Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Under the Hood » Security   (RSS)
Tuesday, March 04, 2008 10:27 AM

CAS and Native Code

CAS is complicated enough to understand when all of the moving parts are written in managed code (and therefore have all the associated managed meta-information like grant sets, etc). However, once native code comes into play things can get even more
Posted by shawnfa | 1 Comments
Filed under: , ,
Wednesday, January 10, 2007 10:32 AM

Combining Strong Names with Authenticode

If you want to use both a strong name and Authenticode signature on your assembly (for instance if you need a strong name for strong assembly identity, and your company has a rule requiring Authenticode signatures on all shipped products), then you need
Posted by shawnfa | 6 Comments
Tuesday, June 06, 2006 9:00 AM

Special Permissions in the SSCLI

Before digging into a pretty clever optimization that the SSCLI makes for certain special permission demands, I want to point out that everything I’m about to cover is an implementation detail. Although this optimization does occur today, we can and will
Posted by shawnfa | 2 Comments
Monday, April 03, 2006 2:44 PM

What Happens When You Fully Sign a Test Signed Assembly

When an assembly is test signed , the public key used to verify its signature is different from the public key that makes up part of the assembly identity. So what happens when you take an assembly which is registered as a test signed assembly on your
Posted by shawnfa | 3 Comments
Wednesday, January 11, 2006 11:55 AM

LinkDemands and InheritenceDemands Occur at JIT Time

We previously saw that the SkipVerification demand for calling a method with unverifiable code occurs at JIT time rather than at runtime. Two other types of demands also occur at JIT time, LinkDemands and InheritenceDemands. An InheritenceDemand will
Posted by shawnfa | 3 Comments
Filed under: ,
Thursday, October 06, 2005 3:10 PM

Exploring the ADMHost Sample

When I first talked about AppDomainManagers , I mentioned that there were three ways to set them up. You can either setup an environment block, use some registry keys, or use the unmanaged hosting API. In most of my samples so far I've used the environment
Posted by shawnfa | 0 Comments
Filed under: ,
Thursday, July 21, 2005 5:34 PM

Setting up an AppDomainManager

When I first talked about AppDomainManagers , I mentioned that there were three ways to tell the CLR that you'd like to use the managed hosting infrastructure: The unmanaged hosting API Environment variables APPDOMAIN_MANAGER_ASM and APPDOMAIN_MANAGER_TYPE
Posted by shawnfa | 5 Comments
Filed under: ,
Tuesday, March 22, 2005 7:58 PM

Safely Impersonating Another User

Yesterday I posted a bit of code that shows how to impersonate another user in managed code. However, that code had a subtle security hole waiting to bite you if you used it directly. Both Dean and Eric found the problem. In fact Eric reminded me of a
Posted by shawnfa | 17 Comments
Tuesday, March 08, 2005 12:31 PM

When is ReflectionPermission Needed?

Reflection and its interaction with security can sometimes be a bit of a confusing matter. The easiest portion to figure out is the permissions needed to use Reflection.Emit. In order to do anything with the reflection emit feature, you'll need to have
Posted by shawnfa | 11 Comments
Monday, February 28, 2005 5:12 PM

The Difference Between the Strong Name Hash and Hash Evidence

The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section
Posted by shawnfa | 7 Comments
Wednesday, January 26, 2005 3:11 PM

Finding the Raw Strong Name Signature

Wow ... there's been lots of interest in signatures lately :-) In response to my last post about reserving a larger section of the PE file for the signature when you create a signature with a larger key, William wants to know if you can extract the actual
Posted by shawnfa | 5 Comments
Monday, January 17, 2005 1:20 PM

Removing Permissions From FullTrust

Executing the following code: PermissionSet ps = new PermissionSet(PermissionState.Unrestricted); Console.WriteLine("Before Removing Permissions:"); Console.WriteLine(ps.ToXml().ToString()); ps.RemovePermission( typeof (RegistryPermission)); Console.WriteLine("After
Posted by shawnfa | 6 Comments
Filed under: , ,
Monday, November 29, 2004 4:08 PM

Managed Hosting API Take 3: the Host SecurityManager

Now that we've examined how to customize the AppDomain creation process , lets go back to our EchoAppDomainManager and look at some other places the CLR lets a managed host customize its behavior. Looking back at the output of running HelloWorld with
Posted by shawnfa | 4 Comments
Filed under: , ,
Wednesday, November 24, 2004 11:59 AM

What's the FullTrust List For Anyway?

Time for a quick break from managed hosting. I've been asked several times on this blog and in the newsgroups about the FullTrust list that the CLR keeps. What is it, and why does it exist? The reason for the list is due to a problem that exists when
Posted by shawnfa | 0 Comments
Thursday, October 21, 2004 2:36 PM

The Locations of the Other Policy Levels

On Monday I wrote about how to recover CasPol to a usable state , if you've modified the security policy to disallow CasPol permission to run. My instructions included deleting %WINDIR%\Microsoft.Net\Framework\v x.y.zzzz \config\Security.config and Security.cch.
Posted by shawnfa | 0 Comments
More Posts Next page »
 
Page view tracker