Re: How to check if dynamically loaded assembly is yours?
From: William Stacey [MVP] (staceywREMOVE_at_mvps.org)
Date: 12/05/04
- Previous message: Dathon: "Re: How to check if dynamically loaded assembly is yours?"
- In reply to: Dathon: "Re: How to check if dynamically loaded assembly is yours?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 5 Dec 2004 16:59:21 -0500
Thanks. Will file that tip for future.
-- William Stacey, MVP http://mvp.support.microsoft.com "Dathon" <tanagra@newsgroups.nospam> wrote in message news:7EB4EA49-79BE-4C7B-955B-9DC298DF9779@microsoft.com... > I was just reading up on assemblies last night and I may have found an even > better way of doing this-- just use Assembly.LoadWithPartialNames: > > Assembly.LoadWithPartialName("NameOfAssembly, > PublicKeyToken=1111111111111111"); > > You can get the "NameOfAssembly" from wherever-- a list, a directory > enumeration, the user. You simply set the PublicKeyToken to your public key. > That way no matter what assembly name you try to load, you will only > successfully load it if the Public Key is yours. Of course the only way the > public key could be yours is if you signed it! > > > "Dathon" wrote: > > > Here's some code that seems to work pretty well. Thought I'd share with the > > community: > > > > static public bool IsAssemblyTrusted(Assembly a) > > { > > Assembly currentAssembly = System.Reflection.Assembly.GetExecutingAssembly(); > > byte[] currentToken = currentAssembly.GetName().GetPublicKeyToken(); > > > > try > > { > > byte[] token = a.GetName().GetPublicKeyToken(); > > for (int i = 0; i < currentToken.Length; i++) > > { > > if (currentToken[i] != token[i]) > > { > > return false; > > } > > } > > return true; > > } > > catch(Exception e) > > { > > return false; > > } > > } > > > > > > "William Stacey [MVP]" wrote: > > > > > That looks like a good way. Not sure if the public key in the assem is > > > always at the same byte locations if one exists. If it was, you could just > > > use a binary reader to see. I guess even if it was variable location you > > > could find the "Public Key = "xxx" token and parse start parsing. This > > > would be a lot faster then loading the assembly I would think. That said, > > > it may not matter much. As if you need to load the assembly anyway > > > (assuming it is good) you will do the quick check you have and your done. > > > Would it not be an "edge" case that you loaded an assem and it was not > > > yours? If so, the overhead of loading should not be an issue as that is > > > exception case I would think. Maybe not. > > > > > > -- > > > William Stacey, MVP > > > http://mvp.support.microsoft.com > > > > > > "Dathon" <tanagra@newsgroups.nospam> wrote in message > > > news:6A61157F-E4F4-4D1E-9952-BD8A9376BB19@microsoft.com... > > > > I have an application that dynamically loads plug-ins. My app is > > > > strong-named and I expect the plug-in assemblies to be strong-named, too. > > > > > > > > I want to go one extra step, though, and make sure that I only load > > > plug-ins > > > > that were signed with MY key. > > > > > > > > I was thinking I could do something like this: > > > > > > > > Assembly a = Assembly.LoadFrom(pathToAssembly); > > > > byte[] token = a.GetName().GetPublicKeyToken(); > > > > return (IsEqual(token, myToken); > > > > > > > > Is there an easy way of doing it? > > > > > > > > > > > > > >
- Previous message: Dathon: "Re: How to check if dynamically loaded assembly is yours?"
- In reply to: Dathon: "Re: How to check if dynamically loaded assembly is yours?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
