One of the more common things a lot of people want to do with their X509Certificate2 is figure out what key container its keys are stored in. You can access this information relatively trivially via the PublicKey property of the X509Certificate2 object...

Although the theory is that by the time we deploy a finished application it's already fully debugged we all know that in practice things rarely go that smoothly. So what happens if you deploy a partial trust ClickOnce application that starts to crash...

As Jason announces , v2.0 of the SSCLI is now available for download: http://msdn.microsoft.com/net/sscli . In addition to general CLR features like generics that are available in this download, some interesting security points to look at are: ...

The v2.0 SecurityException is chock full of debugging goodness -- for trusted code that is. In some cases you might not see all the extended error information. The reason is that before writing extra security information into the output of ToString()...

Over the last week or so I've seen a few questions pop up multiple times. In no particular order: Q: Is calling a virtual method with a non-virtual call verifiable? A: It depends :-) In v1.x of the CLR this was verifiable. We made a change in v2...

A while back, I wrote about a potential security hole when malicious code can set up an exception filter before calling your code which does impersonation . In the final release of v2.0, we've added a feature to help mitigate this problem. The CLR...