.NET Security Blog
An Enhanced Version of the Sandboxed AppDomain
Last week I showed how to create an AppDomain with a limited set of permissions. I also presented an...
Author: Shawn Farkas - MS Date: 11/02/2004
David Starts Blogging
David Notario has started up a blog ... he's one of the x86 JIT devs, and (since his office is right...
Author: Shawn Farkas - MS Date: 10/27/2004
Easily Creating a StrongNameMembershipCondition for an Assembly
Taking a break from sandboxing in an AppDomain for a minute, lets take a look at another aspect of...
Author: Shawn Farkas - MS Date: 10/26/2004
Creating an AppDomain with limited permissions
Oftentimes in an application, it's necessary to run untrusted code. The CLR lets you do this safely...
Author: Shawn Farkas - MS Date: 10/25/2004
Getting the Current Permissions in a Named Permission Set
There are several named permission sets defined by default in the CLR security policy: FullTrust...
Author: Shawn Farkas - MS Date: 10/22/2004
The Locations of the Other Policy Levels
On Monday I wrote about how to recover CasPol to a usable state, if you've modified the security...
Author: Shawn Farkas - MS Date: 10/21/2004
I'm Published!
The November 2004 issue of MSDN magazine is available online now, and it includes the first article...
Author: Shawn Farkas - MS Date: 10/19/2004
What to do when CasPol throws SecurityExceptions
CasPol is written in managed code, and as such is subject to the CLR's security policy system just...
Author: Shawn Farkas - MS Date: 10/18/2004
Grunk Posts on File Canonicalization for FileIOPermission
Brian Grunnkmeyer recently posted a good piece on how FileIOPermission deals with file and path...
Author: Shawn Farkas - MS Date: 10/15/2004
Does StrongNameSignatureVerificationEx Cache Registry Lookup Results?
I received a question recently about my post on Checking for a Valid Strong Name Signature. The...
Author: Shawn Farkas - MS Date: 10/14/2004
Replacing Calc with Calculator Plus
On my home machine, and one of my office machines I log in as a normal user, and only elevate to an...
Author: Shawn Farkas - MS Date: 10/06/2004
Mike Stall's (Relatively)New Debugger Blog
Mike Stall is one of the devs on our base services team, and his focus is on managed debugging. I...
Author: Shawn Farkas - MS Date: 10/05/2004
The Return of ManagedStrongName: Key Containers
(updated 12/3/04, pointed to the newly refactored source) It's been nearly two months since the last...
Author: Shawn Farkas - MS Date: 10/01/2004
Why Can't I Change the KeySize of Asymmetric Algoritms or: The Joys of Backwards Compatibility
Here's a little quirk that can definitely cause a lot of confusion. When I run the following code...
Author: Shawn Farkas - MS Date: 09/28/2004
How To Tell if Two PermissionSets Are The Same
Determining if two PermissionSet objects are logically the same is a relatively common thing for an...
Author: Shawn Farkas - MS Date: 09/27/2004
Finding Out The Current User in the Debugger
Every once in a while, while debugging multi-threaded applications that do impersonation, it becomes...
Author: Shawn Farkas - MS Date: 09/23/2004
How do you use MigPol?
In preparing for Whidbey, we'd like to collect some information about how you use the MigPol tool....
Author: Shawn Farkas - MS Date: 09/15/2004
FormatMessage Shortcut for Win32 Error Codes
If you ever need to P/Invoke to an API that returns extended error information via the GetLastError...
Author: Shawn Farkas - MS Date: 09/10/2004
Spot the Defect: Modifying the Security Policy in Code
Modifying the CLR's security policy can be done in your code by interacting with the SecurityManager...
Author: Shawn Farkas - MS Date: 09/09/2004
How I Learned to Stop Worrying and Love the GC
Chris Lyon, the CLR's GC tester, has just started up a new MSDN blog. Working on the GC, Chris has a...
Author: Shawn Farkas - MS Date: 09/08/2004
Deploying Policy on v1.0 and 1.1 of the CLR
A lot of the time, someone has written an application that won't run under the CLR's default...
Author: Shawn Farkas - MS Date: 09/07/2004
.NET 1.0 SP 3 and .NET 1.1 SP 1 Released
Today we pushed .NET 1.0 SP3 and .NET 1.1 SP1 onto Windows Update as a Critical Update. You can also...
Author: Shawn Farkas - MS Date: 09/02/2004
New ILAsm Support For Assembly-Level Security
Before Whidbey shipped, using assembly level declarative security was always a bit of a pain....
Author: Shawn Farkas - MS Date: 08/31/2004
Assembly Level Declarative Security
Assembly level declarative security comes in three forms, RequestMinimum, RequestOptional, and...
Author: Shawn Farkas - MS Date: 08/30/2004
All About Assert Part IV: When Assert Won't Help
In Assert Myth #7, I mention three ways for a demand for a permission to fail even though that...
Author: Shawn Farkas - MS Date: 08/26/2004
All About Assert Part III: Dispelling the Myths
So far we've seen What Assert Actually Does, and What Assert Is Good For, now its time to examine...
Author: Shawn Farkas - MS Date: 08/25/2004
All About Assert Part II: What Assert Is Good For
Now that we know what Assert does, lets figure out what it's good for. The two most common uses of...
Author: Shawn Farkas - MS Date: 08/24/2004
All About Assert Part I: What Assert Actually Does
There are several common misconceptions about the Assert stack modifier, not the least of which are:...
Author: Shawn Farkas - MS Date: 08/23/2004
Post Build Assembly Modification Or: Why Won't SN -Vr Work on Tampered Assemblies
A while back I wrote about delay signing an assembly, and using SN -Vr to register that assembly to...
Author: Shawn Farkas - MS Date: 08/20/2004
SafeHandle
Prior to Whidbey, interop with Win32 handles was done by passing IntPtrs back and forth through...
Author: Shawn Farkas - MS Date: 08/12/2004
Matt Pietrek on How Iterators Work
One of the things on my blog todo list was to write an entry showing how C# iterators work under the...
Author: Shawn Farkas - MS Date: 08/02/2004
Whidbey's New SecurityException
One of the more difficult things to debug with .NET 1.0 and 1.1 is the security exception. With...
Author: Shawn Farkas - MS Date: 07/30/2004
Using DecryptDocument with Super-Encrypted Data
The EncryptedXml class comes with a nice utility method called DecryptDocument (For more information...
Author: Shawn Farkas - MS Date: 07/21/2004
Bye Bye Mr. CIO Guy
This is a few weeks old, but I figured I'd post it anyway since it's pretty funny. Channel9 is...
Author: Shawn Farkas - MS Date: 07/20/2004
Why == and the Equals Method Return Different Results for Floating Point Values
There's a subtle difference between comparing floating point values with the Equals method and...
Author: Shawn Farkas - MS Date: 07/19/2004
Eric Explains Why Generic Parameters Have Only One Letter
A lot of people have been wondering why the CLR design guidelines (and the generic BCL classes), use...
Author: Shawn Farkas - MS Date: 07/16/2004
What Happens When My Application Throws An Unhandled Exception
There are several different behaviors that can occur when a managed application throws an unhandled...
Author: Shawn Farkas - MS Date: 07/15/2004
Generating StrongName Keys
(updated 12/03/04 to point to refactored code) Generating Keys It's been just under a month since...
Author: Shawn Farkas - MS Date: 07/09/2004
ClickOnce Bootstrapper Manifest Generator
David Guyer, from the VB.Net test team, has released his ClickOnce Bootstrapper Manifest Generator...
Author: Shawn Farkas - MS Date: 07/07/2004
Chat with the Crypto API Team ... For Real This Time
A few weeks back, I mentioned the Crypto API team was having an online chat. It got postponed from...
Author: Shawn Farkas - MS Date: 07/02/2004
New Debugger Features for Whidbey
Andy blogs about the new features in the Visual Studio 2005 debugger. Of all these, tracepoints...
Author: Shawn Farkas - MS Date: 07/01/2004
What's in a Name
With the beta 1 release of Whidbey, you'll start to see that many of the ClickOnce APIs require an...
Author: Shawn Farkas - MS Date: 06/30/2004
Whidbey Beta 1 Ships
Well, we've finally released beta 1 of .NET 2.0 and Visual Studio 2005. In adition to the beta 1...
Author: Shawn Farkas - MS Date: 06/29/2004
Managed Strong Names: Verification and the msn.exe tool
(Updated 12/03/2004 to point to refactored code .. see that article for a more accurate description...
Author: Shawn Farkas - MS Date: 06/23/2004
Managed StrongName API
About a week ago, I wrote about verifying strong name signatures from managed code. There are also...
Author: Shawn Farkas - MS Date: 06/18/2004
Chat with the Crypto API Team
The CAPI team that delivers the Microsoft Cryptography SDK (the unmanaged crypto API, not...
Author: Shawn Farkas - MS Date: 06/17/2004
Calli is not Verifiable
This entry probably doesn't pertain to very many people, but I got bit by this the other day, and...
Author: Shawn Farkas - MS Date: 06/14/2004