Verification of Assembly Strong Names

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

currently i have program that loads .net assemblies using the Assembly.Load
method from the Assembly class. the assemblies have several plug ins classes
that i load. I want to make sure that the assembly that i am loading is one
made by me. (have been signed by me using my StrongName Key). how do i do
that? Code examples will be great.
 
Here's a routine that extracts the public key token from an assembly. You
can use this to extract the token from the assembly you loaded and then
compare that against the assembly that is executing, which is signed with
your company's strong name.

using System.Collections;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Reflection;


/// <summary>
/// This gets the public key portion of the strong name for the assembly.
/// Use the reflection APIs to extract the strong name
/// from the executing assembly.
/// </summary>
/// <returns></returns>
private StrongNamePublicKeyBlob GetStrongNamePublicKey (Assembly asm)
{
// this gets the dynamic value
IEnumerator e = asm.Evidence.GetEnumerator();
while ( e.MoveNext() )
{
if ( e.Current.GetType() == typeof(
System.Security.Policy.StrongName ) )
{
StrongName u = (StrongName)e.Current;
Trace.WriteLine( string.Format("Name= {0}, {1}; PublicKey= {2}",
u.Name, u.Version, u.PublicKey) );
return u.PublicKey;
}
} //while ( e.MoveNext() )
throw new SecurityException( "Unable to extract public key strong name
from assembly." );
}// GetStrongName

use it like this...

public Assembly LoadMyPlugin (string pluginName )
{
Assembly a = Assembly.Load(pluginName); // or some variant of Loadxxx
StrongNamePublicKeyBlob me = GetStrongNamePublicKey(
Assembly.GetExecutingAssembly() ); //
StrongNamePublicKeyBlob caller = GetStrongNamePublicKey( a );
if ( !me.Equals( caller ) )
throw new InvalidOperationException( "You are not allowed to call
me." ); // or throw a SecurityException
return a; // I wrote it...
}
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HowTo: dynamically load assembly from GAC 2
problem with assembly signing and strong names 1
XmlSerializer for a type in dynamically loaded assembly 6
Getting assembly version without loading it 3
EntLibConfig.exe - strong name validation failed 2
Strong name validation failed 1
Loading Assemblies 1
Strongly named dynamic assemblies 2

Back
Top