The GotDotNet blogs are being frozen, so I’ll be moving my blog over to the ASP.Net site.  You can find the new location at


XML Encryption in .Net

One of the new features being introduced with the Whidbey version of the .Net framework is XML encryption.  XML Encryption allows you to encrypt arbitrary data, and have the result be an XML element.  Much as XML digital signatures are driven through the SignedXml class, this feature is driven through the new EncryptedXml class.  In…


ClickOnce and Security

From reading some of my other posts, you can see that most of the information available on ClickOnce is about the deployment features — generally skimming right over the security features.  I’d like to point out one of the security features of ClickOnce — permission elevation. Permission elevation allows a ClickOnce application to specify that…


XML Digital Signatures in .Net

The .Net framework has built in support for signing XML files with an XML digital signature.  Here’s a sample of how to create and verify an enveloped digital signature using these classes. There are three types of XML digital signatures: Enveloped – The signature is contained within the document it is signing Enveloping – The…


Custom Security Object Samples

Currently, there are no samples on MSDN for creating custom security objects.  However, the SSCLI ships with implementations for all of the built in security objects that shipped with the .Net framework 1.0.  This source can be used as a sample to help along with custom security object creation.  The Universita Di Pisa has posted…


Another ClickOnce Article

Here’s another ClickOnce article to come out of the PDC: ClickOnce to Debut in Whidbey.  This one is also pretty high level, and doesn’t touch much of the security aspects.


New ClickOnce Article on MSDN

MSDN is hosting a sample chapter from Douncan Mackenzie’s upcoming book Essential ClickOnce.  Although the chapter doesn’t go into the security aspects, such as Permission Elevation or TrustMangers, its still an interesting read.


How to provide extra trust for an Internet Explorer hosted assembly

A common scenario for developers is that they create an assembly that is to be hosted by Internet Explorer, but requires more trust than would be given to it by default by the Internet or LocalIntranet zone code groups.  Often the first attempt at fixing this involves signing the assembly with a strong name or…


My application works from my local machine, but throws a SecurityException when I move it to a network share

Programs that run on the CLR use something called code access security (CAS). CAS is different from traditional security systems in that it assigns trust to code rather than users. To do this, the security system gathers a set of evidence about every assembly it loads.  This evidence is then compared against the security policy,…