Compartilhar via

.NET 4.0 Security

  • Artigo

The first beta of the v4.0 .NET Framework is now available, and with it comes a lot of changes to the CLR's security system.  We've updated both the policy and enforcement portions of the runtime in a lot of ways that I'm pretty excited to finally see available.  Since there are a lot of security changes, I'll spend the next month or so taking a deeper look at each of them.  At a high level, the major areas that are seeing updates with the v4 CLR are: 

Like I did when we shipped the v2.0 CLR, I'll come back and update this post with links to the details about each of the features we added as I write more detailed blog posts about each of them.

Tomorrow, I'll start by looking at probably the most visible change of the group - the update to the CLR's security policy system.

Comments

  • Anonymous
    May 20, 2009
    PingBack from http://microsoft-sharepoint.simplynetdev.com/net-40-security/

  • Anonymous
    May 20, 2009
    Please write a book about .NET 4.0 Security ;)

  • Anonymous
    May 21, 2009
    :-)  Thanks. -Shawn

  • Anonymous
    May 21, 2009
    You can take a look at the new v4.0 .NET Framework , and the changes that will be described in Shawn

  • Anonymous
    June 15, 2009
    Glad to hear the security improvement. Security is the most important one!

  • Anonymous
    July 21, 2009
    So what is with the links above in the comments section.  They do not link to the blog.  Is it me or is the site. Loren

  • Anonymous
    July 23, 2009
    The comment has been removed

  • Anonymous
    July 24, 2009
    http://blogs.sun.com/mullan/entry/using_stronger_xml_signature_algorithms Can we expect to see XML signature algorithm parity in .NET 4.0?

  • Anonymous
    November 05, 2009
    We have not updated the XML digitial signature classes in .NET 4.  However, you can use RSA-SHA256 even in .NET 3.5 SP1 by registering a custom signature description class.  This class, and a description of how to use it can be found on http://clrsecurity.codeplex.com -Shawn

  • Anonymous
    November 05, 2009
    Yes - SHA256, 384, and 512 have all been supported by .NET since version 1.0.  Look at the SHA256Managed class (or in v3.5, SHA256CryptoServiceProvider and SHA256Cng). -Shawn

  • Anonymous
    November 05, 2009
    Loren - it's not you.  Once I finish writing about each of those topics, I'll update the links to point at them. -Shawn