.NET news » Security

An easy solution to use certificates on Windows Communication Foundation, loading the certificates from files.

Bringing the Common Language Runtime (CLR) into SQL Server presents an entirely new set of challenges with regard to privilege and some of the rules that SQL Server developers are used to do not completely translate. Simple grant/deny/revoke logic still applies, but the CLR also brings its own set of specialized permissions, which require slightly different handling in order to properly manipulate.

By not carefully considering these issues when designing your SQLCLR code base, you may be allowing your code too much access.

This article focuses on what the SQLCLR permission sets do to control security and reliability, and what you need to understand when working with them in order to design a system that takes advantage of least privilege. By not carefully considering these issues when designing your SQLCLR code base, you may allow your code too much access, thereby creating potential vectors for security problems down the road..

This month Keith Brown digs into the new eventing system in Windows Vista, Windows Eventing 6.0.

The Local Security Authority, or LSA, has been included in the Windows operating systems since Windows 2000. LSA is responsible for account validation, management of local security policy, auditing, maintaining sessions and the generation of tokens for login and impersonation. At times you may want to determine what users are logged onto a machine, be it local, remote or system service accounts. LSA maintains a range of information, including usernames, domain information, login times, the authentication package used, SIDs and terminal services session information. Unfortunately, .NET doesn't provide a simple way to interact with LSA, so you have to Interop with the LSA functions directly to enumerate user sessions and extract data.

The article describes what is standardized in the PKCS (Public Key Cryptographic Standards) standards and their implementation in .NET 1.1 Framework.

When something goes wrong, a manageable application will tell the administrator how to fix the problem. The Windows Event Log can provide the necessary information.

Windows CardSpace replaces traditional username and password authentication with a tool that helps users better manage their digital identities and helps shield users from various forms of identity attack such as phishing. Michиle Leroux Bustamante explains how to integrate Windows CardSpace with your ASP.NET applications and Windows Communication Foundation services.

Understanding how the SQL Server and CLR security models work together to keep your database secure

This article attacks a problem for which I have heard many solutions: How can I offer file downloads on the Internet and protect them from unauthorized downloading? There are many answers to this problem, but some are not without their own problems. In this article, I’ll review some of the techniques commonly used by software vendors, and then show you my solution for this.

Vista's User Account Control (UAC) improves security, but making it work smoothly requires a little more developer work. Find out what you need to know to code Vista UAC-aware applications.