Re: securing an assembly
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 02/11/04
- Next message: Crirus: "I need scenarios on securing a set of data transmitted to client"
- Previous message: Sergio Otoya: "Passing current user credentials to web request"
- In reply to: Jonas: "Re: securing an assembly"
- Next in thread: Mary Chipman: "Re: securing an assembly"
- Reply: Mary Chipman: "Re: securing an assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Feb 2004 22:32:19 -0600
The big decision is whether you want to do strong names or authenticode. If
you go with strong names, you first need to sign all of your assemblies.
This can be done via the AssemblyKeyName or AssemblyFile attributes or via
the sn tool.
To ensure that your assemblies are only used by code that has been signed by
one of these mechanisms, you create the appropriate permission and Demand
it. You can do this with attributes or in code with permission objects and
the Demand method.
I don't have a good sample I can point you too, but there is likely someone
else in the forum who might have one or could answer more detailed questions
if you get stuck.
Joe K.
"Jonas" <jonas@nospam.pl> wrote in message
news:O9FP0L$7DHA.2412@TK2MSFTNGP09.phx.gbl...
> Can You point us to some info on how to do this step-by-step?
>
> TIA
>
> Jonas
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:O5C4x%23%237DHA.1052@TK2MSFTNGP12.phx.gbl...
> > Signing your assemblies with a strong name key or authenticode signing
> them,
> > along with using StrongNamePermissionAttribute or
> > PublisherIdentityPermissionAttribute, should allow you to make ensure
that
> > only code signed with the correct key or certificate can call your code.
> > This is probably better than trying to implement this yourself.
> >
> > Joe K.
> >
> > "steve" <anonymous@discussions.microsoft.com> wrote in message
> > news:EAA195F6-8FE3-42AC-8BE3-A5771C5D15DE@microsoft.com...
> > > I have written a dll assembly which I want to make sure can only be
> > accessed by applications written by our own company.
> > > Are there any inbuilt mechanisms to achieve this or do I have to
> implement
> > my own.
> > >
> > > Steve
> >
> >
>
>
- Next message: Crirus: "I need scenarios on securing a set of data transmitted to client"
- Previous message: Sergio Otoya: "Passing current user credentials to web request"
- In reply to: Jonas: "Re: securing an assembly"
- Next in thread: Mary Chipman: "Re: securing an assembly"
- Reply: Mary Chipman: "Re: securing an assembly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
