Re: strong name and web service

From: Ivan Medvedev [MS] (ivanmed@online.microsoft.com)
Date: 04/11/03

  • Next message: Mark Levison: "Re: security/strong name/zones clarification needed"
    From: "Ivan Medvedev [MS]" <ivanmed@online.microsoft.com>
    Date: Fri, 11 Apr 2003 11:25:06 -0700
    
    

    Guogang -
    all strong naming does is giving your assembly a cryptographically strong
    unspoofable name. If you need this kind of strong identity for your code
    (for example to make the security policy give certain trust to that
    assembly, or to implement "semi-public API" scenarios, where the APIs only
    allow their callers to be assemblies having certain identity) then you
    should use strong naming. You may also use it if you are planning on putting
    the assembly in the GAC or would like to restrict assembly's callers to only
    those having full trust (strongname signing and not putting
    AllowPartiallyTrustedCallersAttribute does that).
    I can not think of any direct benefits from signing web service code.
    --Ivan

    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Guogang" <nospam@no_such_domain.com> wrote in message
    news:O1Gi#rj$CHA.2820@TK2MSFTNGP11.phx.gbl...
    > Great, that solves one question, strong name won't be checked by clients.
    >
    > I am investigating the use of strong naming in our .Net solutions.
    >
    > Does it make sense to use strong naming on .Net application that won't be
    > put into Global Assembly Cache?
    > What can I benefit from strong naming a web service?
    >
    > Thanks,
    > Guogang
    >
    > "Steven Grayson [MSFT]" <sgrayson@online.microsoft.com> wrote in message
    > news:O0hrZZj$CHA.2412@TK2MSFTNGP10.phx.gbl...
    > > You can assign a strong name to assemblies that make up a web service,
    but
    > > not to a web service. A strong name consists of an assembly's identity -
    > its
    > > simple text name, version number, and culture information (if
    provided) -
    > > plus a public key and a digital signature. It is generated from an
    > assembly
    > > file (the file that contains the assembly manifest, which in turn
    contains
    > > the names and hashes of all the files that make up the assembly), using
    > the
    > > corresponding private key. Microsoft® Visual Studio® .NET and other
    > > development tools provided in the .NET Framework SDK can assign strong
    > names
    > > to an assembly.
    > > What were you wanting to do by assigning a strong name to a web service?
    > >
    > > --
    > > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    > > Use of included script samples are subject to the terms specified at
    > > http://www.microsoft.com/info/cpyright.htm
    > > "Guogang" <nospam@no_such_domain.com> wrote in message
    > > news:ep27$2i$CHA.3512@TK2MSFTNGP11.phx.gbl...
    > > > I saw that I can assign a strong name to my web-service.
    > > > My question:
    > > > Is there benefit in assigning a strong name to web service?
    > > > Will this strong name be checked by any remote client?
    > > >
    > > > Thanks,
    > > > Guogang
    > > >
    > > >
    > >
    > >
    >
    >


  • Next message: Mark Levison: "Re: security/strong name/zones clarification needed"

    Relevant Pages

    • Re: Custom security permission exception error message
      ... > We're planning to use strong naming for our app and this does indeed ... unrestricted permission grant. ... AllowPartiallyTrustedCallersAttribute (APTCA) to your library assembly. ... appropriate security audit of the target library assemblies since applying ...
      (microsoft.public.dotnet.security)
    • Re: strong name and web service
      ... Great, that solves one question, strong name won't be checked by clients. ... I am investigating the use of strong naming in our .Net solutions. ... What can I benefit from strong naming a web service? ... > You can assign a strong name to assemblies that make up a web service, ...
      (microsoft.public.dotnet.security)
    • RE: ASP.Net 1.1 shadow copy + reflection problem
      ... Well if you use strong naming the problem will not dissapear but rather ... If you load all your dll's from the same folder you can simplify this by ... > (assemblies) from other directories that are not the bin. ...
      (microsoft.public.dotnet.framework)
    • Re: strong naming?
      ... Lack of strong naming means the runtime only has a version and path to load. ... There may be cached assemblies, ... reference different "versions" of the dll. ...
      (microsoft.public.dotnet.framework)
    • Re: GUIDs, snks, reflection and ILMerge
      ... You might be better off just ensuring that any calls into the web service ... assemblies into a single executable. ... I need to enforce that only this dll makes ... I believe a GUID would be sufficient to identify the calling dll, ...
      (microsoft.public.dotnet.languages.csharp)