• .NET Security Blog

    Customizing the AppDomain Creation Process

    • 8 Comments
    Last week, I posted about AppDomainManagers . Today, I'm going to look a little more closely at how the AppDomainManager allows you to customize the domain creation process. Specifically there are two methods that, when overridden, allow you to modify...
  • .NET Security Blog

    All About Assert Part III: Dispelling the Myths

    • 7 Comments
    So far we've seen What Assert Actually Does , and What Assert Is Good For , now its time to examine some popular misconceptions about the Assert stack modifier. Myth #1: Assert changes an assembly's permission grant Assert is a stack walk modifier. It...
  • .NET Security Blog

    Whidbey Beta 1 Ships

    • 7 Comments
    Well, we've finally released beta 1 of .NET 2.0 and Visual Studio 2005 . In adition to the beta 1 release, we've also announced Express SKUs for Visual C++, Visual Basic, Visual C#, Visual J#, and SQL Server (as well as a web developer express SKU). The...
  • .NET Security Blog

    Which Cryptographic Operations are Available?

    • 7 Comments
    One of the more common problems to creep up when people start using the various cryptographic algorithms in the System.Security.Cryptography namespace is that their app, which works fine on their WinXP dev box suddenly starts throwing CryptographicExceptions...
  • .NET Security Blog

    Using Add-Ins with a ClickOnce Deployed Application

    • 7 Comments
    One of the attendees at the PDC had an interesting question combining ClickOnce and Add-Ins. Basically, his application was being deployed with ClickOnce, and was running without elevating it's privileges beyond the Internet zone [fan-tastic :-)]. The...
  • .NET Security Blog

    What Do You Want to See in Crypto / ClickOnce?

    • 7 Comments
    Now that Whidbey's out the door, it's time to look at what we want to do in future releases. If you've run into any issues with the crypto classes or with ClickOnce let me know! You can leave comments here or file requests in the MSDN Product Feedback...
  • .NET Security Blog

    The Difference Between the Strong Name Hash and Hash Evidence

    • 7 Comments
    The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section...
  • .NET Security Blog

    Safe Impersonation With Whidbey

    • 7 Comments
    Over the last couple of days we've talked about how to impersonate another user , and some security issues to keep in mind while impersonating . Now I'd like to take a look at some new features available in Whidbey which can make the whole process much...
  • .NET Security Blog

    Bootstrapping your Application's AppDomainManager

    • 7 Comments
    Last time I mentioned that when using pure managed code to setup an AppDomainManager, you should prefer to use the environment variables rather than the registry keys. Once you've decided to use the environment variables, you need to determine a strategy...
  • .NET Security Blog

    Sandboxing in .NET 4.0

    • 7 Comments
    Yesterday I talked about the changes in security policy for managed applications , namely that managed applications will run with full trust - the same as native applications - when you execute them directly. That change doesn’t mean that managed code...
  • .NET Security Blog

    Is CAS dead in .NET 4?

    • 7 Comments
    With all the changes in the security system of .NET 4, the question frequently arises “so, is CAS dead now?”. One of the reasons that this question comes up so frequently, is that the term CAS in the .NET 1 security model was overloaded to refer to many...
  • .NET Security Blog

    More Implicit Uses of CAS Policy: loadFromRemoteSources

    • 6 Comments
    In my last post about changes to the CLR v4 security policy model, I looked at APIs which implicitly use CAS policy in their operation (such as Assembly.Load overloads that take an Evidence parameter), and how to migrate code that was using those APIs...
  • .NET Security Blog

    New Crypto Algorithms in Orcas

    • 6 Comments
    The January CTP of Orcas is now available , and with it comes a total of 12 new cryptography algorithm implementation classes, which include 2.5 new algorithms. (I'll count AES as 0.5 since we did already have Rijndael :-) ). These classes also are the...
  • .NET Security Blog

    Sandboxed Applications Can’t Elevate Their Own Permissions

    • 6 Comments
    Every once in a while someone will ask how they can do something similar to these caspol commands from within their application. Generally, they want their application to be deployed from the Internet or a file share and don’t want users to have to deal...
  • .NET Security Blog

    Reducing Startup Time Due To Strong Name Verification

    • 6 Comments
    Occasionally we run into a scenario where someone asks about shipping a strong name skip verification entry for their assembly with their product. Generally, their reasoning is that the performance hit of strong name verification is too great for their...
  • .NET Security Blog

    [WeddingPermission(SecurityAction.Demand, Unrestricted=true)]

    • 6 Comments
    Having just checked in my last few bug fixes and the Orcas feature I've been working on, it's time to take off on a vacation. But not just any vacation ... Tomorrow I head back to New York for my wedding on August 12th. (Here's hoping that it cools...
  • .NET Security Blog

    Assembly Provided Evidence

    • 6 Comments
    We all know that the CLR provides many types of evidence to assemblies and AppDomains by default, but one feature of the runtime that's much less known is that assemblies can actually provide evidence of their own. This seems to be one of the best kept...
  • .NET Security Blog

    Combining Strong Names with Authenticode

    • 6 Comments
    If you want to use both a strong name and Authenticode signature on your assembly (for instance if you need a strong name for strong assembly identity, and your company has a rule requiring Authenticode signatures on all shipped products), then you need...
  • .NET Security Blog

    Running IE with SAFER

    • 6 Comments
    Michael Howard recently did a two part series on MSDN about browsing the web and reading email safely as an Administrator ( part 1 | part 2 ). Today he's got a Quick Start posted on his blog to get IE setup to run with SAFER. Personally, I prefer the...
  • .NET Security Blog

    Removing Permissions From FullTrust

    • 6 Comments
    Executing the following code: PermissionSet ps = new PermissionSet(PermissionState.Unrestricted); Console.WriteLine("Before Removing Permissions:"); Console.WriteLine(ps.ToXml().ToString()); ps.RemovePermission( typeof (RegistryPermission)); Console.WriteLine...
  • .NET Security Blog

    Process Requires FullTrust

    • 6 Comments
    The Process class has a LinkDemand and an InheritenceDemand for FullTrust on it. This means that if your assembly is not fully trusted, it will be unable to kick off new Processes or get information about running processes. One implication is that assemblies...
  • .NET Security Blog

    Getting Help with your .NET Questions

    • 6 Comments
    Recently I've been getting a lot of email from this blog asking for help with various problems. Although I'd love to help out, I don't have the time to address each mail directly. In fact, most of the problems I (and other members of the CLR team I've...
  • .NET Security Blog

    Fun with the Visual Studio Find Combo Box

    • 6 Comments
    It's interesting to note all the power of the find combo box in the Visual Studio command bar. It's easily one of the more useful controls I've ever used, yet it just sits there all quiet and unassuming. I've run into a lot of people who know one of two...
  • .NET Security Blog

    Signing Specific XML With References

    • 6 Comments
    I've previously blogged about creating XML digital signatures using the .NET framework, but today I'd like to write about a more advanced technique using these signatures. My previous post signed an entire XML document, however, this is not always necessary...
  • .NET Security Blog

    What Happens When My Application Throws An Unhandled Exception

    • 6 Comments
    There are several different behaviors that can occur when a managed application throws an unhandled exception. The two most common are to bring up an error dialog box, or to pop up the Visual Studio Just In Time Debugger dialog box. The first behavior...
Page 4 of 15 (368 items) «23456»