.NET Security Blog

v2.0 of the .NET Framework deprecated the use of the AssemblyKeyFileAttribute and AssemblyKeyContainerAttribute . Often times, these attributes were used to share a common key file across several projects. If you try to share key files using the Visual...

When it comes time to host some partially trusted code in your application, perhaps as a part of an Add-In model, you’ve got a few options to choose from. How do you decide which is the best way to go? Thankfully the answer to this one is relatively...

The UAC feature of Vista is one of my favorite new features -- it really makes running as a non-admin much less painful than it has been in the past. One of the requirements that UAC puts on developers is that we must mark our applications with manifests...

Earlier I mentioned tweaking project files -- something that a lot of people do just by opening the project file up in Notepad and tweaking it. Although it's a bit hard to discover, you can actually do this right within Visual Studio 2005, saving you...

When an assembly is test signed , the public key used to verify its signature is different from the public key that makes up part of the assembly identity. So what happens when you take an assembly which is registered as a test signed assembly on your...

The FxCop team has just announced the availability of RC 1 of FxCop 1.35 . Notable in this release is the introduction of the first three rules around security transparency . Namely, you'll see: SecurityTransparentAssembliesShouldNotContainSecurityCriticalCode...

My Ship-It sticker for Whidbey shows that we officially shipped on October 27th -- hard to believe it's been 6 months already! In celebration of the anniversary, I'm going to remove the Whidbey category from this blog, and future posts will assume...