assembly protection

[Fabio R.]

Hi all,
what can I do to avoid that someone replace a dll of my asp.net project with
another one?
Example: in check.dll there's the method VerifyUrl to check if the current
domain name is www.site.com, otherwise it return false.
I don't want that someone replaces check.dll with another one with VerifyUrl
that always return true...
I'm not so expert, so probably I miss something...
Thanks to anyone can help me,
Fabio

 

[Karl Seguin [MVP]]

Sign your assembly (you'll need to sign all other assemblies that reference
it as well).

You can generate a key by doing

sn -k SomeKeyName.snk in a VS.NET command prompt

You can then add the key to your project via the assemblyKeyFile attribute:

[assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]

Here's some references:
http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx

or simply google "assembly signing" or "assembly strong naming"

Karl

 

[Fabio R.]

So I need to sign with the same assemblykey all my dll...
After this, the application stops to work if a dll is replaced with a
disassembled one?
Thansks,
Fabio

"Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
net> ha scritto nel messaggio news:[email protected]...

Sign your assembly (you'll need to sign all other assemblies that
reference it as well).

You can generate a key by doing

sn -k SomeKeyName.snk in a VS.NET command prompt

You can then add the key to your project via the assemblyKeyFile
attribute:

[assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]

Here's some references:
http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx

or simply google "assembly signing" or "assembly strong naming"

Karl


--
http://www.openmymind.net/
http://www.fuelindustries.com/

Hi all,
what can I do to avoid that someone replace a dll of my asp.net project
with another one?
Example: in check.dll there's the method VerifyUrl to check if the
current domain name is www.site.com, otherwise it return false.
I don't want that someone replaces check.dll with another one with
VerifyUrl that always return true...
I'm not so expert, so probably I miss something...
Thanks to anyone can help me,
Fabio

 

[Karl Seguin [MVP]]

A signed assembly isn't fully tamper proof...but it's a step in the right
direction. You might also want to take a look at:
http://msdn.microsoft.com/msdnmag/issues/03/08/BasicInstincts/

Karl

--
http://www.openmymind.net/

So I need to sign with the same assemblykey all my dll...
After this, the application stops to work if a dll is replaced with a
disassembled one?
Thansks,
Fabio

"Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
net> ha scritto nel messaggio

Sign your assembly (you'll need to sign all other assemblies that
reference it as well).

You can generate a key by doing

sn -k SomeKeyName.snk in a VS.NET command prompt

You can then add the key to your project via the assemblyKeyFile
attribute:

[assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]

Here's some references:
http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx

or simply google "assembly signing" or "assembly strong naming"

Karl


--
http://www.openmymind.net/
http://www.fuelindustries.com/

Hi all,
what can I do to avoid that someone replace a dll of my asp.net project
with another one?
Example: in check.dll there's the method VerifyUrl to check if the
current domain name is www.site.com, otherwise it return false.
I don't want that someone replaces check.dll with another one with
VerifyUrl that always return true...
I'm not so expert, so probably I miss something...
Thanks to anyone can help me,
Fabio