogs-, an application isolation ,co e o"nloa e on &ehalf of one application oesn't affect other applications-. The Win o"s *nstaller is another po"erful eployment mechanism a!aila&le to .NET applications. $ll of the features of Win o"s *nstaller,

inclu ing pu&lishing, a !ertisement, an application repair "ill &e a!aila&le to .NET applications in Win o"s *nstaller ).B. 4ac' to Top *'!e "ritten an assem&ly that * "ant to use in more than one application. Where o * eploy it? $ssem&lies that are to &e use &y multiple applications ,for e%ample, share assem&lies- are eploye to the glo&al assem&ly cache. *n the prerelease an 4eta &uil s, use the :i option to the $lin' S8< tool to install an assem&ly into the cache(

al /i:myDll.dll
$ future !ersion of the Win o"s *nstaller "ill &e a&le to install assem&lies into the glo&al assem&ly cache. 4ac' to Top 9o" can * see "hat assem&lies are installe in the glo&al assem&ly cache? The .NET #rame"or' ships "ith a Win o"s shell e%tension for !ie"ing the assem&ly cache. Na!igating to O "in irOPassem&ly "ith the Win o"s E%plorer acti!ates the !ie"er. 4ac' to Top What is an application omain? $n application omain ,often $pp8omain- is a !irtual process that ser!es to isolate an application. $ll o&Iects create "ithin the same application scope ,in other "or s, any"here along the se3uence of o&Iect acti!ations &eginning "ith the application entry point- are create "ithin the same application omain. Multiple application omains can e%ist in a single operating system process, ma'ing them a light"eight means of application isolation. $n .S process pro!i es isolation &y ha!ing a istinct memory a ress space. While this is effecti!e, it is also e%pensi!e, an oes not scale to the num&ers re3uire for large "e& ser!ers. The Common 5anguage 6untime, on the other han , enforces application isolation &y managing the memory use of co e running "ithin the application omain. This ensures that it oes not access memory outsi e the &oun aries of the omain. *t is important to note that only type2safe co e can &e manage in this "ay ,the runtime cannot guarantee isolation "hen unsafe co e is loa e in an application omain-. 4ac' to Top Qar&age Collection What is gar&age collection? Qar&age collection is a mechanism that allo"s the computer to etect "hen an o&Iect can no longer &e accesse . *t then automatically releases the memory use &y that o&Iect ,as "ell as calling a clean2up routine, calle a Rfinali=er,R "hich is "ritten &y the user-. Some gar&age collectors, li'e the one use &y .NET, compact memory an therefore ecrease your program's "or'ing set. 4ac' to Top 9o" oes non2 eterministic gar&age collection affect my co e?

#or most programmers, ha!ing a gar&age collector ,an using gar&age collecte o&Iects- means that you ne!er ha!e to "orry a&out eallocating memory, or reference counting o&Iects, e!en if you use sophisticate ata structures. *t oes re3uire some changes in co ing style, ho"e!er, if you typically eallocate system resources ,file han les, loc's, an so forth- in the same &loc' of co e that releases the memory for an o&Iect. With a gar&age collecte o&Iect you shoul pro!i e a metho that releases the system resources eterministically ,that is, un er your program controlan let the gar&age collector release the memory "hen it compacts the "or'ing set. 4ac' to Top Can * a!oi using the gar&age collecte heap? $ll languages that target the runtime allo" you to allocate class o&Iects from the gar&age2collecte heap. This &rings &enefits in terms of fast allocation, an a!oi s the nee for programmers to "or' out "hen they shoul e%plicitly 'free' each o&Iect. The C56 also pro!i es "hat are calle /alueTypes 22 these are li'e classes, e%cept that /alueType o&Iects are allocate on the runtime stac' ,rather than the heap-, an therefore reclaime automatically "hen your co e e%its the proce ure in "hich they are efine . This is ho" RstructsR in CH operate. Manage E%tensions to CFF lets you choose "here class o&Iects are allocate . *f eclare as manage Classes, "ith the KKgc 'ey"or , then they are allocate from the gar&age2collecte heap. *f they on't inclu e the KKgc 'ey"or , they &eha!e li'e regular CFF o&Iects, allocate from the CFF heap, an free e%plicitly "ith the RfreeR metho . #or a itional information a&out Qar&age Collection see(

). Qar&age Collection( $utomatic Memory Management in the Microsoft .NET #rame"or' +. Qar&age Collection;7art +( $utomatic Memory Management in the Microsoft .NET #rame"or'
4ac' to Top 6emoting 9o" o in2process an cross2process communication "or' in the Common 5anguage 6untime? There are t"o aspects to in2process communication( &et"een conte%ts "ithin a single application omain, or across application omains. 4et"een conte%ts in the same application omain, pro%ies are use as an interception mechanism. No marshaling:seriali=ation is in!ol!e . When crossing application omains, "e o marshaling:seriali=ation using the runtime &inary protocol. Cross2process communication uses a plugga&le channel an formatter protocol, each suite to a specific purpose.

). *f the e!eloper specifies an en point using the tool soapsu s.e%e to generate a meta ata pro%y, 9TT7 channel "ith S.$7 formatter is the efault.

+. *f a e!eloper is oing e%plicit remoting in the manage "orl , it is necessary to &e e%plicit a&out "hat channel an formatter to use. This may &e e%presse a ministrati!ely, through configuration files, or "ith $7* calls to loa specific channels. .ptions are(
9TT7 channel ": S.$7 formatter ,9TT7 "or's "ell on the *nternet, or anytime traffic must tra!el through fire"allsTC7 channel ": &inary formatter ,TC7 is a higher performance option for local2area net"or's ,5$Ns-SMT7 channel ": S.$7 formatter ,only ma'es sense cross2machineWhen ma'ing transitions &et"een manage an unmanage co e, the C.M infrastructure ,specifically, 8C.M- is use for remoting. *n interim releases of the C56, this applies also to ser!ice components ,components that use C.MF ser!ices-. @pon final release, it shoul &e possi&le to configure any remota&le component. 8istri&ute gar&age collection of o&Iects is manage &y a system calle Rlease &ase lifetime.R Each o&Iect has a lease time, an "hen that time e%pires, the o&Iect is isconnecte from the remoting infrastructure of the C56. .&Iects ha!e a efault rene" time;the lease is rene"e "hen a successful call is ma e from the client to the o&Iect. The client can also e%plicitly rene" the lease. 4ac' to Top *nteropera&ility Can * use C.M o&Iects from a .NET #rame"or' program? Mes. $ny C.M component you ha!e eploye to ay can &e use from manage co e, an in common cases the a aptation is totally automatic. Specifically, C.M components are accesse from the .NET #rame"or' &y use of a runtime calla&le "rapper ,6CW-. This "rapper turns the C.M interfaces e%pose &y the C.M component into .NET #rame"or'2compati&le interfaces. #or .5E automation interfaces, the 6CW can &e generate automatically from a type li&rary. #or non2.5E automation interfaces, a e!eloper may "rite a custom 6CW an manually map the types e%pose &y the C.M interface to .NET #rame"or'2 compati&le types. 4ac' to Top Can .NET #rame"or' components &e use from a C.M program? Mes. Manage types you &uil to ay can &e ma e accessi&le from C.M, an in the common case the configuration is totally automatic. There are certain ne" features of the manage e!elopment en!ironment that are not accessi&le from C.M. #or e%ample, static metho s an parameteri=e constructors cannot &e use from C.M. *n general, it is a goo i ea to eci e in a !ance "ho the inten e user of a gi!en type "ill &e. *f the type is to &e use from C.M, you may &e restricte to using those features that are C.M accessi&le. 8epen ing on the language use to "rite the manage type, it may or may not &e !isi&le &y efault. Specifically, .NET #rame"or' components are accesse from C.M &y using a C.M calla&le "rapper ,CCW-. This is similar to an 6CW ,see pre!ious 3uestion-, &ut "or's in the opposite irection.

$gain, if the .NET #rame"or' e!elopment tools cannot automatically generate the "rapper, or if the automatic &eha!ior is not "hat you "ant, a custom CCW can &e e!elope . 4ac' to Top Can * use the Win1+ $7* from a .NET #rame"or' program? Mes. @sing 7:*n!o'e, .NET #rame"or' programs can access nati!e co e li&raries &y means of static 855 entry points. 9ere is an e%ample of CH calling the Win1+ Message4o% function(

using System; using System.Runtime.InteropServices;

class MainApp { [DllImport( user!".dll # $ntry%oint& Message'o( )* pu+lic static e(tern int Message'o((int ,-nd# String strMessage# String str.aption# uint ui/ype);

pu+lic static void Main() { Message'o(( 0# .4$/ # 0 ); 5 5

4ac' to Top Security What o * ha!e to o to ma'e my co e "or' "ith the security system? @sually, not a thing;most applications "ill run safely an "ill not &e e%ploita&le &y malicious attac's. 4y simply using the stan ar class li&raries to access resources ,li'e files- or perform protecte operations ,such as a reflection on pri!ate mem&ers of a type-, security "ill &e enforce &y these li&raries. The one simple thing application e!elopers may "ant to o is inclu e a permission re3uest ,a form of eclarati!e security- to limit the permissions their co e may recei!e

1ello# t,is is %Invo2e in operation3 #

,to only those it re3uires-. This also ensures that if the co e is allo"e to run, it "ill o so "ith all the permissions it nee s. .nly e!elopers "riting ne" &ase class li&raries that e%pose ne" 'in s of resources nee to "or' irectly "ith the security system. *nstea of all co e &eing a potential security ris', co e access security constrains this to a !ery small &it of co e that e%plicitly o!erri es the security system. 4ac' to Top Why oes my co e get a security e%ception "hen * run it from a net"or' share ri!e?

8efault security policy gi!es only a restricte set of permissions to co e that comes from the local intranet =one. This =one is efine &y the *nternet E%plorer security settings, an shoul &e configure to match the local net"or' "ithin an enterprise. Since files name &y @NC or &y a mappe ri!e ,such as "ith the NET @SE comman - are &eing sent o!er this local net"or', they too are in the local intranet =one. The efault is set for the "orst case of an unsecure intranet. *f your intranet is more secure you can mo ify security policy ,"ith the C$S7ol tool- to grant more permissions to the local intranet, or to portions of it ,such as specific machine share names-. 4ac' to Top 9o" o * ma'e it so that co e runs "hen the security system is stopping it? Security e%ceptions occur "hen co e attempts to perform actions for "hich it has not &een grante permission. 7ermissions are grante &ase on "hat is 'no"n a&out co eE especially its location. #or e%ample, co e run from the *nternet is gi!en fe"er permissions than that run from the local machine &ecause e%perience has pro!en that it is generally less relia&le. So, to allo" co e to run that is failing ue to security e%ceptions, you must increase the permissions grante to it. .ne simple "ay to o so is to mo!e the co e to a more truste location ,such as the local file system-. 4ut this "on't "or' in all cases ,"e& applications are a goo e%ample, an intranet applications on a corporate net"or' are another-. So, instea of changing the co e's location, you can also change security policy to grant more permissions to that location. This is one using either the co e access security policy utility ,caspol.e%e- or the graphical a ministration tool ,a!aila&le in 4eta + an &eyon -. *f you are the co e's e!eloper or pu&lisher, you may also igitally sign it an then mo ify security policy to grant more permissions to co e &earing that signature. When ta'ing any of these actions, ho"e!er, remem&er that co e is gi!en fe"er permissions &ecause it is not from an i entifia&ly trust"orthy source;&efore you mo!e co e to your local machine or change security policy, you shoul &e sure that you trust the co e to not perform malicious or amaging actions. 4ac' to Top 9o" o * a minister security for my machine? #or an enterprise? Currently, the C$S7ol comman line tool is the only "ay to a minister security. Security policy consists of t"o le!els( machine, an &y2user. There are plans to pro!i e a full2feature a ministration tool, as "ell as support for enterprise policy a ministration, as part of the first !ersion of the .NET #rame"or'. 4ac' to Top 9o" oes e!i ence2&ase security "or' "ith Win o"s +>>> security? E!i ence2&ase security ,"hich authori=es co e- "or's together "ith Win o"s +>>> security ,"hich is &ase on log on i entity-. #or e%ample, to access a file, manage co e must ha!e &oth the co e access security file permission an must also &e running un er a log on i entity that has NT#S file

access rights. The manage li&raries that are inclu e "ith the .NET #rame"or' also pro!i e classes for role2&ase security. These allo" the application to "or' "ith Win o"s log on i entities an user groups.