 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / CLR / April 2005How to find out where Assembly.Load(String) would load an assembly from without actually doing it
I asked this question in microsoft.public.dotnet.security a week ago but I did not get any response so I'm trying here. We have a large desktop application that supports a home-grown rights management capability. It is written in C++/MEC++ under .NET 1.1 The application is very extensible. During a right's managed session the extension loader will perform custom checks on a native extension .dll to make sure that it is trusted before calling LoadLibrary() to load it. Now we've made the application extensible with .NET assemblies too. In that case the extension loader calls System.Reflection.Assembly.Load() to load an extension. For CLR:PURE assemblies I think this is OK. I believe that I can count on no code having been run yet just because I've loaded a CLR:PURE assembly. Then I can find out where the assembly file is by accessing its Location property and perform our custom validation on the .dll file to ensure that the assembly is trusted for execution within a rights managed session. If not then we won't proceed to do further reflection on the extension assembly to find and call it's custom entry point. The snag is that if the assembly is a mixed assembly that it could have code executed already before System.Reflection.Assembly.Load() returns to me. Specifically I think that the .dlls entry point will be called; causing static initializers for global data to be run, et cetera. That's bad, because I haven't verified that the extension is trusted yet. What can I do about it? I tried calling System.Reflection.AssemblyName.GetAssemblyName() and passing it the same unqualified, simple assembly name that I pass in the call to System.Reflection.Assembly.Load(), but it gave a FileNotFoundException so it appears that GetAssemblyName() requires a fully qualified path (though this isn't stated in the doc). We load our extensions with the default load context, so we don't know ahead of time the location that System.Reflection.Assembly.Load() will find and load the assembly from. Is there a way to ask that question, "Where would you load this assembly from if I asked you too?". Any other suggestions? -Bern McCarty Very common questions. Being asked a lot. Unfortunately I don't have an answer for you, other than saying "guess it". In .Net 2.0, you could use Reflection Only Assembly Loading http://blogs.msdn.com/junfeng/archive/2004/08/24/219691.aspx I'll answer your question in a new blog entry. Stay tuned.  SignatureJunfeng Zhang http://blogs.msdn.com/junfeng This posting is provided "AS IS" with no warranties, and confers no rights. >I asked this question in microsoft.public.dotnet.security a week ago but I >did not get any response so I'm trying here. [quoted text clipped - 42 lines] > > -Bern McCarty I anxiously await that blog entry. Thanks, Bern > Very common questions. Being asked a lot. Unfortunately I don't have an > answer for you, other than saying "guess it". [quoted text clipped - 55 lines] >> >> -Bern McCarty Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.