Detecting Signed Code

Guest · Jan 30, 2004

I'm building a "plugin" architecture into my application where it will automatically detect (through Reflection) assemblies that are dropped into a folder as plugins and execute them when necessary. However, I do not want just anyone to be able to create an assembly and drop it in and have it execute. So, I'd like to sign the assemblies with a private key and then have the application verify that the assembly is signed properly before it will execute code contained in it. What is the best way to do this?

Thanks,

Ian

Miha Markic [MVP C#] · Jan 30, 2004

Hi,

You shuld look into Assembly.Evidence property and search for a StrongName
class.
Code snippet:
Evidence e = Assembly.GetExecutingAssembly().Evidence;

foreach (object o in e)

{

StrongName sn = o as StrongName;

if (sn != null)

Console.WriteLine(sn.PublicKey);

}

--
Miha Markic [MVP C#] - RightHand .NET consulting & software development
miha at rthand com
www.rthand.com

R. Ian Lee said:
I'm building a "plugin" architecture into my application where it will

automatically detect (through Reflection) assemblies that are dropped into a
folder as plugins and execute them when necessary. However, I do not want
just anyone to be able to create an assembly and drop it in and have it
execute. So, I'd like to sign the assemblies with a private key and then
have the application verify that the assembly is signed properly before it
will execute code contained in it. What is the best way to do this?

Detecting Signed Code

Guest

Miha Markic [MVP C#]