Re: StrongNameIdentityPermission Problem

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 06/08/04


Date: Mon, 07 Jun 2004 23:39:01 GMT

Junfeng actually got the use of one of the parameters backwards. Check out http://blogs.msdn.com/shawnfa/archive/2004/06/07/150378.aspx for
a more complete explanation of the StrongNameSignatureVerificationEx method, and managed code samples on using it.

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>From: "Nicole Calinoiu" <nicolec@somewhere.net>
>References: <#RJR8MGTEHA.1272@TK2MSFTNGP10.phx.gbl>
>Subject: Re: StrongNameIdentityPermission Problem
>Date: Mon, 7 Jun 2004 12:25:09 -0400
>Lines: 41
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2120
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2120
>X-RFC2646: Format=Flowed; Original
>Message-ID: <urrYCwKTEHA.3660@tk2msftngp13.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: modemcable100.117-131-66.mc.videotron.ca 66.131.117.100
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:6361
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>Mario,
>
>One possible workaround is to verify that the caller is not on the skip
>verification list.  However, this would be overkill since it could be on the
>list even if it's strongly signed with the appropriate private key.  A
>better approach is to call into mscoree.dll as described at
>http://blogs.msdn.com/junfeng/archive/2004/02/06/68498.aspx.
>
>BTW, as mentioned by Joe, it's also trivial to bypass
>StrongNameIdentityPermission demands by disabling CAS entirely.  In order to
>avoid this, verify that CAS is enabled (SecurityManager.SecurityEnabled) in
>_any_ context in which the demand/linkdemand should be enforced.
>
>HTH,
>Nicole
>
>
>"Mario Hallmann" <mhallmann@software-house.de> wrote in message
>news:%23RJR8MGTEHA.1272@TK2MSFTNGP10.phx.gbl...
>>I was investigating some solutions to protect my code being called by other
>> code. The StrongNameIdentityPermission class seems to fit in here very
>> well.
>> But then I found out, that it is possible to put only the public key into
>> an
>> assembly (using delay sign) and turn off assembly loading validation for
>> that public key (using sn -Vr command). If I get right everything this
>> would
>> make StrongNameIdentityPermission useless, because everybody can create an
>> assembly with my public key and then turn off validation.
>>
>> Is there any solution for this problem or am I overlooking something?
>>
>> Thanks,
>> Mario
>>
>>
>
>
>
>
>
>