Welcome to MSDN Blogs
Sign in
|
Join
|
Help
.NET Security Blog
This Blog
Syndication
RSS 2.0
Atom 1.0
Search
Tags
CAS
ClickOnce
CLR v4
CNG
Cryptography
Debugging
Orcas
Other
Policy
SecAnnotate
Security
Silverlight
SSCLI
StrongName
Transparency
Under the Hood
Visual Studio
Windows
XML
News
Silverlight Security Cheat Sheet
What's New in Security for v2.0
List of CLR Bloggers
Getting Help with your .NET Questions
Archives
November 2009 (7)
June 2009 (4)
May 2009 (6)
March 2009 (1)
December 2008 (2)
August 2008 (1)
July 2008 (2)
May 2008 (2)
March 2008 (2)
February 2008 (1)
January 2008 (1)
October 2007 (2)
June 2007 (1)
May 2007 (5)
April 2007 (1)
March 2007 (4)
February 2007 (3)
January 2007 (5)
December 2006 (2)
November 2006 (3)
October 2006 (5)
September 2006 (2)
August 2006 (1)
July 2006 (6)
June 2006 (6)
May 2006 (7)
April 2006 (7)
March 2006 (6)
February 2006 (7)
January 2006 (9)
December 2005 (7)
November 2005 (8)
October 2005 (8)
September 2005 (11)
August 2005 (7)
July 2005 (8)
June 2005 (4)
May 2005 (10)
April 2005 (6)
March 2005 (10)
February 2005 (9)
January 2005 (10)
December 2004 (10)
November 2004 (11)
October 2004 (12)
September 2004 (10)
August 2004 (10)
July 2004 (10)
June 2004 (11)
May 2004 (7)
April 2004 (14)
March 2004 (21)
February 2004 (12)
January 2004 (3)
December 2003 (1)
November 2003 (5)
October 2003 (1)
June 2003 (2)
Browse by Tags
All Tags
»
CAS
»
Policy
(RSS)
ClickOnce
CLR v4
Orcas
Security
SSCLI
StrongName
Transparency
Under the Hood
Windows
Friday, June 12, 2009 11:33 AM
CLR v4 Security Policy Roundup
Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in the v4 release of the .NET Framework. Here’s a quick index of those topics: Overview Security Policy in the v4 CLR Sandboxing in .NET 4.0 Updating code
Posted by
shawnfa
|
1 Comments
Filed under:
Security
,
ClickOnce
,
CAS
,
Policy
Friday, June 12, 2009 11:27 AM
Temporarily re-enabling CAS policy during migration
Over the last few weeks we’ve been looking at the changes to security policy in .NET 4, namely that security policy is now in the hands of the host and the operating system. While we’ve looked at how to update code that implicitly uses CAS policy , loads
Posted by
shawnfa
|
3 Comments
Filed under:
Security
,
CAS
,
Policy
,
CLR v4
Tuesday, June 09, 2009 12:14 PM
Coding with Security Policy in .NET 4 part 2 – Explicit uses of CAS policy
Over the last few posts, I’ve been looking at how the update to the CLR v4 security policy interacts with how you write managed code against the v4 .NET Framework. So far we’ve looked at the implicit uses of CAS policy, such as loading assemblies
Posted by
shawnfa
|
1 Comments
Filed under:
Security
,
CAS
,
Policy
,
CLR v4
Monday, June 08, 2009 11:59 AM
More Implicit Uses of CAS Policy: loadFromRemoteSources
In my last post about changes to the CLR v4 security policy model, I looked at APIs which implicitly use CAS policy in their operation (such as Assembly.Load overloads that take an Evidence parameter), and how to migrate code that was using those APIs.
Posted by
shawnfa
|
5 Comments
Filed under:
Security
,
CAS
,
Policy
,
CLR v4
Thursday, May 28, 2009 1:30 PM
CLR 4 Security on Channel 9
A while back I did an interview with Charles Torre about the changes to security in CLR v4, and he posted it to the Channel 9 videos site yesterday. I start out talking about the security policy changes I've been covering here over the last week,
Posted by
shawnfa
|
1 Comments
Filed under:
Security
,
CAS
,
Policy
,
CLR v4
,
Transparency
Wednesday, May 27, 2009 10:46 AM
Coding with Security Policy in .NET 4.0 – Implicit uses of CAS policy
Last week we looked at sandboxing and the v4 CLR – with the key change being that the CLR now defers exclusively to the host application when setting up sandboxed domains by moving away from the old CAS policy model, and moving instead to simple sandboxed
Posted by
shawnfa
|
4 Comments
Filed under:
Security
,
CAS
,
Policy
,
CLR v4
Friday, May 22, 2009 10:54 AM
Sandboxing in .NET 4.0
Yesterday I talked about the changes in security policy for managed applications , namely that managed applications will run with full trust - the same as native applications - when you execute them directly. That change doesn’t mean that managed code
Posted by
shawnfa
|
6 Comments
Filed under:
Security
,
CAS
,
Policy
,
CLR v4
Thursday, May 21, 2009 12:03 PM
Security Policy in the v4 CLR
One of the first changes that you might see to security in the v4 CLR is that we’ve overhauled the security policy system. In previous releases of the .NET Framework, CAS policy applied to all assemblies loaded into an application (except for in
Posted by
shawnfa
|
13 Comments
Filed under:
CAS
,
Policy
,
CLR v4
Monday, May 12, 2008 10:49 AM
FullTrust on the LocalIntranet
We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone. The quick summary is that as of .NET 3.5 SP1, applications run from a network share will
Posted by
shawnfa
|
13 Comments
Filed under:
Security
,
ClickOnce
,
CAS
,
Policy
Thursday, January 24, 2008 10:00 AM
Manifested Controls Redux
Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which enabled you to specify declaratively the set of permissions that IE hosted managed controls should run with. Since the betas there have been a couple of tweaks
Posted by
shawnfa
|
1 Comments
Filed under:
Security
,
CAS
,
Policy
,
Orcas
Attachment(s):
ManifestControl.zip
Tuesday, October 02, 2007 9:24 AM
Avoiding Assembly Level Declarative Security
I've written in the past about the three assembly level declarative security actions : RequestMinimum, RequestOptional, and RequestRefuse. Although the CLR has supported these since v1.0, I tend to stay away from using them as much as I possibly can,
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
ClickOnce
,
CAS
,
Policy
Monday, May 07, 2007 11:25 AM
Bypassing the Authenticode Signature Check on Startup
A while back I wrote about the performance penalty of loading an assembly with an Authenticode signature . The CLR will attempt to verify the signature at load time to generate Publisher evidence for the assembly. However, by default most applications
Posted by
shawnfa
|
1 Comments
Filed under:
CAS
,
Policy
,
Orcas
Wednesday, April 18, 2007 9:16 AM
Loading an Assembly as a Byte Array
One of the various ways that you can load an assembly is by supplying the raw bytes of an assembly as a byte array. The security identity of an assembly loaded this way turns out to be different than if you were to load the same assembly by name or by
Posted by
shawnfa
|
1 Comments
Filed under:
Security
,
CAS
,
Policy
Thursday, March 15, 2007 9:51 AM
Using the MMC Snap-In to Configure 64 Bit CAS Policy
The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid using caspol to modify your local security policy. Since each runtime installed on your machine has independent security policy , the MMC Snap-In will only
Posted by
shawnfa
|
1 Comments
Filed under:
Security
,
CAS
,
Windows
,
Policy
Wednesday, March 07, 2007 11:25 AM
Specifying Permissions for IE Controls in Orcas
One of my most read blog posts (and one of the reasons I created this blog in the first place -- to answer what was one of the most asked questions on the old .NET Security newsgroup), is my post about granting managed controls hosted in IE extra permissions
Posted by
shawnfa
|
1 Comments
Filed under:
Security
,
ClickOnce
,
CAS
,
Policy
,
Orcas
More Posts
Next page »
