Browse by Tags

Tagged Content List
  • Blog Post: CLR v4 Security Policy Roundup

    Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in the v4 release of the .NET Framework. Here’s a quick index of those topics: Overview Security Policy in the v4 CLR Sandboxing in .NET 4.0 Updating code to work with the new model ...
  • Blog Post: FullTrust on the LocalIntranet

    We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone. The quick summary is that as of .NET 3.5 SP1, applications run from a network share will receive a grant set of FullTrust by default, making...
  • Blog Post: Avoiding Assembly Level Declarative Security

    I've written in the past about the three assembly level declarative security actions : RequestMinimum, RequestOptional, and RequestRefuse. Although the CLR has supported these since v1.0, I tend to stay away from using them as much as I possibly can, and also recommend that others avoid them as well...
  • Blog Post: Specifying Permissions for IE Controls in Orcas

    One of my most read blog posts (and one of the reasons I created this blog in the first place -- to answer what was one of the most asked questions on the old .NET Security newsgroup), is my post about granting managed controls hosted in IE extra permissions . If you need to have a managed control run...
  • Blog Post: ClickOnce Same Site Permissions

    ClickOnce applications can request that they be granted permission to contact their site of origin. In Visual Studio this is done by clicking on the Advanced button in the Security tab of the project properties and checking "Grant the application access to its site of origin." This has the effect...
  • Blog Post: Sandboxed Applications Can’t Elevate Their Own Permissions

    Every once in a while someone will ask how they can do something similar to these caspol commands from within their application. Generally, they want their application to be deployed from the Internet or a file share and don’t want users to have to deal with setting up CAS policy properly to get the...
  • Blog Post: 5 Reasons to Choose Simple Sandboxing

    When it comes time to host some partially trusted code in your application, perhaps as a part of an Add-In model, you’ve got a few options to choose from. How do you decide which is the best way to go? Thankfully the answer to this one is relatively straightforward – choose the new simple sandboxing...
  • Blog Post: Debugging a Partial Trust ClickOnce Application

    Although the theory is that by the time we deploy a finished application it's already fully debugged we all know that in practice things rarely go that smoothly. So what happens if you deploy a partial trust ClickOnce application that starts to crash when it's run? Well, if you're lucky enough to have...
  • Blog Post: Detecting that You're Running in a ClickOnce Application

    In my last post , I mentioned that application scoped isolated storage only works if you're running in a ClickOnce application. That begs the question -- how do I tell if I'm currently running in the context of a ClickOnce application? You can see if a ClickOnce application is running in the current...
  • Blog Post: Isolated Storage and ClickOnce

    Isolated storage introduced a new scope in v2.0 of the CLR to work with ClickOnce applications. Application scoped Isolated storage is backed by the application's data directory. This enables scenarios where your isolated storage data will flow forward with your application as ClickOnce updates it to...
  • Blog Post: Why Can't I See My Partially Trusted ClickOnce Applications in Task Manager?

    If you're developing a partial trust ClickOnce application and are looking for its process in Task Manager or Process Explorer, you might be surprised that you can't find it listed anywhere. What you will see however is a process named AppLaunch.exe. AppLaunch is a small shim tool who's entire purpose...
  • Blog Post: Using Add-Ins with a ClickOnce Deployed Application

    One of the attendees at the PDC had an interesting question combining ClickOnce and Add-Ins. Basically, his application was being deployed with ClickOnce, and was running without elevating it's privileges beyond the Internet zone [fan-tastic :-)]. The problem is that the application was extensible with...
  • Blog Post: PDC '05: Lunch with Apple

    Just got back from lunch with a group from Apple. After checking the rule book, it turns out that no physical laws would be violated by having Apple and Microsoft so close together, and than fully there was no matter-antimatter reaction :-). They were interested in Avalon, erm ... Windows Presentation...
  • Blog Post: A Closer Look at the Simple Sandboxed AppDomain

    Yesterday we took a look at Whidbey's new Simple Sandboxing API . At first glance this API does seem relatively simple, however when you start to look closer at the AppDomain that is created for your sandboxed code, there are a few surprising properties. You might expect that under the covers this...
  • Blog Post: Configuring the TrustManager

    I've been working on the CLR side of ClickOnce pretty much from the beginning. In fact, since I started working with it, I can count at least 3 major design revisions and countless minor tweaks. I believe that of all the people on the CLR team, I've been the one involved with ClickOnce the longest by...
  • Blog Post: Console Applications requre UIPermission

    Starting with beta 2, we’ve made a change around what permissions are required to launch a console application. When I talk about console applications here, I’m talking about applications that specify they should run with the WINDOWS_CUI subsystem (.subsystem 0x0003 in the assembly manifest), rather...
  • Blog Post: ClickOnce vs MSI on MSDN

    The Smart Client Developer Center on MSDN is running an overview of ClickOnce and comparing it to MSI . One of the areas where ClickOnce comes out on top is security sandboxing (or permission elevation, depending on how you look at it). Looking closely at the manifests presented in the article you can...
  • Blog Post: Deploying Policy on v1.0 and 1.1 of the CLR

    A lot of the time, someone has written an application that won't run under the CLR's default security settings and needs to provide a mechanism for their users to modify the policy easily in order to allow their application to run. For Whidbey, ClickOnce solves this scenario, but for v1.0 and 1.1 of...
  • Blog Post: Whidbey's New SecurityException

    One of the more difficult things to debug with .NET 1.0 and 1.1 is the security exception. With these frameworks generally the only information that you got was the state of the failed permission. Due to the complexity of debugging security problems, most people just gave up and required that their code...
  • Blog Post: ClickOnce Bootstrapper Manifest Generator

    David Guyer, from the VB.Net test team, has released his ClickOnce Bootstrapper Manifest Generator on GotDotNet . This tool allows you to generate manifests that describe any pre-requisites to install for a ClickOnce application. You can find more details in the Powertoys blog .
  • Blog Post: What's in a Name

    With the beta 1 release of Whidbey, you'll start to see that many of the ClickOnce APIs require an application name. This application name isn't a simple name, like “Microsoft Word” or “HelloWorld”. Instead it is made up of three components, and allows ClickOnce to uniquely identify...
  • Blog Post: ClickOnce Overview in May's MSDN Magazine

    ClickOnce made the cover of the May 2004 issue of MSDN Magazine . (OK, yes, it was just a little blurb at the bottom of the cover, but that still counts!). Bryan Noyes gives a nice general overview of what you can do with ClickOnce in the article , and steps through several versions of an application...
  • Blog Post: ClickOnce on the .Net Rocks Radio Show

    There was quite a bit of discussion about ClickOnce on the .Net Rocks show earlier this week. You can listen here: http://perseus.franklins.net//DotNetRocks_0047_Brian_Noyes.wma . The discussion starts at about 14:00 and ends around 31:00.
  • Blog Post: ClickOnce Activation Errors on the PDC Whidbey / Longhorn Build

    The PDC build of Whidbey and Longhorn do not provide a great mechanism for handling errors in ClickOnce manifests and other similar activation issues. Often if there is a problem activating a ClickOnce application, you'll only get a simple error dialog saying "General Activation Error." The good news...
  • Blog Post: Moving

    The GotDotNet blogs are being frozen, so I'll be moving my blog over to the ASP.Net site.  You can find the new location at http://blogs.msdn.com/shawnfa
Page 1 of 2 (28 items) 12