StrongNameIdentityPermission at Assembly level?

  • Thread starter Thread starter Brad
  • Start date Start date
B

Brad

I've just used StrongNameIdentityPermission at the class level and it works
fine. Can I use it similar to the following for the entire assembly?
<StrongNameIdentityPermission(SecurityAction.LinkDemand,
PublicKey:="00...")>

Rather than protect each class idependently I'd prefer to protect the entire
assembly from being accessed by an invalid program. I tried <Assembly:
StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey:="00...")>
but it creates the error "SecurityAction type invalid on assembly"

Thanks

Brad

Cross posted to microsoft.public.dotnet.security &
microsoft.public.dotnet.languages.vb
 
Hi Brad,

I think you can not do the similar thing with Assembly.
When you load the assembly , the CLR runtime will not check if the assembly
that load the assembly has the valid access. It will only be done with a
class, when you use a class.

So I think you may need to set StrongNameIdentityPermission with every
class in your assembly.

If you have any concern on this issue, please post here.

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Try SecurityAction.RequestMinimum instead of SecurityAction.LinkDemand...

Tim.
(e-mail address removed)
 
Unfortunately, this will not help :( Putting RequestMinimum for that permission will verify that your assembly will execute ONLY if it is signed with the key mentioned in the permission attribute -- it's quite different from what you need if I see it correctly.

I'm afraid there is no functionality now to achieve what you need :(
 
Thank you. Yes, I found that RequestMinimum did not stop an unsigned or
different keyed program from accessing my class methods. So from what you
said and from my testing/reading, it seems the highest level at which you
can restrict access based upon a proper key , is at the class....which is
fine.

Brad

Unfortunately, this will not help :( Putting RequestMinimum for that
permission will verify that your assembly will execute ONLY if it is signed
with the key mentioned in the permission attribute -- it's quite different
from what you need if I see it correctly.

I'm afraid there is no functionality now to achieve what you need :(
 
Yes, you are totally right.

RequestMinimum will make sure the current assembly has the permission in
question before allowing it to execute.

Demand and LinkDemand examine the permissions of callers which is what you
need.

Sorry for the misleading info!!
 
Back
Top