.NET Security Blog
When the Opposite of Transparent isn't Opaque
When you provide an assembly that will be called by partially trusted callers, you need to make sure...
Author: Shawn Farkas - MS Date: 08/31/2005
Getting Help with your .NET Questions
Recently I've been getting a lot of email from this blog asking for help with various problems....
Author: Shawn Farkas - MS Date: 08/31/2005
What's New in Security for v2.0
There's a ton of new and enhanced security features coming with the v2.0 release of the CLR....
Author: Shawn Farkas - MS Date: 08/24/2005
Securing AppDomain Data
While we're on the topic of AppDomains ... One feature of AppDomains that many people don't know...
Author: Shawn Farkas - MS Date: 08/22/2005
Comparing Java and .NET Security
It's been a while since I've last seen a comparison of Java and .NET security. Nathaneal Paul and...
Author: Shawn Farkas - MS Date: 08/17/2005
A Closer Look at the Simple Sandboxed AppDomain
Yesterday we took a look at Whidbey's new Simple Sandboxing API. At first glance this API does seem...
Author: Shawn Farkas - MS Date: 08/09/2005
The Simple Sandboxing API
A while back I gave some sample code to show how to setup a sandboxed AppDomain. This technique has...
Author: Shawn Farkas - MS Date: 08/08/2005
3 Years, 3 Pounds
Today marks my 3 year anniversary on the CLR security team (not counting my internship, which I...
Author: Shawn Farkas - MS Date: 07/29/2005
Profiling Signed Assemblies
Ian Huff has an entry today about the problems you'll run into when using Visual Studio Team System...
Author: Shawn Farkas - MS Date: 07/26/2005
Bootstrapping your Application's AppDomainManager
Last time I mentioned that when using pure managed code to setup an AppDomainManager, you should...
Author: Shawn Farkas - MS Date: 07/25/2005
Setting up an AppDomainManager
When I first talked about AppDomainManagers, I mentioned that there were three ways to tell the CLR...
Author: Shawn Farkas - MS Date: 07/21/2005
Loading the Same Assembly with Different Evidence
Assembly.Load provides overloads that take an Evidence object in addition to the name of the...
Author: Shawn Farkas - MS Date: 07/20/2005
Don't Sign C++/CLI Assemblies with Attributes
We've already talked about using the /keyfile or /keycontainer switches to sign C# and VB assemblies...
Author: Shawn Farkas - MS Date: 07/14/2005
Heading to New York
Now that I've resolved the broken computer problem, and am all set up to blog again, I'm off to New...
Author: Shawn Farkas - MS Date: 07/04/2005
Configuring the TrustManager
I've been working on the CLR side of ClickOnce pretty much from the beginning. In fact, since I...
Author: Shawn Farkas - MS Date: 06/24/2005
A New Machine
About 2 weeks ago my main office machine died, taking with it all of my current work, and my blog...
Author: Shawn Farkas - MS Date: 06/24/2005
Viewing IL at Debug Time
Last week, I mentioned Yiru’s post on using SOS to see the IL of a dynamically generated...
Author: Shawn Farkas - MS Date: 06/08/2005
Console Applications requre UIPermission
Starting with beta 2, we’ve made a change around what permissions are required to launch a console...
Author: Shawn Farkas - MS Date: 06/06/2005
Dynamic Assemblies and Declarative Security
Speaking of dynamic IL generation ... Before Whidbey, the framework supplied two ways of creating...
Author: Shawn Farkas - MS Date: 05/27/2005
Yiru on Debugging LCG
Yiru's got a great piece up on using SOS to debug code that was emitted using Whidbey's new...
Author: Shawn Farkas - MS Date: 05/27/2005
Mike Downen Starts Blogging
After months of telling me that he's just about to start blogging, Mike Downen, the guy who's in...
Author: Shawn Farkas - MS Date: 05/27/2005
Receiving Session Lock and Unlock Notifications
Some programs, such as MSN Messenger, change their behavior when the current session is locked and...
Author: Shawn Farkas - MS Date: 05/17/2005
FullTrust Means FullTrust
One of the items on my long list of blog todo's has been a change that the security team has been...
Author: Shawn Farkas - MS Date: 05/17/2005
Enforcing FIPS Certified Cryptography
Certain types of software, such as code written for a government contract, require adhering to a...
Author: Shawn Farkas - MS Date: 05/16/2005
Security Off Wrap Up
I've got just a few loose ends to tie up about our new security off behavior, and then we'll move on...
Author: Shawn Farkas - MS Date: 05/10/2005
Forcing Security to Stay On
Last time we looked at how the Whidbey version of CasPol uses a mutex to indicate the state of the...
Author: Shawn Farkas - MS Date: 05/04/2005
Whidbey's Security Off Model
Although the v1.0 and v1.1 versions of CasPol provided a switch to disable the CLR's security...
Author: Shawn Farkas - MS Date: 04/28/2005
Beta 2, Get Yer Beta 2
As I'm sure most of you have seen by now, today we announced the availability of Visual Studio 2005...
Author: Shawn Farkas - MS Date: 04/18/2005
Security and the Papal Election
With the Papal Election only four days away, Bruce Schneier has taken a look at the process from a...
Author: Shawn Farkas - MS Date: 04/14/2005
Trusting Applications with their Strong Name
Last time I talked about reasons that you might want to strongly name your application's entry...
Author: Shawn Farkas - MS Date: 04/14/2005
When to Strongly Name an Application Entry Point
Junfeng wonders why you might want to strongly name an exe. Sometimes strong naming your exe can be...
Author: Shawn Farkas - MS Date: 04/11/2005
Happy Birthday Channel 9
Channel 9 turns one year old today, and to celebrate they've been releasing quite a few interesting...
Author: Shawn Farkas - MS Date: 04/06/2005
More on First Pass Exception Issues
Keith Brown recently pointed out that the issues with first pass exception handling extend well...
Author: Shawn Farkas - MS Date: 03/31/2005
Reading a File from Partial Trust
When authoring an application to run with partial trust, one of the problems many people hit is the...
Author: Shawn Farkas - MS Date: 03/30/2005
Safe Impersonation With Whidbey
Over the last couple of days we've talked about how to impersonate another user, and some security...
Author: Shawn Farkas - MS Date: 03/24/2005
Safely Impersonating Another User
Yesterday I posted a bit of code that shows how to impersonate another user in managed code....
Author: Shawn Farkas - MS Date: 03/22/2005
How to Impersonate
Guillermo recently started blogging about some Whidbey enhancements around impersonation. However,...
Author: Shawn Farkas - MS Date: 03/21/2005
X509CertificateEx is now X509Certificate2
Last fall, in the article Mike Downen and I wrote for MSDN magazine, we mentioned the expanded...
Author: Shawn Farkas - MS Date: 03/16/2005
BCL Blog Day
Next Tuesday (March 15th), the BCL team is having a blog day where they're planning on devoting the...
Author: Shawn Farkas - MS Date: 03/10/2005
Don't Deny SkipVerification
SkipVerification permission, which allows the JIT to compile any code even if it cannot prove the...
Author: Shawn Farkas - MS Date: 03/10/2005
When is ReflectionPermission Needed?
Reflection and its interaction with security can sometimes be a bit of a confusing matter. The...
Author: Shawn Farkas - MS Date: 03/08/2005
Reid Talks about Security State and NGEN
Following up on the pieces we had last week that mentioned NGEN and security ... Reid has just...
Author: Shawn Farkas - MS Date: 03/03/2005
The Difference Between the Strong Name Hash and Hash Evidence
The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of...
Author: Shawn Farkas - MS Date: 02/28/2005
CLR Bloggers Redux
Since I posted the list CLR bloggers, I've gotten many requests for the list in OPML format. So by...
Author: Shawn Farkas - MS Date: 02/25/2005
Public Key Tokens
Time for another visit to the managed strong name API; this time lets take a look at public key...
Author: Shawn Farkas - MS Date: 02/23/2005
Mindless Link Propagation
Rick Byers, who works on the CLR's DevServices (read: debugger) team recently started blogging....
Author: Shawn Farkas - MS Date: 02/17/2005
Feedback on Link and Disjunctive Demands
In the spirit of gathering feedback from the community, here are two more feature areas we're...
Author: Shawn Farkas - MS Date: 02/16/2005
Does Being in the GAC Grant FullTrust?
What does being in the GAC imply about the permission set that will be assigned to an assembly?...
Author: Shawn Farkas - MS Date: 02/10/2005