.NET Blog

Free. Cross-platform. Open source. A developer platform for building all your apps.

Security - .NET Blog

ASP.NET 4.5.2 and EnableViewStateMac

May 7, 2014 May 7, 2014 05/7/14
levibroderick
Please note: This post is now outdated. See http://blogs.msdn.com/b/webdev/archive/2014/09/09/farewell-enableviewstatemac.aspx for the most up-to-date information. A few months ago, we posted that we were making changes to the way EnableViewStateMac behaves in ASP.NET. I’ll forego the typical blog post ceremony and cut right to the ...

ASP.NET December 2013 Security Updates

December 10, 2013 Dec 10, 2013 12/10/13
levibroderick
Today is Patch Tuesday, and the ASP.NET team would like to announce that we have two items included in this month’s release. The first is a bulletin affecting certain versions of SignalR; the second is an advisory affecting ASP.NET Web Forms (.aspx) applications. Each item is briefly outlined below. For more information, consult Security...

Cryptographic Improvements in ASP.NET 4.5, pt. 3

October 24, 2012 Oct 24, 2012 10/24/12
levibroderick
Thanks for joining us for the final day of our series on cryptography in ASP.NET 4.5! Up to now, the series has discussed how ASP.NET uses cryptography in general, including how the pipelines are implemented in both ASP.NET 4 and ASP.NET 4.5. We introduced APIs to give developers fuller control over the cryptographic pipeline and to drive ...

Cryptographic Improvements in ASP.NET 4.5, pt. 2

October 23, 2012 Oct 23, 2012 10/23/12
levibroderick
Thanks for joining us for day two of our series on cryptography in ASP.NET 4.5! In yesterday's post, I discussed how ASP.NET uses cryptography in general, where key material is pulled from and how it is stored, and various problems that the APIs have introduced over the years. In today's post, I'll discuss how we're mitigating those issues ...

Cryptographic Improvements in ASP.NET 4.5, pt. 1

October 22, 2012 Oct 22, 2012 10/22/12
levibroderick
I am Levi Broderick, a developer on the ASP.NET team at Microsoft. In this series, I want to introduce some of the improvements we have made to the cryptographic core in ASP.NET 4.5. Most of these improvements were introduced during beta and spent several months baking. When you create a new project using the 4.5 templates baked into Visual ...