Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Under the Hood » CAS   (RSS)
Tuesday, March 04, 2008 10:27 AM

CAS and Native Code

CAS is complicated enough to understand when all of the moving parts are written in managed code (and therefore have all the associated managed meta-information like grant sets, etc). However, once native code comes into play things can get even more
Posted by shawnfa | 1 Comments
Filed under: , ,
Friday, May 12, 2006 1:14 PM

How does the CLR figure out Zone evidence?

This week, I've had three separate cases where people have wondered why the CLR was assigning seemingly incorrect zone evidence to their assembly, causing their permission sets to be less than what was expected. The quick and dirty answer is that the
Posted by shawnfa | 4 Comments
Filed under: ,
Tuesday, August 09, 2005 12:02 PM

A Closer Look at the Simple Sandboxed AppDomain

Yesterday we took a look at Whidbey's new Simple Sandboxing API . At first glance this API does seem relatively simple, however when you start to look closer at the AppDomain that is created for your sandboxed code, there are a few surprising properties.
Posted by shawnfa | 3 Comments
Thursday, April 28, 2005 8:03 AM

Whidbey's Security Off Model

Although the v1.0 and v1.1 versions of CasPol provided a switch to disable the CLR's security system, running without CAS enforcement on was never a scenario that we encouraged for obvious reasons. The choice to disable security was a system wide switch
Posted by shawnfa | 17 Comments
Tuesday, March 08, 2005 12:31 PM

When is ReflectionPermission Needed?

Reflection and its interaction with security can sometimes be a bit of a confusing matter. The easiest portion to figure out is the permissions needed to use Reflection.Emit. In order to do anything with the reflection emit feature, you'll need to have
Posted by shawnfa | 11 Comments
Monday, February 28, 2005 5:12 PM

The Difference Between the Strong Name Hash and Hash Evidence

The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section
Posted by shawnfa | 7 Comments
Monday, January 17, 2005 1:20 PM

Removing Permissions From FullTrust

Executing the following code: PermissionSet ps = new PermissionSet(PermissionState.Unrestricted); Console.WriteLine("Before Removing Permissions:"); Console.WriteLine(ps.ToXml().ToString()); ps.RemovePermission( typeof (RegistryPermission)); Console.WriteLine("After
Posted by shawnfa | 6 Comments
Filed under: , ,
Monday, November 29, 2004 4:08 PM

Managed Hosting API Take 3: the Host SecurityManager

Now that we've examined how to customize the AppDomain creation process , lets go back to our EchoAppDomainManager and look at some other places the CLR lets a managed host customize its behavior. Looking back at the output of running HelloWorld with
Posted by shawnfa | 4 Comments
Filed under: , ,
Wednesday, November 24, 2004 11:59 AM

What's the FullTrust List For Anyway?

Time for a quick break from managed hosting. I've been asked several times on this blog and in the newsgroups about the FullTrust list that the CLR keeps. What is it, and why does it exist? The reason for the list is due to a problem that exists when
Posted by shawnfa | 0 Comments
Thursday, October 21, 2004 2:36 PM

The Locations of the Other Policy Levels

On Monday I wrote about how to recover CasPol to a usable state , if you've modified the security policy to disallow CasPol permission to run. My instructions included deleting %WINDIR%\Microsoft.Net\Framework\v x.y.zzzz \config\Security.config and Security.cch.
Posted by shawnfa | 0 Comments
Tuesday, August 31, 2004 4:28 PM

New ILAsm Support For Assembly-Level Security

Before Whidbey shipped, using assembly level declarative security was always a bit of a pain. Previous versions of the CLR required you to provide security attributes in the form of XML, which meant that you would have to figure out the exact XML represented
Posted by shawnfa | 1 Comments
Filed under: , ,
Thursday, August 05, 2004 3:26 PM

Serializing Permissions Across CLR Versions

An interesting question came up in the newsgroups today. If you serialize a permissions set (either by calling ToXml().ToString() directly on the permission, or by converting to an XML Element ), you'll get permissions that look like this: <IPermission
Posted by shawnfa | 4 Comments
Filed under: , ,
 
Page view tracker