.NET news » Search results

This month Ted Pattison presents an overview of programming security and permissions for Windows SharePoint Services 3.0.

Visual Studio's code analysis feature offers hidden extensibility opportunities for writing custom security code review rules.

Juval Lowy designs easily configured security settings for applications built on Windows Communication Foundation.

In this second part of a two-part series, you will learn about application security issues related to authentication and authorization, as well as five vulnerabilities commonly found in ASP.NET web-based applications.

If you're not taking advantage of Active Directory, you should be. Learn the benefits from Keith Brown.

In part one of this two part article, you will learn about five of the top ten "worst offenders" of misconfigurations of application security that can cause overall problems for ASP.NET Web-based applications. Learn more about how to secure the Web.config files of an ASP.NET application.

Elliptic Curve cryptography is the current standard for public key cryptography, and is being promoted by the National Security Agency as the best way to secure private communication between parties. Microsoft has both good news and bad news when it comes to using Elliptic Curve encryption algorithms. The good news is that it is natively supported in the Vista operating system through CNG (Cryptography API Next Generation). The bad news is that a managed library for using EC will not be available until the release of Visual Studio Orcas, which is currently slated for the end of 2007 or the beginning of 2008.

The code in the attached project attempts to fill this gap by providing a wrapper class that will give you access to the underlying Vista Crypto API, as well as offer simple methods for leveraging the Elliptic Curve algorithms. It is intended for educational purposes only, however, and requires much more testing and refactoring before it can be used in any serious way. In other words, please play with it, copy it, and manipulate it in any way you like, but don't use it in its current form to lift any heavy machinery.

An easy solution to use certificates on Windows Communication Foundation, loading the certificates from files.

Bringing the Common Language Runtime (CLR) into SQL Server presents an entirely new set of challenges with regard to privilege and some of the rules that SQL Server developers are used to do not completely translate. Simple grant/deny/revoke logic still applies, but the CLR also brings its own set of specialized permissions, which require slightly different handling in order to properly manipulate.

By not carefully considering these issues when designing your SQLCLR code base, you may be allowing your code too much access.

This article focuses on what the SQLCLR permission sets do to control security and reliability, and what you need to understand when working with them in order to design a system that takes advantage of least privilege. By not carefully considering these issues when designing your SQLCLR code base, you may allow your code too much access, thereby creating potential vectors for security problems down the road..

This article explains to Custom Activity Workflow for implementing Item Level Security in SharePoint Designer 2007