Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Windows » Security   (RSS)
Friday, March 14, 2008 7:00 AM

Disabling the FIPS Algorithm Check

.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was configured to require them. This resulted in algorithms which are not FIPS compliant (or implementations which were not FIPS certified) throwing an InvalidOperationException
Posted by shawnfa | 0 Comments
Thursday, February 07, 2008 9:00 AM

Which Groups Does WindowsIdentity.Groups Return?

WindowsIdentity exposes a Groups property which returns a collection of IdentityReferences for the groups that a particular user is a member of. However, if you look closely, you'll find that these returned groups won't necessarily include all of the
Posted by shawnfa | 0 Comments
Filed under: ,
Thursday, March 15, 2007 9:51 AM

Using the MMC Snap-In to Configure 64 Bit CAS Policy

The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid using caspol to modify your local security policy. Since each runtime installed on your machine has independent security policy , the MMC Snap-In will only
Posted by shawnfa | 1 Comments
Filed under: , , ,
Tuesday, October 10, 2006 8:29 AM

Kenny Kerr Explores UAC

Kenny Kerr , one of our Security MVPs, has updated his Windows Vista for Developers series with Part4 - User Account Control. Kenny takes an in-depth look at what UAC means for developers and covers areas that a lot of other sources don't touch on, such
Posted by shawnfa | 0 Comments
Filed under: ,
Thursday, April 06, 2006 7:00 AM

Adding a UAC Manifest to Managed Code

The UAC feature of Vista is one of my favorite new features -- it really makes running as a non-admin much less painful than it has been in the past. One of the requirements that UAC puts on developers is that we must mark our applications with manifests
Posted by shawnfa | 12 Comments
Filed under: , ,
Friday, March 03, 2006 7:00 AM

Impersonation and Exception Filters in v2.0

A while back, I wrote about a potential security hole when malicious code can set up an exception filter before calling your code which does impersonation . In the final release of v2.0, we've added a feature to help mitigate this problem. The CLR records
Posted by shawnfa | 7 Comments
Filed under: ,
Friday, January 27, 2006 8:23 AM

UAC Policy Settings

The new UAC blog (formerly LUA, formerly UAP) has up a good post on the six security policy settings that have been introduced to control how UAC works. As the Vista betas start coming out and people can start to play with UAC, knowing that some of these
Posted by shawnfa | 0 Comments
Filed under: ,
Monday, January 09, 2006 11:30 AM

PrincipalPermission and Finalizers

Nicole Calinoiu , one of our developer security MVPs, has just posted a good description of the problems that occur when using PrincipalPermission with impersonation and finalizers . The key thing to take away from this is that impersonation occurs on
Posted by shawnfa | 3 Comments
Filed under: ,
Monday, January 09, 2006 9:35 AM

Mike Rousos on Registry Security

Over the weekend, Mike Rousos (a BCL tester who's been temporarily drafted onto the security team) posted an interesting piece about the new BCL registry security support on the BCL blog . While the title mentions RegistryPermission, the post is actually
Posted by shawnfa | 2 Comments
Filed under: ,
Thursday, November 03, 2005 1:48 PM

Adding SignatureProperties to SignedXml

One of the optional portions of the W3C XML digital signature specification allows for a set of SignatureProperties to be assigned to a signature. SignatureProperties allow the signer to place some metadata into the signature itself, such as the time
Posted by shawnfa | 3 Comments
Thursday, March 24, 2005 3:07 PM

Safe Impersonation With Whidbey

Over the last couple of days we've talked about how to impersonate another user , and some security issues to keep in mind while impersonating . Now I'd like to take a look at some new features available in Whidbey which can make the whole process much
Posted by shawnfa | 5 Comments
Filed under: ,
Tuesday, March 22, 2005 7:58 PM

Safely Impersonating Another User

Yesterday I posted a bit of code that shows how to impersonate another user in managed code. However, that code had a subtle security hole waiting to bite you if you used it directly. Both Dean and Eric found the problem. In fact Eric reminded me of a
Posted by shawnfa | 17 Comments
Monday, March 21, 2005 4:06 PM

How to Impersonate

Guillermo recently started blogging about some Whidbey enhancements around impersonation. However, figuring out how to impersonate in the first place can be a little less than obvious. WindowsIdentity contains an Impersonate method, but it doesn't accept
Posted by shawnfa | 16 Comments
Filed under: ,
Monday, January 31, 2005 2:34 PM

Running IE with SAFER

Michael Howard recently did a two part series on MSDN about browsing the web and reading email safely as an Administrator ( part 1 | part 2 ). Today he's got a Quick Start posted on his blog to get IE setup to run with SAFER. Personally, I prefer the
Posted by shawnfa | 6 Comments
Filed under: ,
Wednesday, January 26, 2005 3:11 PM

Finding the Raw Strong Name Signature

Wow ... there's been lots of interest in signatures lately :-) In response to my last post about reserving a larger section of the PE file for the signature when you create a signature with a larger key, William wants to know if you can extract the actual
Posted by shawnfa | 5 Comments
More Posts Next page »
 
Page view tracker