Re: StrongNameIdentityPermission Problem

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 06/08/04


Date: Mon, 07 Jun 2004 23:39:01 GMT

Junfeng actually got the use of one of the parameters backwards. Check out http://blogs.msdn.com/shawnfa/archive/2004/06/07/150378.aspx for
a more complete explanation of the StrongNameSignatureVerificationEx method, and managed code samples on using it.

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>From: "Nicole Calinoiu" <nicolec@somewhere.net>
>References: <#RJR8MGTEHA.1272@TK2MSFTNGP10.phx.gbl>
>Subject: Re: StrongNameIdentityPermission Problem
>Date: Mon, 7 Jun 2004 12:25:09 -0400
>Lines: 41
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2120
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2120
>X-RFC2646: Format=Flowed; Original
>Message-ID: <urrYCwKTEHA.3660@tk2msftngp13.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: modemcable100.117-131-66.mc.videotron.ca 66.131.117.100
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:6361
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>Mario,
>
>One possible workaround is to verify that the caller is not on the skip
>verification list.  However, this would be overkill since it could be on the
>list even if it's strongly signed with the appropriate private key.  A
>better approach is to call into mscoree.dll as described at
>http://blogs.msdn.com/junfeng/archive/2004/02/06/68498.aspx.
>
>BTW, as mentioned by Joe, it's also trivial to bypass
>StrongNameIdentityPermission demands by disabling CAS entirely.  In order to
>avoid this, verify that CAS is enabled (SecurityManager.SecurityEnabled) in
>_any_ context in which the demand/linkdemand should be enforced.
>
>HTH,
>Nicole
>
>
>"Mario Hallmann" <mhallmann@software-house.de> wrote in message
>news:%23RJR8MGTEHA.1272@TK2MSFTNGP10.phx.gbl...
>>I was investigating some solutions to protect my code being called by other
>> code. The StrongNameIdentityPermission class seems to fit in here very
>> well.
>> But then I found out, that it is possible to put only the public key into
>> an
>> assembly (using delay sign) and turn off assembly loading validation for
>> that public key (using sn -Vr command). If I get right everything this
>> would
>> make StrongNameIdentityPermission useless, because everybody can create an
>> assembly with my public key and then turn off validation.
>>
>> Is there any solution for this problem or am I overlooking something?
>>
>> Thanks,
>> Mario
>>
>>
>
>
>
>
>
>


Relevant Pages

  • StrongNameIdentityPermissionAttribute at Assembly level
    ... <Assembly: StrongNameIdentityPermission(_ ... every client can call my assembly, ... only clients with that specific public key can call into that ... What is the correct way to enforce this permission at assembly level? ...
    (microsoft.public.dotnet.framework)
  • Re: Assembly security
    ... StrongNameIdentityPermission is ignored in full trust. ... found that i can use strongly named assemblies for this purpose ... library with LinkDemand option and the public key of consumer ... consumers of class library should be signed with same key file. ...
    (microsoft.public.dotnet.security)
  • Re: StrongNameIdentityPermission Problem
    ... One possible workaround is to verify that the caller is not on the skip ... StrongNameIdentityPermission demands by disabling CAS entirely. ... > assembly with my public key and then turn off validation. ...
    (microsoft.public.dotnet.security)
  • How to get the public key
    ... dll components. ... we use a file key.snk to sign our assemblies with a strong name. ... Now I want to retrieve the public key from key.snk to give the ... StrongNameIdentityPermission attribute the proper publickey value. ...
    (microsoft.public.dotnet.languages.vb)