Connecticut .NET Users Group talk - slides and code

Last night I enjoyed speaking to the Connecticut .NET Users Group in Farmington, CT (Microsoft offices). I spoke on of my favorite security topics: .NET Code Access Security. I have made the presentation and demo code available for download:


It was great catching up with SB Chatterjee and Carl Franklin (co-leaders of the group) and Dan K. The group restarted last month, and it looks like they are doing well with a lot of interested developers.

One of the fun things I did as a review for last night's talk was to take a tour through Rotor code last weekend, in particular, the System.Security namespaces. I was tracing through code in the C# source all the way back to the C++ COMCodeAccessSecurityEngine code to see how the stack walk is implemented as well as how all the code access security modifiers are implemented. Interestingly, much of the code you see in Rotor for System.Security is exactly the same as what you see in the 1.1 and the latest 2.0 .NET Frameworks (as indicated by Reflector -- yes, Reflector self-updates to allow you to look at the latest 2.0 code as well). I have always said that Rotor is a great learning tool -- learn it, use it, live it. -)

Next for me is finishing the last of my slides and demo code for the Heartland Developers Conference next week in Des Moines, Iowa. That topic is on SQL Server 2005 Service Broker, another favorite of mine lately.


  • Hello Robert

    Nice slides on CAS. I would just like to point out that not mentioning that 'Full Trust makes CAS redundant', might give your audience a false sense of security (after all, only in partially trusted environments can CAS really be inforced).


  • Good point, Dinis. We did talk about the conditions for when CAS applies and doesn't apply as well as how Full Trust, in some ways, can be viewed as similar to running as Administrator on your own machine.

Comments have been disabled for this content.

Copyright 2015 Robert Hurlbut Consulting Services. All rights reserved. Questions? Email us.