.NET Security Blog

Since network shares by default only get LocalIntranet permissions, it's relatively common to want to use CasPol to fully trust some shares that you control and know are safe. However, CasPol syntax being what it is, the command to do this isn't immediately...

Last week, when I posted about failing to run in partial trust gracefully , the method I showed only worked if your main assembly could be loaded. However, if it has a minimum permission request that cannot be satisfied, your main method won't ever be...

1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.Text; 5 using MS.StrongName; 6 7 namespace MS.StrongName.ManagedSN 8 { 9 /// < summary > 10 /// Handler for each of the commands that the managed strong name...

When you write an application that requires a high level of trust to run properly, when a user tries to run that application from a location that gives it lower levels of trust, they're greeted with a rather unfriendly unhandled SecurityException. This...

I've gotten quite a few questions from this blog over the past several months. And although I can't answer all of them, here's some quick answers to some of the more common ones. If you do have more questions, its usually best to post them in the comments...

This issue (and its cousin: Why Do I Still Get an Exception Accessing the Registry with Full RegistryPermission?) come up fairly frequently on the newsgroups. The reasoning is actually very simple. The exception being thrown in these cases arises from...

Yesterday we developed a simple Shim application in order to fail gracefully when our application's entry assembly doesn't have enough permission to meet its minimum grant set, and therefore won't be loaded. However, there were quite a few problems with...

1 using System; 2 using System.Collections.Generic; 3 using System.Diagnostics; 4 using System.Globalization; 5 using System.IO; 6 using System.Reflection; 7 using System.Text; 8 9 namespace MS.StrongName.ManagedSN 10 { 11 /// < summary > 12 //...

I've completed refactoring the Managed StrongName project , and I've uploaded the new sources. The changes I made were all pretty much what I laid out in the previous post. We now have two modules built, msn.exe which is a thin wrapper around MS.StrongName...

Yesterday , I showed an alternate to the shim method of gracefully failing from an assembly using an AppDomainManager . However, as David pointed out this method isn't particularly useful if you're going to be using it to detect failure to load your main...

The last two days we worked on a shim application that allowed us to handle gracefully the condition where a program's main assembly will not load due to declarative security issues . While we were definitely able to improve on the shim yesterday, there...

1 using System; 2 using System.Runtime.InteropServices; 3 4 namespace MS.StrongName.Native 5 { 6 /// < summary > 7 /// P/Invoke declarations for strong name APIs 8 /// </ summary > 9 internal static class NativeMethods 10 { 11 /// < summary...

I'm going to be on vacation until the end of December, so this blog will be going dark for about a week and a half. It'll be nice to get away for a while, especially since I haven't taken a vacation since last December ... I'm definitely looking forward...

1 # Error messages 2 BadFile=Invalid file specified: {0} 3 BadKeyContainer=Invakid key container specified: {0} 4 BadKeySize=Invalid key size specified: {0} 5 BadOperation=Error completing operation: {0} 6 CompareToNonCommand=Object must be of type Command...

1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.Runtime.InteropServices; 5 using System.Security; 6 using Microsoft.Win32; 7 using MS.StrongName.Native; 8 9 namespace MS.StrongName 10 { 11 /// < summary >...

1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.IO; 5 using System.Security; 6 7 namespace MS.StrongName 8 { 9 /// < summary > 10 /// KeyFile I/O methods 11 /// </ summary > 12 public static class KeyFile...

1 using System; 2 3 namespace MS.StrongName 4 { 5 /// < summary > 6 /// Key stores available for use 7 /// </ summary > 8 public enum KeyStore 9 { 10 /// < summary > 11 /// Machine wide key store 12 /// </ summary > 13 Machine...

1 using System; 2 3 namespace MS.StrongName 4 { 5 /// < summary > 6 /// Constants for the configuraiton registry keys 7 /// </ summary > 8 internal static class Registry 9 { 10 /// < summary > 11 /// Name of the registry key under HKLM...

1 using System; 2 using System.Diagnostics; 3 4 namespace MS.StrongName.ManagedSN 5 { 6 /// < summary > 7 /// Handler for a specific command line option 8 /// </ summary > 9 /// < param name = "arguments" > List of all the...

1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.IO; 5 using MS.StrongName.Native; 6 7 namespace MS.StrongName 8 { 9 /// < summary > 10 /// Class that exposes the managed StrongName API for dealing with signatures...

1 using System; 2 using System.Diagnostics; 3 using System.IO; 4 using System.Security; 5 using System.Runtime.InteropServices; 6 using MS.StrongName.Native; 7 8 namespace MS.StrongName 9 { 10 /// < summary > 11 /// General-purpose utility methods...

1 BadFile=Invalid file specified: {0} 2 BadOperation=Error completing operation: {0} 3 CouldNotOpenMachineStoreKey=Could not open the strong name configuration key 4 InternalError=Internal error processing request 5 InvalidAssemblyName=Invalid assembly...

1 using System; 2 3 namespace MS.StrongName.ManagedSN 4 { 5 /// < summary > 6 /// Handles all I/O with the user 7 /// </ summary > 8 internal sealed class Log 9 { 10 private static bool quietMode = false ; 11 12 /// < summary > 13 /...

1 using System; 2 3 namespace MS.StrongName.Native 4 { 5 /// < summary > 6 /// Flags for use with strong name key gneeration methods 7 /// </ summary > 8 [Flags] 9 internal enum StrongNameKeyGenFlags : int 10 { 11 /// < summary > 12...

1 using System; 2 3 namespace MS.StrongName.Native 4 { 5 /// < summary > 6 /// Input flags for use with the strong name verification functions 7 /// </ summary > 8 [Flags] 9 internal enum StrongNameInFlags : int 10 { 11 /// < summary >...