Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security » CAS   (RSS)
Monday, May 12, 2008 10:49 AM

FullTrust on the LocalIntranet

We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone. The quick summary is that as of .NET 3.5 SP1, applications run from a network share will
Posted by shawnfa | 0 Comments
Filed under: , , ,
Tuesday, March 04, 2008 10:27 AM

CAS and Native Code

CAS is complicated enough to understand when all of the moving parts are written in managed code (and therefore have all the associated managed meta-information like grant sets, etc). However, once native code comes into play things can get even more
Posted by shawnfa | 0 Comments
Filed under: , ,
Thursday, January 24, 2008 10:00 AM

Manifested Controls Redux

Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which enabled you to specify declaratively the set of permissions that IE hosted managed controls should run with. Since the betas there have been a couple of tweaks
Posted by shawnfa | 0 Comments
Filed under: , , ,

Attachment(s): ManifestControl.zip
Tuesday, October 30, 2007 11:35 AM

Transparency as Least Privilege

In my last post I mentioned that there is a better alternative to RequestRefuse for achieving least privilege . The tool I like to use for least privilege is actually the security transparency model available in v2.0+ of the CLR (and which became the
Posted by shawnfa | 0 Comments
Filed under: ,
Tuesday, October 02, 2007 9:24 AM

Avoiding Assembly Level Declarative Security

I've written in the past about the three assembly level declarative security actions : RequestMinimum, RequestOptional, and RequestRefuse. Although the CLR has supported these since v1.0, I tend to stay away from using them as much as I possibly can,
Posted by shawnfa | 0 Comments
Filed under: , , ,
Wednesday, April 18, 2007 9:16 AM

Loading an Assembly as a Byte Array

One of the various ways that you can load an assembly is by supplying the raw bytes of an assembly as a byte array. The security identity of an assembly loaded this way turns out to be different than if you were to load the same assembly by name or by
Posted by shawnfa | 1 Comments
Filed under: , ,
Thursday, March 15, 2007 9:51 AM

Using the MMC Snap-In to Configure 64 Bit CAS Policy

The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid using caspol to modify your local security policy. Since each runtime installed on your machine has independent security policy , the MMC Snap-In will only
Posted by shawnfa | 1 Comments
Filed under: , , ,
Monday, March 12, 2007 7:00 AM

Tying your IE Hosted Control to a Manifest

Last week, I talked about the Orcas feature which allows you to provide a manifest to elevate your control's permissions declaratively . We also saw how to generate manifests that would state what permissions your control needs (and the rules associated
Posted by shawnfa | 1 Comments
Filed under: , ,
Friday, March 09, 2007 9:50 AM

Manifests for IE Hosted Controls

Earlier this week,I talked about the Orcas feature where controls can declaratively request permissions in a similar way to ClickOnce applications. In fact, the manifests used for this request are the same manifests used for ClickOnce applications, with
Posted by shawnfa | 3 Comments
Filed under: , ,

Attachment(s): TemplateControl.dll.manifest
Wednesday, March 07, 2007 11:25 AM

Specifying Permissions for IE Controls in Orcas

One of my most read blog posts (and one of the reasons I created this blog in the first place -- to answer what was one of the most asked questions on the old .NET Security newsgroup), is my post about granting managed controls hosted in IE extra permissions
Posted by shawnfa | 1 Comments
Filed under: , , , ,
Friday, February 23, 2007 9:15 AM

Enumerating Evidence

The Evidence class supports being enumerated in three different ways: GetAssemblyEnumerator GetHostEnumerator GetEnumerator The first two are pretty self explanatory, enumerating over the evidence that the assembly supplied itself , or over the evidence
Posted by shawnfa | 1 Comments
Filed under: , ,
Tuesday, February 20, 2007 11:14 AM

Assembly Provided Evidence

We all know that the CLR provides many types of evidence to assemblies and AppDomains by default, but one feature of the runtime that's much less known is that assemblies can actually provide evidence of their own. This seems to be one of the best kept
Posted by shawnfa | 6 Comments
Filed under: , ,
Wednesday, December 20, 2006 3:10 PM

Evidence Must Be Serializable

The Evidence object acts as a collection for any sort of object that you want to add as evidence for an assembly or AppDomain. (It can get confusing because there is both an Evidence class and objects used as evidence. I'll capitalize the first one to
Posted by shawnfa | 4 Comments
Filed under: , ,
Tuesday, November 14, 2006 11:33 AM

new NamedPermissionSet

Every once in a while I find some code doing something similar to this: new NamedPermissionSet ( "LocalIntranet" ).Assert(); // ... call some API that requires Intranet permissions here CodeAccessPermission .RevertAssert(); At best this code is confusing
Posted by shawnfa | 0 Comments
Filed under: , ,
Thursday, October 05, 2006 9:30 AM

Using Lightweight CodeGen from Partial Trust

Last time I talked about the new Orcas feature allowing you to use reflection from partial trust . Specifically we talked about standard reflection and Reflection.Emit, putting off Lightweight CodeGen until today. Before we start, if you're new to LCG,
Posted by shawnfa | 0 Comments
Filed under: , ,
More Posts Next page »
 
Page view tracker