The problem with trying to use CAS to do this on a machine that you don't control is that anyone with admin privilege on the machine can run
caspol -i off
and all your carefully crafted permissions and checks are ignored - on install you could have an encrypted value accessible somewhere that said what kind of version it was - there are issues with this in terms of key management and things like that though.
Regards
Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<BB**********************************@microsoft.co m>
Hi there,
I had been thinking really hard.
I had a scenario and i am wondering anyone had experience this before.
I had to push out couple of dlls, example:
myframework.sdk.dll
myframework.os.dll
We had 100 partners around the world, and i am thinking that each partners
only requires certain features of the libraries we had.
We had 2 versions:
Just say the dll myframework.sdk.dll contains 10 functions
Professional - full access to all 10 functions
Academic - limits to 3 functions
well it still depends, sometimes we had to cater each partner to only access
to the necessary functions.
In order to make this happen:
1) I secure my dll code with CAS attributes, and each method had an
attributes on which assemblies which calls it.
2) There will be an abstraction layer, that calls this myframework.sdk.dll
and myframework.os.dll. I remember how sql server 2005 handles this with the
existence of xsd schemas.
people access --> master.dll (abstraction layer) --> myframework.sdk.dll and
my framework.os.dll
3) In order to high protective, master.dll is protected with dongle. Hmm, is
this the best way with using dongle? I know that under administration tool ,
.net framework 1.1 configuration, you can set something to secure the dll.
But what if the system admin of the partner, manipulate the settings, the
security to the dll is all gone.
Any idea who experiences this before?
But the problem i see here with CAS, to cater each client manually, i had to
modify each security settings manually, recompiles it. Is there any way, to
stop me from recompiling my dll, and on the fly set my security settings on
each method?
Maybe,
[Allowed("true")]
public int PrintStatus() {}
-auto trigger without recompile my dlls.
[Allowed("false")]
public int PrintStatus() {}
Hope someone can give some comments!
--
Regards,
Chua Wen Ching :)
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.760 / Virus Database: 509 - Release Date: 10/09/2004
[microsoft.public.dotnet.languages.csharp]
