Disclaimer The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.
Implement access control by using the System.Security.AccessControl classes.
This is a completely new namespace. The .NET framework now has direct support for reading and maintaining ACLs (Access Control Lists, or NT Permissions). This was difficult to do previously because you had to use unmanaged calls to the Win32 subsystem.
You should probably have some rudimentary understanding of how the access control works. Wenfeng Yao has a nice post explaining the different terms.
Rich Strahl has a good simple example of how these classes work. Like he says, it's not to hard once you see how it's done. There's also an informative MSDN article (based on the beta) about the Access Control objects.
DirectorySecurity class - This embodies the access and audit information for a specific directory. Create an instance by passing in the path in the constructor.
FileSecurity class - Same thing, but for a specific file.
RegistrySecurity class - Same thing for a registry key.
FileSystemSecurity class - base class for both DirectorySecurity and FileSecurity.
AccessRule class - To borrow a database metaphor, this is the many to many table for security. It combines an Identity and an AccessControlType to represent a specific permission.
AuthorizationRule class - base class of AccessRule and AuditRule.
AuthorizationRuleCollection class - collection of AuthorizationRule instances. Typical collection, no new methods.
CommonAce class - Represents an Access Control Entry(ACE). These objects allow you to deal directly with ACE/ACLs, whereas the Security/Rule classes provide some abtraction and validation. "The CommonAce class represents the eight most common ACE types". But I can't find what the eight most common ACE types are. I looked at the class in reflector, I think they're talking about AccessAllowed, AccessDenied, SystemAudit, SystemAlarm, AccessAllowedCallback, AccessDeniedCallback, SystemAuditCallback, SystemAlarmCallback... But I'm not sure. There are a lot of opportunities for improvement in the documentation for these classes.
CommonAcl class - Represents an Access Control List(ACL). Meaning either SACL or DACL.
CompoundAce class - Represents a Compound ACE. As the only member of the CompoundAceType enum is Impersonation, I'm guessing that a compound ace has something to do with Impersonation. Looking further using reflector, it appears a CompoundAce object is created in the GenericAce.CreateFromBinaryForm when the AceType = AccessAllowedCompound. According to MSDN : "Defined but never used. Included here for completeness. "...
GeneralAce class - Represents a generic ACE. Base class for all ACE classes.
GeneralAcl class - Represents a generic ACL. Base class for all 4 ACL classes.
AuditRule class - This similiar to an AccessRule, but represents Audit information.
MutexSecurity class - Similiar to FileSecurity, but for Named Mutexes. For those of you unfamiliar with Named Mutexes (I was), look at King Ralph's blog entry.
ObjectSecurity class - Base class for all the xxxSecurity objects.
SemaphoreSecurity class - Similiar to MutexSecurity, but for Named Semaphores.
Next post - Authentication
