473,385 Members | 1,409 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > securing assembly question

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Securing assembly question

Hi,

My main application is calling a couple of dll assembly that we made. I
want to secure those dll assembly so they can't be used by a third party.

I did a couple of test with
[assembly: AssemblyKeyFile(@"..\..\myKey.snk")] on both side, caller and
dll assembly, but does not succeed to secure the assembly. (myKey.snk is
gnerated with 'sn -k myKey.snk')

and I've read this article
http://www.morganskinner.com/Article...ityPermission/
and in this case we paste the key in the code of the dll assembly like this:
[StrongNameIdentityPermission ( SecurityAction.Demand ,
PublicKey="00240000048000009400000006020000" +

"..." +
"1c6056092c2ac48a8b27c53631f7d5b6")]

But what happen when this key has to change in 50 dlls, can it be taken
from a file?

So I would liks to know what is the best way to secure the dll assembly?

Thanks
Marty
Nov 25 '05 #1
3 1399
"Marty" <xm******@hotmail.com> wrote in message
news:TMHhf.170020$Io.44557@clgrps13...
Hi,

My main application is calling a couple of dll assembly that we made. I
want to secure those dll assembly so they can't be used by a third party.
StrongNameIdentityPermission verifications are quite trivial to bypass by
code with certain "high privilege" CAS permissions. In addition, all code
running with unrestricted CAS permissions (aka "full trust") automatically
passes demands for any identity permission in v. 2.0. Given this, you might
want to consider using some alternate mechanism (e.g.: licensing) for
limiting the callers into your assemblies.

I did a couple of test with
[assembly: AssemblyKeyFile(@"..\..\myKey.snk")] on both side, caller and
dll assembly, but does not succeed to secure the assembly. (myKey.snk is
gnerated with 'sn -k myKey.snk')
Exactly what were you hoping that simply signing the assembly would
accomplish with respect to "securing the assembly"?
and I've read this article
http://www.morganskinner.com/Article...ityPermission/
and in this case we paste the key in the code of the dll assembly like
this:
[StrongNameIdentityPermission ( SecurityAction.Demand ,
PublicKey="00240000048000009400000006020000" +
"..." +
"1c6056092c2ac48a8b27c53631f7d5b6")]

But what happen when this key has to change in 50 dlls, can it be taken
from a file?
Yes. The value can be supplied via a constant, and that constant can be
defined in a file linked into your project.


So I would liks to know what is the best way to secure the dll assembly?

Thanks
Marty

Nov 28 '05 #2
Hi Nicole,

Thank you for your reply, this is pretty interesting.

Your suggestions about the "Licensing" is interesting and I've found an
article about it: http://windowsforms.net/articles/Licensing.aspx

Do you have other great articles about it?

I can see that licensing must be aplied to each class and forms. is
there a way to apply licensing to a whole project, such as a dll project?

Regards,
Marty

Nicole Calinoiu wrote:
"Marty" <xm******@hotmail.com> wrote in message
news:TMHhf.170020$Io.44557@clgrps13...
Hi,

My main application is calling a couple of dll assembly that we made. I
want to secure those dll assembly so they can't be used by a third party.

StrongNameIdentityPermission verifications are quite trivial to bypass by
code with certain "high privilege" CAS permissions. In addition, all code
running with unrestricted CAS permissions (aka "full trust") automatically
passes demands for any identity permission in v. 2.0. Given this, you might
want to consider using some alternate mechanism (e.g.: licensing) for
limiting the callers into your assemblies.
I did a couple of test with
[assembly: AssemblyKeyFile(@"..\..\myKey.snk")] on both side, caller and
dll assembly, but does not succeed to secure the assembly. (myKey.snk is
gnerated with 'sn -k myKey.snk')

Exactly what were you hoping that simply signing the assembly would
accomplish with respect to "securing the assembly"?

and I've read this article
http://www.morganskinner.com/Article...ityPermission/
and in this case we paste the key in the code of the dll assembly like
this:
[StrongNameIdentityPermission ( SecurityAction.Demand ,
PublicKey="00240000048000009400000006020000" +
"..." +
"1c6056092c2ac48a8b27c53631f7d5b6")]

But what happen when this key has to change in 50 dlls, can it be taken
from a file?

Yes. The value can be supplied via a constant, and that constant can be
defined in a file linked into your project.
So I would liks to know what is the best way to secure the dll assembly?

Thanks
Marty


Nov 30 '05 #3
"Marty" <xm******@hotmail.com> wrote in message
news:hMjjf.132948$y_1.35447@edtnps89...
Hi Nicole,

Thank you for your reply, this is pretty interesting.

Your suggestions about the "Licensing" is interesting and I've found an
article about it: http://windowsforms.net/articles/Licensing.aspx

Do you have other great articles about it?
The one you mentioned is probably the most complete introduction I've seen.
Unfortunately, the MSDN documentation isn't likely to be much help until
you've understood the underlying mechanism and can put the specifics into
context.

I can see that licensing must be aplied to each class and forms. is there
a way to apply licensing to a whole project, such as a dll project?
AFAIK, not directly. However, you could use a post-compiler like XC#
(http://www.resolvecorp.com) to map a custom assembly-level attribute into
member-level code.

Regards,
Marty

Nicole Calinoiu wrote:
"Marty" <xm******@hotmail.com> wrote in message
news:TMHhf.170020$Io.44557@clgrps13...
Hi,

My main application is calling a couple of dll assembly that we made. I
want to secure those dll assembly so they can't be used by a third party.

StrongNameIdentityPermission verifications are quite trivial to bypass by
code with certain "high privilege" CAS permissions. In addition, all
code running with unrestricted CAS permissions (aka "full trust")
automatically passes demands for any identity permission in v. 2.0.
Given this, you might want to consider using some alternate mechanism
(e.g.: licensing) for limiting the callers into your assemblies.
I did a couple of test with
[assembly: AssemblyKeyFile(@"..\..\myKey.snk")] on both side, caller and
dll assembly, but does not succeed to secure the assembly. (myKey.snk is
gnerated with 'sn -k myKey.snk')

Exactly what were you hoping that simply signing the assembly would
accomplish with respect to "securing the assembly"?

and I've read this article
http://www.morganskinner.com/Article...ityPermission/
and in this case we paste the key in the code of the dll assembly like
this:
[StrongNameIdentityPermission ( SecurityAction.Demand ,
PublicKey="00240000048000009400000006020000" +
"..." +
"1c6056092c2ac48a8b27c53631f7d5b6")]

But what happen when this key has to change in 50 dlls, can it be taken
from a file?

Yes. The value can be supplied via a constant, and that constant can be
defined in a file linked into your project.
So I would liks to know what is the best way to secure the dll assembly?

Thanks
Marty



Nov 30 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
Securing hashing algorithm
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice...
C# / C Sharp
3
Precompiling or Securing Code
by: archsg | last post by:
Hello, I have an ASP.Net 1.1 application that I need to move to a production server on a customer's network. I do not want the customer to have access to any code. It looks like VS2003 does...
ASP.NET
10
Re: Advice on securing a sensitive Access database
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Thank you for that. It was very...
Microsoft Access / VBA
10
Re: Advice on securing a sensitive Access database
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1....
Microsoft Access / VBA
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!