Re: Strong Name - verification using StrongNameIdentityPermission

From: Ram (
Date: 06/18/03

Date: Wed, 18 Jun 2003 14:06:22 -0700

Thanks for your response. First I did try doing the assert in the method
that was calling the method doing the demand. It failed with that as well.

I finally got it work by changing the way I was getting the public key blob.
Instead of hardcoding, I used reflection as follows:

    Assembly* ThisAssembly = Assembly::GetExecutingAssembly();
    AssemblyName* an = ThisAssembly->GetName();
    Byte MyKey[] = an->GetPublicKey();

The funny thing is that the public key returned by the GetPublicKey() call
is the same as the one I had hardcoded earlier. I compared every single
byte. Still, this version works while the hardcoded one failed. Ofcourse I
havent verified all the use cases yet - including asserting.

In the meanwhile, I came across an article that said Admins can use
caspol.exe to turn off all security. I have two questions related to that
- Is there a way to check at runtime if the security is turned off?
- How can I do the stack walk mayself so that security for my library is
never compromised?

Thanks again for your time.

"Shawn Farkas [MS]" <> wrote in message
> Hi Ram,
> When a security stack walk takes place, it starts at the stack frame
> above the current frame. Since your assert is in the current frame, it
> not be noticed. What you need to do is move your demand call into another
> method and call into that method to do the demand. Then you will hit the
> assert on the stack walk.
> -Shawn
> --
> --------------------------------------------------
> This posting is provided "AS IS" with no warranties, and confers no rights
> "Ram" <> wrote in message
> news:eytwM2VNDHA.1720@TK2MSFTNGP11.phx.gbl...
> > Hi
> > Im trying to validate the calling assembly using
> > StrongNameIdentityPermission. After getting tired with multiple trials,
> > tried a little experiment:
> >
> > Byte keyBlob[] = {... }; //I got this blob by using
> > 'secutil -strongname
> > AssemblyNameWithFulpath'
> > StrongNamePublicKeyBlob* theKey = new
> > StrongNameIdentityPermission* thePerms = new
> > StrongNameIdentityPermission(theKey, NULL, NULL);
> >
> > try
> > {
> > thePerms->Assert();
> > thePerms->Demand();
> > }
> > catch( SecurityException* exp)
> > {
> > ...
> > }
> >
> > Even though Im doing an assert, the call to Demand still throws a
> > SecurityException. My understanding is that the Assert call should
> > in
> > all callers in the stack getting the permission. What am I missing here?
> >
> > Btw, Im doing this in managed extensions for c++. I would be very
> > for any suggestions.
> > thanks
> > Ram
> >
> >

Relevant Pages

  • Re: Strong Name - verification using StrongNameIdentityPermission
    ... SecurityEnabled which will indicate if the security system has been disabled ... manually do a stack walk. ... First I did try doing the assert in the method ... What you need to do is move your demand call into ...
  • Re: Stack walk
    ... Yes, Assert is *extremely* dangerous, and any developer who uses it ... >> The level of trust to a unique assembly is defined in the permission set. ... Could you say that the stack walk is crucial, ... >> stack walk no security actions could be applied? ...
  • Re: Can an Assert issued following a Deny override it?
    ... Probably the easiest way to edit existing permission sets is to use the .NET Configuration Wizards from your control panel. ... Security Policy \ Machine you'll be able to edit the code groups and permission sets using a GUI instead of trying to figure out that confusing ... Can an Assert issued following a Deny override it? ...
  • Re: [9fans] how to lock cpu console
    ... then Y is useless in all cases. ... we require!Y to assert X. ... most known security measures given physical access. ... it's prudent and logical to utilize all means possible - and especially ...
  • Re: security exception for aspx page
    ... you just create a permission object of the same type that is ... >> being demanded by the code lower down and call the Assert method before ... >> calling the method that causes their demand. ...