Menu
I have a requirement to have a restriction in an assembly such that only assemblies that are signed with a given key can use it. I am inexperienced, but what I understand is signing is done to help identify who created the assembly. Hence, just signing this assembly should not be enough to ensure that all calling assemblies are signed. Probably the reverse is true, i.e. if an assembly is signed, all the assemblies it depends on should be signed(by the same key perhaps). What would be the way to meet the requirement?
386
You can sign an assembly in two different but complementary ways: with a strong name or by using SignTool.exe (Sign Tool). Signing an assembly with a strong name adds public key encryption to the file containing the assembly manifest.
Delay signing is a technique for signing assemblies outside of the build process. A delay signed assembly is marked with a blank strong-name key: it basically reserves space for the key to be added later, by an authorized user. We can sign the assembly using the Sn.exe tool.
You can use PublisherIdentityPermissionAttribute.
If you apply PublisherIdentityPermissionAttribute to MyClass class then only classes in assemblies signed by the mycert.cer certificate can use your class. You need to put SecurityAction.Demand
All callers higher in the call stack are required to have been granted the permission specified by the current permission object
Use like
[PublisherIdentityPermission(SecurityAction.Demand, CertFile = "mycert.cer")]
public class MyClass
You can also use it on assembly level to protect entire assembly (however assembly level security will not work since .Net 4.0 unless you set <NetFx40_LegacySecurityPolicy enabled="true"/> in configuration).
64
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
