Preventing others from using my class library assembly.


S

Sin Jeong-hun

I have created a class library assembly (.dll) file. At the main GUI
application, this assembly is referenced and used. But the problem is,
if I redistribute these files with my application, somebody can also
add the class library assembly to their .NET project. I would like to
prevent it because allowing it could be a security leak.

Is it possible to prevent others (than me, of course, I need to use
it) from using my class library assembly?
 
Ad

Advertisements

A

Alberto Poblacion

Sin Jeong-hun said:
I have created a class library assembly (.dll) file. At the main GUI
application, this assembly is referenced and used. But the problem is,
if I redistribute these files with my application, somebody can also
add the class library assembly to their .NET project. I would like to
prevent it because allowing it could be a security leak.

Is it possible to prevent others (than me, of course, I need to use
it) from using my class library assembly?
You can add to your library a LinkDemad for a
StrongNameIdentityPermission, which should match the Strong Name of your
calling program.

This will prevent someone else from using your dll by just adding a
reference to it, but does not guarantee that no one will be able to use it.
I believe that the LinkDemand can be bypassed by using Reflection. Or they
could dissassemble and modify the assembly.
 
M

macleod

You mention that it "could be a security leak". You shouldn't hardcode any
passwords or confidential info into your dll :)
 
T

Tom Spink

Sin said:
I have created a class library assembly (.dll) file. At the main GUI
application, this assembly is referenced and used. But the problem is,
if I redistribute these files with my application, somebody can also
add the class library assembly to their .NET project. I would like to
prevent it because allowing it could be a security leak.

Is it possible to prevent others (than me, of course, I need to use
it) from using my class library assembly?
Hi,

Unfortunately there are ALWAYS ways around any security measures you try and
implement. To follow up on Alberto's post about signing the assembly, he's
absolutely right... it can be easily bypassed by decompiling your assembly
and tampering with it.

You may want to re-think your entire security strategy, if referencing and
using a class library causes a security violation.
 
I

Ignacio Machin \( .NET/ C# MVP \)

Hi,

Sin Jeong-hun said:
I have created a class library assembly (.dll) file. At the main GUI
application, this assembly is referenced and used. But the problem is,
if I redistribute these files with my application, somebody can also
add the class library assembly to their .NET project. I would like to
prevent it because allowing it could be a security leak.
Can you elaborate why you need that?

What kind of security leaks are you talking about?
 
M

Mattias Sjögren

You can add to your library a LinkDemad for a
StrongNameIdentityPermission, which should match the Strong Name of your
calling program.

This will prevent someone else from using your dll by just adding a
reference to it, but does not guarantee that no one will be able to use it.
I believe that the LinkDemand can be bypassed by using Reflection.

As of .NET 2.0 the demand will be satisfied by any fully trusted code.


Mattias
 
Ad

Advertisements

B

Ben Voigt [C++ MVP]

Mattias Sjögren said:
As of .NET 2.0 the demand will be satisfied by any fully trusted code.
Presumably InternalsVisibleToAttribute would accomplish the same thing but
not be satisfied by FullTrust.
 
Ad

Advertisements

S

Sin Jeong-hun

Hi,




Can you elaborate why you need that?

What kind of security leaks are you talking about?
The class library assembly has a method to create an installation code
and accepts hardware id values as formal parameters. If someone else
can load the dll and use the method, they can generate many
installation
code by passing different hardware id values and guess out how it
works.
(Actually, this is not a very serious authentication, I'm going to add
this
to my home-made applications)
The class library assembly is actually written with Managed C++ (I
don't
like MC++ much but I had to, because I need to get some hardware
values
such as HDD serial, MAC address...) , and I'm going to use this
assembly
in my C# applications.

Thank you for many replies, all of you experts.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top