What’s New in Security for v2.0


There’s a ton of new and enhanced security features coming with the v2.0 release of the CLR.  However, finding a definitive list of them all can be a somewhat challenging task.  Dominick Baier has an excellent slide deck detailing some of the changes and some demo code as well.  You can find both linked from his blog entry hereKeith Brown also highlighted Security Enhancements in the .NET Framework 2.0 in his Security Briefs column for January’s MSDN magazine.


Although there’s no official list of new security features anywhere, here’s some of the highlights of what we’ve added.  I’ve covered most of these in this blog before, but some of the big ones (like transparency) have yet to show up.  You can look for those over the next few weeks.  In no particular order:



Performance work was also one of the security team’s main focuses during the v2.0 release.  And of course there were numerous bug fixes, and other odds and ends.  From the number of entries with no links above, it looks like I’ve got quite a few more blog posts to get writing 🙂  When I write something on each topic, I’ll try to come back and update this post with the link … there’s a lot of great stuff up there — I can’t wait to finally ship this product so that everyone can start using it!


 

Comments (10)

  1. Permission Evaporation?

  2. shawnfa says:

    AKA HostProtection — basically allows hosts to disallow certain classes of actions. It’s an upcoming blog entry 🙂

    -Shawn

  3. Alex says:

    You can also download the "Security Enhancements in the .NET 2.0 Framework" Slides presented at the .NET Community Conference at Vienna this month:

    http://blogs.dotnetgerman.com/alexonasp.net/PermaLink,guid,1e0b559e-391e-4430-b9fc-bc3ec1ea3681.aspx

  4. I just posted a Secure Remote Password (SRP) c# implementation at:

    http://channel9.msdn.com/ShowPost.aspx?PostID=107763

    Implemented using fx 2.0 Beta1.

  5. Nicolas Frelat says:

    And what about the old new features ?

    I’m working with Beta 2 and I’m using PrincipalPermissionAttribute. As I wished to use more than 1 attribute on a single method, I tried the new SecurityAction.DemandeChoice flag. To my surprise, the compiler said this flag is obsolete ! There is nothing about that on MSDN2.

    As this new feature been removed ?

    Is there other removed features ?

    Thx

  6. shawnfa says:

    Yep — we removed disjunctive LinkDemands from Whidbey. See my comment here: http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=83571

    -Shawn

  7. Ya… That’s Good . I work in .net Framework 2.0 It is More Robust.

  8. Here’s a list of the resources I showed at the end of my Security Summit sessions around the country….

  9. Dennes says:

    Muitas novidades no CAS, vejam nos seguintes links :

    http://blogs.msdn.com/shawnfa/archive/2005/08/24/455581.aspx