.NET Evidence Based Security

To really get a better idea of .NET security we first have to talk a little about the CLR. The CLR plays a major role in security when deploying an application. These are the steps of a deployment: Retrieve the assembly's evidence (assembly's strong name, digital signature, sign code signature, and Internet zone where executed. Referencing the security policy - Determines the actions the code is allowed to perform....

July 18, 2015 · 2 min · 305 words · Fahad

How to encrypt the web.config file in ASP.NET?

It is very easy to encrypt the web.config file thanks to the .NET built-in tool aspnet_regiis.exe. We can run this tool in the command line, pass a few parameters and it will encrypt your web.config file. We will be leveraging the .NET tool aspnet_regiis.exe which can be found in the directory C:\Windows\Microsoft.NET\Framework64\v4.0.30319, the Framework64 and v4.0.30.319 may differ depending on what machine and version of .NET you are running....

June 10, 2015 · 2 min · 418 words · Fahad

Is encrypting the web.config file really necessary?

If you are new to web.config encryption then you may be asking yourselves these questions. Why encrypt the web.config file? If someone gets access to your server there is not point if the web.config file being encrypted. That is not entirely true. Depending on what type of access they have to the server makes a huge difference. Worst case scenario the hacker gets Admin access to your server. In that case if the web....

June 8, 2015 · 1 min · 192 words · Fahad