.NET Security Blog

Here's a little quirk that can definitely cause a lot of confusion. When I run the following code snippet, what do you suppose the output will be: RSA rsa = new RSACryptoServiceProvider ( ) ; Console . WriteLine ( rsa . KeySize ) ; rsa . KeySize = 4096;...

Determining if two PermissionSet objects are logically the same is a relatively common thing for an application that deals with security to attempt to do, however the v1.0 and v1.1 PermissionSet classes did not override the Equals method to allow this...

Every once in a while, while debugging multi-threaded applications that do impersonation, it becomes useful to figure out the context that the current thread is running under. This is especially useful when debugging server scenarios where connections...

In preparing for Whidbey, we'd like to collect some information about how you use the MigPol tool. Specifically, the CLR Security team is interested in: How do you use MigPol? How often do you use it? Common usage scenarios Did you even know MigPol existed...

If you ever need to P/Invoke to an API that returns extended error information via the GetLastError function, then you've also probably been through the pain of converting the error code into a usable error message via the FormatMessage API ... not exactly...

Modifying the CLR's security policy can be done in your code by interacting with the SecurityManager object. Specifically, you can access the PolicyHierarchy method which will expose an enumerator over the policy levels, and the SavePolicy method, which...

Chris Lyon , the CLR's GC tester, has just started up a new MSDN blog. Working on the GC, Chris has a lot of knowledge about how the CLR works internally, and he'll be able to shed some light on one of the most misunderstood components of the runtime...

A lot of the time, someone has written an application that won't run under the CLR's default security settings and needs to provide a mechanism for their users to modify the policy easily in order to allow their application to run. For Whidbey, ClickOnce...

Here are a few quick security links to check out over the barbecue this Labor Day Weekend. Nothing says party like a good discussion about impersonation leaks in managed code and how SIDs work, that's what I always say :-) Eric Lippert grabbed another...

Today we pushed .NET 1.0 SP3 and .NET 1.1 SP1 onto Windows Update as a Critical Update. You can also download the service packs from the MSDN download center. Here's a brief review of what's new for security in each service pack: .NET 1.0 SP3 (v1.0.3705...