Re: Strong Name - verification using StrongNameIdentityPermission

From: Ram (pyasa_at_hotmail.com)
Date: 06/18/03


Date: Wed, 18 Jun 2003 14:06:22 -0700


Shwan
Thanks for your response. First I did try doing the assert in the method
that was calling the method doing the demand. It failed with that as well.

I finally got it work by changing the way I was getting the public key blob.
Instead of hardcoding, I used reflection as follows:

    Assembly* ThisAssembly = Assembly::GetExecutingAssembly();
    AssemblyName* an = ThisAssembly->GetName();
    Byte MyKey[] = an->GetPublicKey();

The funny thing is that the public key returned by the GetPublicKey() call
is the same as the one I had hardcoded earlier. I compared every single
byte. Still, this version works while the hardcoded one failed. Ofcourse I
havent verified all the use cases yet - including asserting.

In the meanwhile, I came across an article that said Admins can use
caspol.exe to turn off all security. I have two questions related to that
- Is there a way to check at runtime if the security is turned off?
- How can I do the stack walk mayself so that security for my library is
never compromised?

Thanks again for your time.
Ram

"Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message
news:%23sZb0AcNDHA.2512@TK2MSFTNGP10.phx.gbl...
> Hi Ram,
>
> When a security stack walk takes place, it starts at the stack frame
> above the current frame. Since your assert is in the current frame, it
will
> not be noticed. What you need to do is move your demand call into another
> method and call into that method to do the demand. Then you will hit the
> assert on the stack walk.
>
> -Shawn
>
> --
>
> --------------------------------------------------
> This posting is provided "AS IS" with no warranties, and confers no rights
> "Ram" <pyasa@hotmail.com> wrote in message
> news:eytwM2VNDHA.1720@TK2MSFTNGP11.phx.gbl...
> > Hi
> > Im trying to validate the calling assembly using
> > StrongNameIdentityPermission. After getting tired with multiple trials,
I
> > tried a little experiment:
> >
> > Byte keyBlob[] = {... }; //I got this blob by using
> > 'secutil -strongname
> > AssemblyNameWithFulpath'
> > StrongNamePublicKeyBlob* theKey = new
StrongNamePublicKeyBlob(keyBlob);
> > StrongNameIdentityPermission* thePerms = new
> > StrongNameIdentityPermission(theKey, NULL, NULL);
> >
> > try
> > {
> > thePerms->Assert();
> > thePerms->Demand();
> > }
> > catch( SecurityException* exp)
> > {
> > ...
> > }
> >
> > Even though Im doing an assert, the call to Demand still throws a
> > SecurityException. My understanding is that the Assert call should
result
> > in
> > all callers in the stack getting the permission. What am I missing here?
> >
> > Btw, Im doing this in managed extensions for c++. I would be very
grateful
> > for any suggestions.
> > thanks
> > Ram
> >
> >
>
>