Check assembly for integrity?

[Martin Carpella]

Hello,

I'm currently developing a Windows Service that should dynamically load
assemblies ("plug-ins") for special tasks. As the service runs with
Local-System privileges I am not willing to load arbritrary code without
verifying it first. My idea was to check if the assembly is signed with
the same key as "I" (== the loading assembly) am.

Is the Public Key of AssemblyName reliably the public key the assembly
was signed with? Is there any way to verify if the assembly has been
verified (i.e. has not been excluded from checks with "sn.exe -Vr")?

Thanks in advance!

Best Regards,
Martin

 

[Nicole Calinoiu]

Yes, you can bypass verification skipping when evaluting strong name
validity, but it requires a p/invoke call. See
http://blogs.msdn.com/shawnfa/archive/2004/06/07/150378.aspx for details.

 

[Martin Carpella]

Yes, you can bypass verification skipping when evaluting strong name
validity, but it requires a p/invoke call. See
http://blogs.msdn.com/shawnfa/archive/2004/06/07/150378.aspx for details.

Wow, thanks, that was exactly what I was looking for! Thanks a lot!

Best regards,
Martin