Re: strong name and web service
From: Ivan Medvedev [MS] (ivanmed@online.microsoft.com)
Date: 04/11/03
- Previous message: Alek Davis: "Re: encrypt password for webservices"
- In reply to: Guogang: "Re: strong name and web service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ivan Medvedev [MS]" <ivanmed@online.microsoft.com> Date: Fri, 11 Apr 2003 11:25:06 -0700
Guogang -
all strong naming does is giving your assembly a cryptographically strong
unspoofable name. If you need this kind of strong identity for your code
(for example to make the security policy give certain trust to that
assembly, or to implement "semi-public API" scenarios, where the APIs only
allow their callers to be assemblies having certain identity) then you
should use strong naming. You may also use it if you are planning on putting
the assembly in the GAC or would like to restrict assembly's callers to only
those having full trust (strongname signing and not putting
AllowPartiallyTrustedCallersAttribute does that).
I can not think of any direct benefits from signing web service code.
--Ivan
This posting is provided "AS IS" with no warranties, and confers no rights.
"Guogang" <nospam@no_such_domain.com> wrote in message
news:O1Gi#rj$CHA.2820@TK2MSFTNGP11.phx.gbl...
> Great, that solves one question, strong name won't be checked by clients.
>
> I am investigating the use of strong naming in our .Net solutions.
>
> Does it make sense to use strong naming on .Net application that won't be
> put into Global Assembly Cache?
> What can I benefit from strong naming a web service?
>
> Thanks,
> Guogang
>
> "Steven Grayson [MSFT]" <sgrayson@online.microsoft.com> wrote in message
> news:O0hrZZj$CHA.2412@TK2MSFTNGP10.phx.gbl...
> > You can assign a strong name to assemblies that make up a web service,
but
> > not to a web service. A strong name consists of an assembly's identity -
> its
> > simple text name, version number, and culture information (if
provided) -
> > plus a public key and a digital signature. It is generated from an
> assembly
> > file (the file that contains the assembly manifest, which in turn
contains
> > the names and hashes of all the files that make up the assembly), using
> the
> > corresponding private key. Microsoft® Visual Studio® .NET and other
> > development tools provided in the .NET Framework SDK can assign strong
> names
> > to an assembly.
> > What were you wanting to do by assigning a strong name to a web service?
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > Use of included script samples are subject to the terms specified at
> > http://www.microsoft.com/info/cpyright.htm
> > "Guogang" <nospam@no_such_domain.com> wrote in message
> > news:ep27$2i$CHA.3512@TK2MSFTNGP11.phx.gbl...
> > > I saw that I can assign a strong name to my web-service.
> > > My question:
> > > Is there benefit in assigning a strong name to web service?
> > > Will this strong name be checked by any remote client?
> > >
> > > Thanks,
> > > Guogang
> > >
> > >
> >
> >
>
>
- Previous message: Alek Davis: "Re: encrypt password for webservices"
- In reply to: Guogang: "Re: strong name and web service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
