Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security » CAS   (RSS)
Friday, June 12, 2009 11:33 AM

CLR v4 Security Policy Roundup

Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in the v4 release of the .NET Framework. Here’s a quick index of those topics: Overview Security Policy in the v4 CLR Sandboxing in .NET 4.0 Updating code
Posted by shawnfa | 1 Comments
Filed under: , , ,
Friday, June 12, 2009 11:27 AM

Temporarily re-enabling CAS policy during migration

Over the last few weeks we’ve been looking at the changes to security policy in .NET 4, namely that security policy is now in the hands of the host and the operating system. While we’ve looked at how to update code that implicitly uses CAS policy , loads
Posted by shawnfa | 3 Comments
Filed under: , , ,
Tuesday, June 09, 2009 12:14 PM

Coding with Security Policy in .NET 4 part 2 – Explicit uses of CAS policy

Over the last few posts, I’ve been looking at how the update to the CLR v4 security policy interacts with how you write managed code against the v4 .NET Framework.  So far we’ve looked at the implicit uses of CAS policy, such as loading assemblies
Posted by shawnfa | 1 Comments
Filed under: , , ,
Monday, June 08, 2009 11:59 AM

More Implicit Uses of CAS Policy: loadFromRemoteSources

In my last post about changes to the CLR v4 security policy model, I looked at APIs which implicitly use CAS policy in their operation (such as Assembly.Load overloads that take an Evidence parameter), and how to migrate code that was using those APIs.  
Posted by shawnfa | 5 Comments
Filed under: , , ,
Thursday, May 28, 2009 1:30 PM

CLR 4 Security on Channel 9

A while back I did an interview with Charles Torre   about the changes to security in CLR v4, and he posted it to the Channel 9 videos site yesterday. I start out talking about the security policy changes I've been covering here over the last week,
Posted by shawnfa | 1 Comments
Thursday, May 28, 2009 7:00 AM

Visual Studio 10 Security Tab Changes

Kris Makey, who works on the Visual Studio team, has written up a good blog post about the changes you’ll see on the security tab in Visual Studio 10 when it comes to editing permission sets .  He covers what the changes are, and some of the reasons
Posted by shawnfa | 1 Comments
Wednesday, May 27, 2009 10:46 AM

Coding with Security Policy in .NET 4.0 – Implicit uses of CAS policy

Last week we looked at sandboxing and the v4 CLR – with the key change being that the CLR now defers exclusively to the host application when setting up sandboxed domains by moving away from the old CAS policy model, and moving instead to simple sandboxed
Posted by shawnfa | 4 Comments
Filed under: , , ,
Friday, May 22, 2009 10:54 AM

Sandboxing in .NET 4.0

Yesterday I talked about the changes in security policy for managed applications , namely that managed applications will run with full trust - the same as native applications - when you execute them directly. That change doesn’t mean that managed code
Posted by shawnfa | 6 Comments
Filed under: , , ,
Wednesday, May 20, 2009 3:58 PM

.NET 4.0 Security

The first beta of the v4.0 .NET Framework is now available , and with it comes a lot of changes to the CLR's security system. We've updated both the policy and enforcement portions of the runtime in a lot of ways that I'm pretty excited to finally see
Posted by shawnfa | 11 Comments
Filed under: , ,
Monday, May 12, 2008 10:49 AM

FullTrust on the LocalIntranet

We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone. The quick summary is that as of .NET 3.5 SP1, applications run from a network share will
Posted by shawnfa | 13 Comments
Filed under: , , ,
Tuesday, March 04, 2008 10:27 AM

CAS and Native Code

CAS is complicated enough to understand when all of the moving parts are written in managed code (and therefore have all the associated managed meta-information like grant sets, etc). However, once native code comes into play things can get even more
Posted by shawnfa | 1 Comments
Filed under: , ,
Thursday, January 24, 2008 10:00 AM

Manifested Controls Redux

Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which enabled you to specify declaratively the set of permissions that IE hosted managed controls should run with. Since the betas there have been a couple of tweaks
Posted by shawnfa | 1 Comments
Filed under: , , ,

Attachment(s): ManifestControl.zip
Tuesday, October 30, 2007 11:35 AM

Transparency as Least Privilege

In my last post I mentioned that there is a better alternative to RequestRefuse for achieving least privilege . The tool I like to use for least privilege is actually the security transparency model available in v2.0+ of the CLR (and which became the
Posted by shawnfa | 0 Comments
Filed under: ,
Tuesday, October 02, 2007 9:24 AM

Avoiding Assembly Level Declarative Security

I've written in the past about the three assembly level declarative security actions : RequestMinimum, RequestOptional, and RequestRefuse. Although the CLR has supported these since v1.0, I tend to stay away from using them as much as I possibly can,
Posted by shawnfa | 0 Comments
Filed under: , , ,
Wednesday, April 18, 2007 9:16 AM

Loading an Assembly as a Byte Array

One of the various ways that you can load an assembly is by supplying the raw bytes of an assembly as a byte array. The security identity of an assembly loaded this way turns out to be different than if you were to load the same assembly by name or by
Posted by shawnfa | 1 Comments
Filed under: , ,
More Posts Next page »
 
Page view tracker