Re: how to ensure only strong name assemblies are loaded with matching public key
From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 05/17/04
- Next message: Shawn Farkas: "RE: Windows Form Socket Permission"
- Previous message: .NetDave: "MessageQueuePermission Problem"
- In reply to: Tim Mackey: "Re: how to ensure only strong name assemblies are loaded with matching public key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 May 2004 21:36:46 GMT
We're actually adding a feature similar to what you're asking for in Whidbey, the 2.0 release of the framework. The feature will allow you to load an
assembly for introspection, which means that you can inspect its metadata (including the public key), but cannot execute any code. However, until
v2.0 ships (unless you're working with the tech preview), you'll have to use reflection to accomplish what you want.
-Shawn
http://blogs.msdn.com/shawnfa
-- This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- >From: "Tim Mackey" <tim@mackey.ie> >Newsgroups: microsoft.public.dotnet.security >Subject: Re: how to ensure only strong name assemblies are loaded with matching public key >Date: Sat, 15 May 2004 11:54:18 +0100 >Lines: 80 >Message-ID: <2gmb70F4dl29U1@uni-berlin.de> >References: <2g9450F1bflU1@uni-berlin.de> <DlvKXeuNEHA.304@cpmsftngxa10.phx.gbl> <2gbuvsF11fouU1@uni-berlin.de> <rZG9erIOEHA.3960@cpmsftngxa10.phx.gbl> >X-Trace: news.uni-berlin.de mBpo48kFm6HWB71daCr5Eg0Yd/i7RAh1639vrLJ+bkh/y+TKfY >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.3790.0 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.132 >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!newsfeed.freenet.de!fu- berlin.de!uni-berlin.de!not-for-mail >Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:6115 >X-Tomcat-NG: microsoft.public.dotnet.security > >Hi Shawn, >That's fine, i think i can get that to work. I think it would be useful to >have a way of checking the public key token of an assembly without loading >it in your code, but perhaps this is a contradiciton. the current >assumption is that one would load an assembly to use it, my situation is >only to load it to check its public key token. > >thanks for your help. >tim > > >""Shawn Farkas"" <shawnfa@online.microsoft.com> wrote in message >news:rZG9erIOEHA.3960@cpmsftngxa10.phx.gbl... >> OK, so you're doing this from outside of your app then? >> >> Your original idea of loading the assemblies up using reflection and >checking the public key is what I would use. Do you need some sample code >> to accomplish this? >> >> -Shawn >> http://blogs.msdn.com/shawnfa >> >> -- >> >> This posting is provided "AS IS" with no warranties, and confers no >rights. >> Note: For the benefit of the community-at-large, all responses to this >message are best directed to the newsgroup/thread from which they >> originated. >> -------------------- >> >From: "Tim Mackey" <tim@mackey.ie> >> >Newsgroups: microsoft.public.dotnet.security >> >Subject: Re: how to ensure only strong name assemblies are loaded with >matching public key >> >Date: Tue, 11 May 2004 13:24:13 +0100 >> >Lines: 16 >> >Message-ID: <2gbuvsF11fouU1@uni-berlin.de> >> >References: <2g9450F1bflU1@uni-berlin.de> ><DlvKXeuNEHA.304@cpmsftngxa10.phx.gbl> >> >X-Complaints-To: http://news.individual.net/abuse.html >> >X-Trace: news.uni-berlin.de >wDiFx/nUlSElSlOIfCG50QHwZKRT/TWlA5SxIZer7DpyJ43Ixv >> >X-Priority: 3 >> >X-MSMail-Priority: Normal >> >X-Newsreader: Microsoft Outlook Express 6.00.3790.0 >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.132 >> >Path: >cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s >ul.t-online.de!newsfeed01.sul.t-online.de!t- >> online.de!fu-berlin.de!uni-berlin.de!not-for-mail >> >Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:6059 >> >X-Tomcat-NG: microsoft.public.dotnet.security >> > >> >Hi Shawn, >> >thanks for the reply. actually i should have made my post more clear. i >have >> >an application updater (a bit like the ms app.block) on a server that >sends >> >new files to client machines. the server simply streams all the files >from a >> >special directory containing updates to the client software. before this >> >streaming happens, i would like to make sure, programmatically, that any >dll >> >or exe files are strong named with a trusted public key. i would also >like >> >the clients to do the same check, to prevent a fake server from sending >> >files to the client. so i need some programmatic way to check the public >> >key token of an assembly (and whether its strong-named), which isn't part >of >> >the running application. >> > >> >thanks >> >tim >> > >> > >> > >> >> > > >
- Next message: Shawn Farkas: "RE: Windows Form Socket Permission"
- Previous message: .NetDave: "MessageQueuePermission Problem"
- In reply to: Tim Mackey: "Re: how to ensure only strong name assemblies are loaded with matching public key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
