does CLR verify a stringly name assembly if it is not installed into GAC?

[Dan]

Hi all

does the CLR performs any load-time check for tampering/security on a
strongly name assembly that is privately deployed (not installed into GAC)?

thanks
dan

 

[Dmitriy Lapshin [C# / .NET MVP]]

Hi,

As far as I remember, yes. Strong naming is just a requirement for an
assembly to be put into GAC, and if an assembly is strong-named, it will be
checked by the loader regardless of where it is being loaded from.

 

[Hermit Dave]

yeap a strong named assembly will be checked whether it is in GAC or deloyed
within apps folder.
when i started with obfuscator... i had little idea about it and i
obfuscatored a strong named private assembly...
and clr chucked out...

 

[Michel Gallant]

If the SN'd assembly is NOT in the GAC, the integrity of the SN is always
checked on loading.
If the assembly is IN the GAC, the SN is not checked when loaded. It is only checked
when the assembly is actually added to the GAC.
See:
http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnnetsec/html/strongnames.asp

- Mitch Gallant
MVP Security