Security transparency in CLR 2.0 (.NET 2.0, .NET3.0, .NET 3.5) and in CLR 4.0 (.NET 4.0)


David DeWinter has an excellent series of post on different topics security in both CLR 2.0 and CLR 4.0

Transparency Can Reduce Your Security Footprint – #1

Using Transparency in CLR 2.0 – #2

Transparent Code Behavior in CLR 2.0 – #3

What’s New With Security in .NET 4? – #4

Opting Out of Security Changes in .NET 4 – #5

The AllowPartiallyTrustedCallersAttribute (APTCA) – #6

How to Host a Partial Trust Sandbox – #7

Conditional APTCA in .NET 4 – #8

Hosting Conditional APTCA Assemblies – #9

An Introduction to Security Transparency in .NET 4 – #10

Type Transparency in .NET 4 – #11

Partial Trust, APTCA, and Security Transparency – #12

Transparency and Implicit Static Constructors – #13

Determining the Security Rules for Your Assemblies – #14

The SecurityRulesAttribute – #15

Mixing Level 1 and Level 2 Transparency Rules – #16

How to Build APIs with Transparency in Mind – #17

Asserting for Permissions in .NET 4 – #18

kick it on


Summary 23.04.2009



Phil has a great post showing how we can have scripted views stored in database. Phil’s example avoids the classic approach using VirtualPathProvider and it can be run in medium trust.

As usual, Scott Hanselman has a great article on how to integrate ELMAH with ASP.NET MVC.

Lately, there is a debate on some performance issues with HtmlHelper.RenderPartial method. Simone wrote about it and Kazi Mansur Rashid continues Simone’s analysis.

Jimmy Bogard has a great post about tips on development with MVC. I highly recommend you to read it!

Design Patterns

Ayende started a few days ago an interesting talk about the repository pattern and its use. Between Greg and Ayende started a debate on each one’s blog. Greg says that the repository pattern offers a clean separation like a boundary and it easily facilitates the replacement of the persistence framework. He supports Ayende’s idea that Query objects should be used instead of named query methods as they are not SOLID as the repository’s interface is modified each and every time a method is added or changed. On the other hand, OO principles should be followed IN GENERAL but as the repository can be seen as a boundary, he acknowledges the fact that by having a repository with query named methods, the replacement of the persistence mechanism would be much easier as everything is described in the repository’s interface. With query objects we would have additional concerns with building dynamic criteria. Greg recommends command and query separation and the use of a separate layer for querying purposes only leaving the repositories concerned only with commands.

Ayende tries to clear things out and I think he did a great job. I think that both of them where speaking about things in different contexts each one being right in his own context.

The bottom line in my opinion is that one should not use the repository pattern unless a layer/tier boundary is needed. This is the case when for example one might think of changing the persistence mechanism. Otherwise, the persistence frameworks out there have become smart enough to be used directly.


Anne Epstein talks about multi tenant applications where multiple databases are used saying that Ayende’s opinion from a few months back was correct.


Howard Dierking gives a sneak peak at his editor draft notes on the June articles about Aggregates of MSDN Magazine.

Yves Goeleven talks about CQS (Command Query Separation).

Entity Framework

Wriju wrote a nice post on how to attach a detached entity.

Muhammad wants to propose a new approach for eager loading in EF using a class similar to DataLoadOptions from LINQ to SQL.

.NET 4.0

In complement to my previous post on resources for learning the new features available in .NET 4.0, Daniel Moth just pointed out that Eric Eilebrecht has started a series of posts on ThreadPool improvements in CLR 4.0.


A few days ago, I have linked to the MSDeploy team’s announcement about the RC release of MSBuild. Today, the team has posted a new article about the changes in the release.


Vittorio Bertocci posted to excellent articles on how to write an ASP.NET Membership website using the Geneva framework. You can find the first part here and the second one here.

kick it on