-----------------------------------------------------------
New Message on BDOTNET
-----------------------------------------------------------
From: Nasha
Message 1 in Discussion
Hi All, There are a lot of assemblies that we create in our projects daily. Have we
ever wondered that all those assemblies that we write after putting in such a lot of
hard work and effort could be easily used some one else.Also at times you dont want
others to use a particular class or a method cause it may retriving some important or
confidential information..Net by itself works on the concept of sharing assemblies
between applications which enables rapid application development (RAD). We can secure
our code by identifying the caller. Managed code offers several ways to restrict
method access: Limit the scope of accessibility to the class, assembly, or
derived classes, if they can be trusted. This is the simplest way to limit method
access. Note that, in general, derived classes can be less trustworthy than the class
they derive from, though in some cases they share the parent class's identity. In
particular, do not infer trust from the keyword protected, which is not necessarily
used in the security context. Limit the method access to callers of a
specified identity -- essentially, any particular evidence (strong name, publisher,
zone, and so on) you choose. Limit the method access to callers having whatever
permissions you select.
Lets see how can we accomplish this. 1) Create a strong named assembly e.g.
Calc.dll. with one class called MyClass having the Add() method which add two numbers.
2) .Net Framework has tool called SecUtil.exe.
3) Go to the Visual Studio command prompt
4) Type SecUtil.exe /? . This will display the help and all the available options.
5) Then type secutil.exe -s -hex -c Calc.dll (or the name of ur dll).
6) This will display the public key as hexadecimal value as shown below.
C:\DotNet\DLLProj\bin\Debug>secutil -hex -c -s Calc.dll
Microsoft (R) .NET Framework SecUtil 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. Public Key =
0x0024000004800000940000000602000000240000525341310004000001000100D96FE3B963FC64
B8A9B6CA05B859A67B8B30603A0D696E1F95D8C9B23C5B2EEF139B96A5CC55C2E38D05B7FD675434
A3EE1EF70C69AE3BDE8E646BF652C006278884856E10D3CD0273B458A3E8ECAF47BE51FC7619E271
6602B6EFE34824238F1CAF86960691256D0608E317217E174F4947397A9D5D0BA48785E8CB726E0F
CA
Name =
Calc
Version =
1.0.1761.29820
Success Now You can use this Public key with any class or method in your assembly
that you don't want anyone else to access, you can use the
StrongNameIdentityPermissionAttribute for this. Any calling code that isn't signed
with your .snk file won't have access to it. Here I have used it at the class level.
You can also achieve the same at method or assembly level. So,Lets secure our class.
// put this code above the class as shown
[StrongNameIdentityPermissionAttribute(SecurityAction.Demand,
PublicKey =
"0x0024000004800000940000000602000000240000525341310004000001000100D96FE3B963FC64" +
"B8A9B6CA05B859A67B8B30603A0D696E1F95D8C9B23C5B2EEF139B96A5CC55C2E38D05B7FD675434" +
"A3EE1EF70C69AE3BDE8E646BF652C006278884856E10D3CD0273B458A3E8ECAF47BE51FC7619E271"+
"6602B6EFE34824238F1CAF86960691256D0608E317217E174F4947397A9D5D0BA48785E8CB726E0FCA")]
public class MyClass
{
public MyClass()
{
} public int Add(int i , int j)
{
}
}
7) Now create any Win app which will be a client app for this assembly.
8) Do not srong name this assembly.
9) Reference the above assembly in the cleint App.
10) Call the Add method or any other method of the Myclass.
11) The code will compile.
12) Try and execute the function call . You will a similar error message. Additional
information: Request for the permission of type
System.Security.Permissions.StrongNameIdentityPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
-- Please post your queries and comments for my articles in the usergroup for the
benefit of all. I hope this step from my end is helpful to all of us.
Regards,
Namratha (Nasha)
-----------------------------------------------------------
To stop getting this e-mail, or change how often it arrives, go to your E-mail
Settings.
http://groups.msn.com/bdotnet/_emailsettings.msnw
Need help? If you've forgotten your password, please go to Passport Member Services.
http://groups.msn.com/_passportredir.msnw?ppmprop=help
For other questions or feedback, go to our Contact Us page.
http://groups.msn.com/contact
If you do not want to receive future e-mail from this MSN group, or if you received
this message by mistake, please click the "Remove" link below. On the pre-addressed
e-mail message that opens, simply click "Send". Your e-mail address will be deleted
from this group's mailing list.
mailto:[EMAIL PROTECTED]
