Re: StrongNameIdentityPermission Problem

From: Shawn Farkas (
Date: 06/08/04

Date: Mon, 07 Jun 2004 23:39:01 GMT

Junfeng actually got the use of one of the parameters backwards. Check out for
a more complete explanation of the StrongNameSignatureVerificationEx method, and managed code samples on using it.


This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
>From: "Nicole Calinoiu" <>
>References: <#RJR8MGTEHA.1272@TK2MSFTNGP10.phx.gbl>
>Subject: Re: StrongNameIdentityPermission Problem
>Date: Mon, 7 Jun 2004 12:25:09 -0400
>Lines: 41
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2120
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2120
>X-RFC2646: Format=Flowed; Original
>Message-ID: <urrYCwKTEHA.3660@tk2msftngp13.phx.gbl>
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>Xref: cpmsftngxa10.phx.gbl
>One possible workaround is to verify that the caller is not on the skip
>verification list.  However, this would be overkill since it could be on the
>list even if it's strongly signed with the appropriate private key.  A
>better approach is to call into mscoree.dll as described at
>BTW, as mentioned by Joe, it's also trivial to bypass
>StrongNameIdentityPermission demands by disabling CAS entirely.  In order to
>avoid this, verify that CAS is enabled (SecurityManager.SecurityEnabled) in
>_any_ context in which the demand/linkdemand should be enforced.
>"Mario Hallmann" <> wrote in message
>>I was investigating some solutions to protect my code being called by other
>> code. The StrongNameIdentityPermission class seems to fit in here very
>> well.
>> But then I found out, that it is possible to put only the public key into
>> an
>> assembly (using delay sign) and turn off assembly loading validation for
>> that public key (using sn -Vr command). If I get right everything this
>> would
>> make StrongNameIdentityPermission useless, because everybody can create an
>> assembly with my public key and then turn off validation.
>> Is there any solution for this problem or am I overlooking something?
>> Thanks,
>> Mario