 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / November 2005Securing assembly question
Hi, My main application is calling a couple of dll assembly that we made. I want to secure those dll assembly so they can't be used by a third party. I did a couple of test with [assembly: AssemblyKeyFile(@"..\..\myKey.snk")] on both side, caller and dll assembly, but does not succeed to secure the assembly. (myKey.snk is gnerated with 'sn -k myKey.snk') and I've read this article http://www.morganskinner.com/Articles/StrongNameIdentityPermission/ and in this case we paste the key in the code of the dll assembly like this: [StrongNameIdentityPermission ( SecurityAction.Demand , PublicKey="00240000048000009400000006020000" + "..." + "1c6056092c2ac48a8b27c53631f7d5b6")] But what happen when this key has to change in 50 dlls, can it be taken from a file? So I would liks to know what is the best way to secure the dll assembly? Thanks Marty > Hi, > > My main application is calling a couple of dll assembly that we made. I > want to secure those dll assembly so they can't be used by a third party. StrongNameIdentityPermission verifications are quite trivial to bypass by code with certain "high privilege" CAS permissions. In addition, all code running with unrestricted CAS permissions (aka "full trust") automatically passes demands for any identity permission in v. 2.0. Given this, you might want to consider using some alternate mechanism (e.g.: licensing) for limiting the callers into your assemblies. > I did a couple of test with > [assembly: AssemblyKeyFile(@"..\..\myKey.snk")] on both side, caller and > dll assembly, but does not succeed to secure the assembly. (myKey.snk is > gnerated with 'sn -k myKey.snk') Exactly what were you hoping that simply signing the assembly would accomplish with respect to "securing the assembly"? > and I've read this article > http://www.morganskinner.com/Articles/StrongNameIdentityPermission/ [quoted text clipped - 7 lines] > But what happen when this key has to change in 50 dlls, can it be taken > from a file? Yes. The value can be supplied via a constant, and that constant can be defined in a file linked into your project. > So I would liks to know what is the best way to secure the dll assembly? > > Thanks > Marty Hi Nicole, Thank you for your reply, this is pretty interesting. Your suggestions about the "Licensing" is interesting and I've found an article about it: http://windowsforms.net/articles/Licensing.aspx Do you have other great articles about it? I can see that licensing must be aplied to each class and forms. is there a way to apply licensing to a whole project, such as a dll project? Regards, Marty >>Hi, >> [quoted text clipped - 35 lines] >>Thanks >>Marty > Hi Nicole, > [quoted text clipped - 4 lines] > > Do you have other great articles about it? The one you mentioned is probably the most complete introduction I've seen. Unfortunately, the MSDN documentation isn't likely to be much help until you've understood the underlying mechanism and can put the specifics into context. > I can see that licensing must be aplied to each class and forms. is there > a way to apply licensing to a whole project, such as a dll project? AFAIK, not directly. However, you could use a post-compiler like XC# (http://www.resolvecorp.com) to map a custom assembly-level attribute into member-level code. > Regards, > Marty [quoted text clipped - 38 lines] >>>Thanks >>>Marty Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.