how do you ensure, other
people cannot create a dll D, that has the same interface, from being invoke
from your exe.
Are you loading a dynamic assembly, finding all Types that implement a certain interface defined in your assembly, and then
consuming them?
If so, just ensure that all references to your assembly must be signed with your unique key:
Find the sn.exe utility installed in "%programfiles%\Microsoft Visual Studio .NET 2003\SDK\v1.1\Bin\sn.exe"
Use sn.exe to generate a strong-name public/private key pair from the command-line.
sn.exe -k "c:\mykey.snk"
You can then use an assembly-level attribute to sign your main assembly (.exe) with your key:
[assembly: AssemblyKeyFile(@"c:\mykey.snk")]
Also, sign all your dynamic assemblies with this key. In your code, you can check to make sure that each assembly you load has your
public key:
public void TestLoadAsm()
{
System.Reflection.Assembly thisAsm = System.Reflection.Assembly.GetExecutingAssembly();
System.Reflection.Assembly asm = System.Reflection.Assembly.LoadFile(@"c:\TestLibrary1.dll", thisAsm.Evidence);
System.Reflection.AssemblyName dynamicName = asm.GetName();
System.Security.Permissions.StrongNamePublicKeyBlob key =
new System.Security.Permissions.StrongNamePublicKeyBlob(thisAsm.GetName().GetPublicKey());
System.Security.Permissions.StrongNamePublicKeyBlob dynaKey =
new System.Security.Permissions.StrongNamePublicKeyBlob(dynamicName.GetPublicKey());
if (!key.Equals(dynaKey))
throw new System.Security.SecurityException(asm.FullName + " has an invalid key signature.");
Type type = asm.GetType("TestLibrary1.Class1");
TestLibrary2.IClass obj = Activator.CreateInstance(type) as TestLibrary2.IClass;
Console.WriteLine("{0}: {1}", dynamicName.Name, dynamicName.Version);
Console.WriteLine(obj.GetType().FullName);
}
So, how do you stop them from plugging in a malicious assembly? Don't give them your key file.
--
Dave Sexton
[email protected]
-----------------------------------------------------------------------
Eugene said:
Consider a system that has exe and dlls, how can i ensure that only the
authorized .net assembly can work with my system. For example, consider your
sys got an exe, that would use dll A, B, and C; how do you ensure, other
people cannot create a dll D, that has the same interface, from being invoke
from your exe. Considering, your exe is created to dynamically load the dll,
for future extensibility, meaning, as new dll comes, you don't need to change
your exe.
thanks
Eugene