Geeks With Blogs
Blog Moved to http://podwysocki.codebetter.com/ Blog Moved to http://podwysocki.codebetter.com/
In the previous lesson, we covered the new functionality provided by the security user interface.  Today, let's look at strong naming and how you can use it.  I'm sure most people by now know about strong names and what they are.  If not, here is the best explanation link I have:  http://www.codeproject.com/dotnet/StrongNameExplained.asp
 
Basically what the strong name key can give us is cryptographically strong evidence for evaluation.  In this case what we're going to do is use the strong name to restrict whether the calling assembly can execute any method on our assembly using the StrongNameIdentityPermissionAttribute.  Unfortunately, in .NET 2.0, the behavior of this attribute has changed.  No longer will it exclude any calls if the calling code is fully trusted which is different than it was with .NET 1.1.
 
In order to create the strong name key, we type sn -k MyTestKey.snk or use the user interface from Visual Studio 2005 on the project properties window under the Signing tab.  If you are using Visual Studio 2005, you can easily assign the strong name key using the Signing tab and select browse.  The AssemblyKeyFileAttribute is no longer to be used in the AssemblyInfo class from within Visual Studio 2005.  In Visual Studio 2003, you must of course use the AssemblyKeyFileAttribute and put the path to the KeyFile we created in there.  Build the project.
 
Now, what we need to do is extract the public key string from the newly created key file.  We must use the Secutil.exe tool in order to extract this string.  We can get this by typing "secutil -hex -s MyAssembly.dll >> keyoutput.txt" where  MyAssembly.dll is the signed dll with the key we created.  What we are doing is extracting the data into the keyoutput.txt so that we can easily copy this into our code.
 
What we're going to do with this is to prevent partially trusted assemblies that are not signed with our key from calling our class.  We can do this by the following:
[StrongNameIdentityPermission(SecurityAction.Demand, PublicKey="002400000480000094000000060200000024000052534131000"+
"40000010001000D1E43C18B480E2BDB24767163AFA440311CC094ADA19"+
"2A9B7D7D62E6E6EA31465A0382FC5F5D7C1045D5A091E712003750F421"+
"BF9209611273573D8DB5D1C0E87979F439A7E210FA11683EE912CE8596"+
"5F4659DF5C8FC2B8E2D1D7B508AE315206A68B065CE18A9F425A15E2B2"+
"F2F2F415759EC2EB47DF0763D9263CC149BC7")]
public class DataCommand { ... }
 
There are a couple more properties that you can use to restrict which assemblies can call by using the Name property and the Version property.  I haven't seen much use of these just yet, but if you have, let me know.
 
In the future, I'll still be covering more topics of security in .NET and there is plenty of material to be covered.
 
Posted on Wednesday, May 10, 2006 2:16 PM Microsoft , .NET , C# | Back to top


Comments on this post: .NET Code Access Security for fun and profit - Strong Names

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Matthew Podwysocki | Powered by: GeeksWithBlogs.net