Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / March 2008

Tip: Looking for answers? Try searching our database.

Assembly security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Yener - 22 Feb 2008 17:28 GMT
Hi,

I have written a class library and i don't want unauthorized access to
some (or all) methods in this library. With some research , i found that
i can use strongly named assemblies for this purpose

Here is what i did:
1- I created a consumer assembly signed with myKeyFile.snk
2- I get public key of this assembly with secutil.exe
3- I added StrongNameIdentityPermissionAttribute to the methods of class
library with LinkDemand option and the public key of consumer assembly
4- I signed my class library with a key file also,otherwise i cannot
reference it to consumer assembly.

Now i get it work, but i got a question. With this method all the
consumers of class library should be signed with same key file.
What if consumer assembly has some other references that have
StrongNameIdentityPermissionAttribute with different public keys ?
as far as i know ,we cannot sign an assembly with more than one key file.

and is there any other method to get same functionality?

thanks so much
Yener
Reply to this Message
Henning Krause [MVP - Exchange] - 24 Feb 2008 20:48 GMT
Hello,

even the StrongNameIdentityPermission won't absolutely prevent someone from
calling your code. If he has access to the binaries he can either disable
CAS completely or decompile your assembly, remove the check and recompile
it. It's a matter of minutes.

If you really want to prevent people from running your code you should not
give it to them.

Kind regards,
Henning Krause

> Hi,
>
[quoted text clipped - 20 lines]
> thanks so much
> Yener
Reply to this Message
Dominick Baier - 17 Mar 2008 20:14 GMT
StrongNameIdentityPermission is ignored in full trust.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Hello,
>
[quoted text clipped - 35 lines]
>> thanks so much
>> Yene
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.