Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
DotNet
acad.assignment.mngr
academic
adonet
aspnet
aspnet.announcements
aspnet.build.controls
aspnet.caching
aspnet.datagridcontrol
aspnet.mobile
aspnet.security
aspnet.webcontrols
aspnet.webservices
clr
compactframework
component_services
datatools
distributed_apps
drawing
faqs
framework
framework.wmi
general
internationalization
interop
languages.csharp
languages.jscript
languages.vb
languages.vb.controls
languages.vb.data
languages.vb.upgrade
languages.vc
languages.vc.libraries
myservices
odbcnet
performance
remoting
scripting
sdk
security
setup
vjsharp
vsa
webservi.enhancements
webservices
windowsforms
windowsforms.controls
winforms.databinding
winforms.designtime
xml
  
 
date: Fri, 22 Feb 2008 19:28:19 +0200,    group: microsoft.public.dotnet.security        back       


Assembly security    
Hi,

I have written a class library and i don't want unauthorized access to 
some (or all) methods in this library. With some research , i found that 
i can use strongly named assemblies for this purpose

Here is what i did:
1- I created a consumer assembly signed with myKeyFile.snk
2- I get public key of this assembly with secutil.exe
3- I added StrongNameIdentityPermissionAttribute to the methods of class 
library with LinkDemand option and the public key of consumer assembly
4- I signed my class library with a key file also,otherwise i cannot 
reference it to consumer assembly.

Now i get it work, but i got a question. With this method all the 
consumers of class library should be signed with same key file.
What if consumer assembly has some other references that have 
StrongNameIdentityPermissionAttribute with different public keys ?
as far as i know ,we cannot sign an assembly with more than one key file.

and is there any other method to get same functionality?

thanks so much
Yener
date: Fri, 22 Feb 2008 19:28:19 +0200   author:   Yener

Re: Assembly security    
Hello,

even the StrongNameIdentityPermission won't absolutely prevent someone from 
calling your code. If he has access to the binaries he can either disable 
CAS completely or decompile your assembly, remove the check and recompile 
it. It's a matter of minutes.

If you really want to prevent people from running your code you should not 
give it to them.

Kind regards,
Henning Krause

"Yener"  wrote in message 
news:eoDjOhXdIHA.4728@TK2MSFTNGP03.phx.gbl...
> Hi,
>
> I have written a class library and i don't want unauthorized access to 
> some (or all) methods in this library. With some research , i found that i 
> can use strongly named assemblies for this purpose
>
> Here is what i did:
> 1- I created a consumer assembly signed with myKeyFile.snk
> 2- I get public key of this assembly with secutil.exe
> 3- I added StrongNameIdentityPermissionAttribute to the methods of class 
> library with LinkDemand option and the public key of consumer assembly
> 4- I signed my class library with a key file also,otherwise i cannot 
> reference it to consumer assembly.
>
> Now i get it work, but i got a question. With this method all the 
> consumers of class library should be signed with same key file.
> What if consumer assembly has some other references that have 
> StrongNameIdentityPermissionAttribute with different public keys ?
> as far as i know ,we cannot sign an assembly with more than one key file.
>
> and is there any other method to get same functionality?
>
> thanks so much
> Yener
date: Sun, 24 Feb 2008 21:48:20 +0100   author:   Henning Krause [MVP - Exchange]

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us