.NET Blog

Free. Cross-platform. Open source. A developer platform for building all your apps.

.NET Framework December 2018 Security and Quality Rollup

Today, we are releasing the December 2018 Security and Quality Rollup. Security CVE-2018-8540 – Windows Remote Code Execution Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn't validate input correctly. The attacker who ...

.NET Framework November 2018 Security and Quality Rollup

Today, we are releasing the November 2018 Security and Quality Rollup.SecurityNo new security fixes. See .NET Framework September 2018 Security and Quality Rollup for the latest security updates.Quality and ReliabilityThis release contains the following quality and reliability improvements.CLRWFWinformsWPFNote: Additional information on these ...

Secure ASP.NET ViewState

(image) During an appearance on the .NET Rocks podcast last week, a question was raised about securely sending information through ASP.NET ViewState.  I responded to the question by indicating that the typical security concern for web content is not to trust any content submitted from the web, including ViewState.  After that podcast was ...

Introducing IdentityServer4 for authentication and access control in ASP.NET Core

This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer. Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation ...

Get Started with ASP.NET Core Authorization – Part 2 of 2

After learning about the new Authorization Policy model in ASP.NET Core, our intrepid reporter Seth Juarez wanted to learn about more complicated ASP.NET Authorization policies.  In the following video, he speaks with ASP.NET Security Analyst Barry Dorrans.  Last time, Barry showed us how to get started with the new ASP.NET Policy model.  ...

Get Started with ASP.NET Core Authorization – Part 1 of 2

After learning about Authentication in ASP.NET Core, our intrepid reporter Seth Juarez wanted to dig deeper into the ASP.NET Authorization story.  In the following video, he speaks with ASP.NET Security Analyst Barry Dorrans.  Notes and links from their discussion follow. Authorization verifies that a user is permitted to access...

First Look: Authentication in ASP.NET Core

With the coming changes in ASP.NET Core, our friend and intrepid reporter Seth Juarez sat down with ASP.NET Program Manager Pranav Rastogi to discuss the updates and improvements in the new ASP.NET Core authentication system: Here are some of the highlights of their discussion and some sample code to get you started: Pranav gave a quick ...

Farewell, EnableViewStateMac!

The ASP.NET team is making an important announcement regarding the September 2014 security updates. All versions of the ASP.NET runtime 1.1 - 4.5.2 now forbid setting <%@ Page EnableViewStateMac="false" %> and <pages enableViewStateMac="false" />. If you have set EnableViewStateMac="false" anywhere in your application, your ...