Re: System.Security.Permissions.StrongNameIdentityPermissionAttribute issue when Using vs2005



SNIP is only enforced in partial trust in .NET 2.0

http://blogs.msdn.com/eugene_bobukh/archive/2005/05/06/415217.aspx

There were too many ways to bypass SNIP in 2003, thats why it caused more problems than it helped.

You can easily do the same check yourself using Assembly.GetCallingAssembly() - it won't be bulletproof, but may help.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi,
I have a dll compiled in Visual Studio 2005 using strong name and
have
some security demands so that the calling application/assembly
requires
the
dll signed with the private key.
The class is prepended with the security attributes as below.

<System.Security.Permissions.StrongNameIdentityPermissionAttribute(Se
curity.Permissions.SecurityAction.Demand,publickey:=mykey)>Public
Class MyClass.....This enforces that the calling application requires
its assembly compiledwith the same strong name key as that which
generated the Public key above.If not compiled with the key, a
security error is generatedThe scenario works fine when the Dll is
compiled in 2003 and the applicationis developed in vs2003.However the
above security is bypassed in Vs2005/.NET 2.0.Do I have to do anything
different in .NET 2.0 to get my dll Secure?Thank



.