Re: System.Security.Permissions.StrongNameIdentityPermissionAttribute issue when Using vs2005



SNIP is only enforced in partial trust in .NET 2.0

http://blogs.msdn.com/eugene_bobukh/archive/2005/05/06/415217.aspx

There were too many ways to bypass SNIP in 2003, thats why it caused more problems than it helped.

You can easily do the same check yourself using Assembly.GetCallingAssembly() - it won't be bulletproof, but may help.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi,
I have a dll compiled in Visual Studio 2005 using strong name and
have
some security demands so that the calling application/assembly
requires
the
dll signed with the private key.
The class is prepended with the security attributes as below.

<System.Security.Permissions.StrongNameIdentityPermissionAttribute(Se
curity.Permissions.SecurityAction.Demand,publickey:=mykey)>Public
Class MyClass.....This enforces that the calling application requires
its assembly compiledwith the same strong name key as that which
generated the Public key above.If not compiled with the key, a
security error is generatedThe scenario works fine when the Dll is
compiled in 2003 and the applicationis developed in vs2003.However the
above security is bypassed in Vs2005/.NET 2.0.Do I have to do anything
different in .NET 2.0 to get my dll Secure?Thank



.



Relevant Pages

  • Re: .NET Security
    ... Does this suggest that the programming attributes and/or code groups will be applicatable now? ... I "presumed" that from a sandboxing and security separation standpoint that installing our own code group would be the suggested method to isolated it. ... I'll written a .NET SDK API class library DLL wrapping our native WIN32 API and have written new clients, some VB6 ports to .NET as well, using the new .NET DLL. ... Dim ms As MEMORYSTATUSEX ...
    (microsoft.public.dotnet.security)
  • [NT] Sybase xp_freedll Buffer Overflow
    ... Beyond Security would like to welcome Tiscali World Online ... Xp_free accepts a single parameter that is the name of the DLL to free. ... memory buffer. ... This memory copy results in the stack and the stack pointer ...
    (Securiteam)
  • New Tools from Imperva ADC
    ... Imperva's Application Defense Center has released two new security ... This can be useful for identifying a dll that is related ... existance of an encryption key inside an executable file (based on Adi ... Shamir's "Playing hide and seek with encryption keys"). ...
    (Pen-Test)
  • Re: Access is denied accessing VB6 dll through RCW
    ... Try to turn the security audit on in the Local Security Policy console, and then tune auditing of all access failures for the folder in which the COM DLL resides. ... I'm having trouble using a RCW for a dll I created, ... When I turn impersonation off, ...
    (microsoft.public.dotnet.framework.interop)
  • Re: ASP.NET not executing interop functions
    ... I managed a work-around by giving the ASP.NET account increased security ... thanks for your help Rick. ... > access what ever the DLL needs to have access to. ...
    (microsoft.public.dotnet.framework.aspnet)