Using Role Based Access Control in the .NET Framework – Part 2

Vineet Batta here again.. In my last blog I discussed how to use role based access control (RBAC) and described how we can restrict access to the method based on the declarative method. In today’s blog I will explain how to use  Imperative role based demands. The end effect is the same, but using an…

1

Using Role Based Access Control in the .NET Framework – Part 1

Hi Vineet Batta here.. Consider a scenario where you want to write an assembly which contains methods that only certain type of users can call (domain\Administrators or a specific custom users account). So how can we control this within code and let the runtime enforce these security checks? Example scenario: 1: public Class MyApplication 2:…

1

ISO/IEC JTC 1/SC 27 – Working Group – Trip Report

Hi Andreas Fuchsberger here again…. Introduction The most recent ISO/IEC JTC1/SC 27 (Subcommittee) Working Group (WG) meetings took place from 6th – 10th October 2008 in Limassol, Cyprus. As is set out by SC27’s charter all 5 Working Group meetings took place in parallel, allowing National Body (NB) experts to participate in more than WG…

0

ISO SC27 Introduction and History

Hi Andreas Fuchsberger here….. In order to better understand a report I am about to post next on a recent ISO security meeting I thought I would include some additional information about the language used in SC 27 and how SC 27 standards are created. SC 27 is a sub-committee of the Joint Technical Committee…

1

A Sneak Peak at the Security Runtime Engine

RV here again… Traditionally security fixes are applied to specific pieces of code where a vulnerability exists which usually involves some development and testing effort. Imagine a system where an application is instantly secured by simple configuration. I am specifically talking about ASP.NET applications where Cross site scripting and SQL injection are some of the…

4

Introducing SecurityNow

Mark Curphey here….. A few months back I challenged some of my team to build a "Proof of Concept" (POC) that would; demonstrate how we could apply some of the ideas and concept we had been talking about such as BPM and BI show how Microsoft’s technology stack can be applied to the security management…

0

Secure Strings in .NET – Part I

Hi Gaurav Sharma here……. I am a developer on the CISG India team based in Hyderabad and I joined Microsoft four months ago. I love playing computer games and recently finished Call of duty 4. For the last three years I’ve been working with .NET and have worked on different kinds of applications that include…

7

ASP.NET Data Binding and AntiXss Encoding

Hi RV here again… Last time I looked at ASP.NET controls and few common scenarios where you need to use encoding. Couple of weeks back we looked at a sample data binding scenario. This time lets exclusively look at various ASP.NET data binding techniques and how to use AntiXss to encode the output. Scenario #1:…

2