Re: System.Security.Permissions.StrongNameIdentityPermissionAttribute issue when Using vs2005
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 Apr 2007 06:09:39 +0000 (UTC)
SNIP is only enforced in partial trust in .NET 2.0
There were too many ways to bypass SNIP in 2003, thats why it caused more problems than it helped.
You can easily do the same check yourself using Assembly.GetCallingAssembly() - it won't be bulletproof, but may help.
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
I have a dll compiled in Visual Studio 2005 using strong name and
some security demands so that the calling application/assembly
dll signed with the private key.
The class is prepended with the security attributes as below.
Class MyClass.....This enforces that the calling application requires
its assembly compiledwith the same strong name key as that which
generated the Public key above.If not compiled with the key, a
security error is generatedThe scenario works fine when the Dll is
compiled in 2003 and the applicationis developed in vs2003.However the
above security is bypassed in Vs2005/.NET 2.0.Do I have to do anything
different in .NET 2.0 to get my dll Secure?Thank
- Prev by Date: System.Security.Permissions.StrongNameIdentityPermissionAttribute issue when Using vs2005
- Next by Date: bad key exception on windows 2000
- Previous by thread: System.Security.Permissions.StrongNameIdentityPermissionAttribute issue when Using vs2005
- Next by thread: bad key exception on windows 2000