.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was configured to require them. This resulted in algorithms which are not FIPS compliant (or implementations which were not FIPS certified) throwing an InvalidOperationException from their constructors. In some cases...

Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which enabled you to specify declaratively the set of permissions that IE hosted managed controls should run with. Since the betas there have been a couple of tweaks to the manifest control model, so those posts...

A while back I wrote about the performance penalty of loading an assembly with an Authenticode signature . The CLR will attempt to verify the signature at load time to generate Publisher evidence for the assembly. However, by default most applications don't need Publisher evidence. Standard CAS policy...

Last week, I talked about the Orcas feature which allows you to provide a manifest to elevate your control's permissions declaratively . We also saw how to generate manifests that would state what permissions your control needs (and the rules associated with those manifests). Now it's time to tie it...

Earlier this week,I talked about the Orcas feature where controls can declaratively request permissions in a similar way to ClickOnce applications. In fact, the manifests used for this request are the same manifests used for ClickOnce applications, with a few special requirements added onto them. When...

One of my most read blog posts (and one of the reasons I created this blog in the first place -- to answer what was one of the most asked questions on the old .NET Security newsgroup), is my post about granting managed controls hosted in IE extra permissions . If you need to have a managed control run...

One of the features the CLR team is adding in Orcas is that we're providing a new model to help enable your application to host Add-Ins. I've got a special interest in this set of features, as I always try to make my hobby applications pluggable for some reason, and I tend to end up writing a ton of...

The second elliptic curve algorithm added to Orcas is elliptic curve Diffie-Hellman, as the ECDiffieHellmanCng class. This is the first time Diffie-Hellman is available as part of the .NET Framework, so lets take a quick look at what it is and what it does. Diffie-Hellman is one of the oldest asymmetric...

Yesterday I gave a quick rundown of all the new cryptographic algorithms available in the Orcas January CTP . Today, let's dive in a little deeper to the first of the elliptic curve algorithms, ECDSA. (ECDSA, along with the rest of the CNG classes in the .NET Framework, is only available on Windows Vista...

The January CTP of Orcas is now available , and with it comes a total of 12 new cryptography algorithm implementation classes, which include 2.5 new algorithms. (I'll count AES as 0.5 since we did already have Rijndael :-) ). These classes also are the first set of managed wrappers around the new CNG...

Last time I talked about the new Orcas feature allowing you to use reflection from partial trust . Specifically we talked about standard reflection and Reflection.Emit, putting off Lightweight CodeGen until today. Before we start, if you're new to LCG, you might want to check out Yiru's quick introduction...

The September CTP of Orcas went live last night, including lots of features that other MSDN blogs are buzzing about such as LINQ to Objects, partial C# 3.0 support, and partial VB 9.0 support. (And prompting me to create the new Orcas category to replace the defunct Whidbey category). However, my...