Re: Securing Dll Assmebly For Specified EXE Client
From: John Bowman (bowman_at_thermonicolet.com)
Date: 08/26/03
- Next message: Nathan Bullock: "Re: Application Security"
- Previous message: Edwin: "Authorizing users based on User Groups"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Securing Dll Assmebly For Specified EXE Client"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Securing Dll Assmebly For Specified EXE Client"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Securing Dll Assmebly For Specified EXE Client"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Aug 2003 08:20:01 -0500
Joe,
I understand enough at this point to use the sn.exe tool and how to apply it
to my program. However, I spent most of last evening trying to
learn/understand the MSDN info on LinkDemand/Demand and am still really
struggling in how to setup/code your suggestion. So, OK, I've got a signed
DLL. Do I need to use the same signature file for the EXE(s) as well, or
does that not matter? Then how do I setup/accomplish a "Demand on a
StrongNamePermission for that key in the DLL code"? For our purposes, it
appears I'd want the LinkDemand/Demand on the class level. But as far as the
syntax is concerned, I just don't seem to "get it". I've been trying to
understand the example MSDN code in the StrongNameIdentityPermission
Constructor that takes a StrongNamePublicKeyBlob, string and version, but I
don't understand this whole publickey blob stuff yet. Any additional help
would be appreciated.
TIA, ... again,
John
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:O58foIzaDHA.652@tk2msftngp13.phx.gbl...
> I think you could accomplish this by strong name signing your exe code
with
> a specific strong name key pair and then doing a LinkDemand on a
> StrongNamePermission for that key in your DLL code. The idea with the
> LinkDemand is that the calling code must have the specific permission or
it
> will fail.
>
> However, it may be best to do a full Demand instead of LinkDemand, as the
> full Demand will do a complete stack walk, ensuring that everyone in the
> call stack has the permission. That would prevent a wrapper being created
> around your DLL that didn't have the same security checks. However, given
> that you control the strong name key pair and presumably only sign code
that
> you trust, then you could prevent such a wrapper from being signed in the
> first place.
>
> Hopefully that gives you some ideas. Some of the CAS experts around here
> may have some sample code or step by step instructions.
>
> Joe K.
>
> "John Bowman" <bowman@thermonicolet.com> wrote in message
> news:u$evZywaDHA.2412@TK2MSFTNGP10.phx.gbl...
> > Hello,
> >
> > I"m a newbie to .NET security, so I hope someone here can help me. I've
> got
> > a client EXE assembly that makes calls into a DLL assembly. Because the
> DLL
> > assembly is scriptable for our internal purposes, what I want to be able
> to
> > do is put some code into the exposed object's in DLL assembly, that will
> > cause them to reufse/fail to load/run if the calling client EXE is NOT
my
> > original EXE or those we specifically designate. Basically, we only
want
> > the dll to work at all if it's called by our code.
> >
> > Any ideas on how can I do this?
> >
> > TIA,
> >
> > --
> > John C. Bowman
> > Software Engineer
> > Thermo Electron Scientific Instruments Div.
> > bowman@thermonicolet.com
> >
> >
>
>
- Next message: Nathan Bullock: "Re: Application Security"
- Previous message: Edwin: "Authorizing users based on User Groups"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Securing Dll Assmebly For Specified EXE Client"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Securing Dll Assmebly For Specified EXE Client"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Securing Dll Assmebly For Specified EXE Client"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
