.NET Security Blog

Before Whidbey shipped, using assembly level declarative security was always a bit of a pain. Previous versions of the CLR required you to provide security attributes in the form of XML, which meant that you would have to figure out the exact XML represented...

Assembly level declarative security comes in three forms, RequestMinimum, RequestOptional, and RequestRefuse. The three can be briefly defined as: RequestMinimum -- the set of permissions that are absolutely required for this assembly to run RequestOptional...

In Assert Myth #7 , I mention three ways for a demand for a permission to fail even though that permission was asserted. The first three are: Myth #3: You don't need the permissions that you're asserting in order to effectively assert them Myth #4: Assert...

So far we've seen What Assert Actually Does , and What Assert Is Good For , now its time to examine some popular misconceptions about the Assert stack modifier. Myth #1: Assert changes an assembly's permission grant Assert is a stack walk modifier. It...

Now that we know what Assert does , lets figure out what it's good for. The two most common uses of Assert are: Perform high-privilege operations on behalf of untrusted code Convert one permission demand to another Yesterday's example demonstrating what...

There are several common misconceptions about the Assert stack modifier, not the least of which are: Assert changes an assembly's permission grant Assert is just a perf optimization You don't need the permissions that you're Asserting in order to effectively...

A while back I wrote about delay signing an assembly, and using SN -Vr to register that assembly to have its signature verification skipped. However, some people have noticed that SN -Vr doesn't work if you fully sign an assembly and then tamper with...

Prior to Whidbey, interop with Win32 handles was done by passing IntPtrs back and forth through P/Invoke. This had several drawbacks including: Lack of type safety. Nothing is preventing me from taking an IntPtr containing a HWND and passing it to a method...

An interesting question came up in the newsgroups today. If you serialize a permissions set (either by calling ToXml().ToString() directly on the permission, or by converting to an XML Element ), you'll get permissions that look like this: <IPermission...

One of the things on my blog todo list was to write an entry showing how C# iterators work under the hood. Well, Matt Pietrek beat me too it. You can find an exploration of the state machine that the C# compiler generates for you when you create an iterator...