How to verify strong name programmatically in C#.net 4 RRS feed

  • Question

  • Hi,

    In .NET 2 we had a good unmanaged method (StrongNameSignatureVerificationEx) to verify assembly strong name; however, it is absent in .NET 4. It looks like a very bad idea to install both .NET 2 and .NET 4 on client computer just to verify strong name. From the other hand, strong name verification is important in security.

    So, are there any ideas how to implement method bool VerifyStrongName(string assemblyFilePath) in C#.NET 4? MSDN advices to use ICLRStrongName::StrongNameSignatureVerificationEx method, however, it doesn't give any code examples.

    Friday, March 4, 2011 11:55 AM


All replies

  • ICLRStrongName MSDN page tells you how to get to the interface - via ICLRRuntimeInfo::GetInterface.
    You can find some info here: http://msdn.microsoft.com/en-us/library/dd233120(VS.100).aspx and some sample links on Wiki content of .NET Framework 4 Hosting Interfaces page.
    The 4.0 method ICLRStrongName::StrongNameSignatureVerificationEx should behave the same way as 2.0 function StrongNameSignatureVerificationEx.

    Anyway, here's sample how to get to ICLRStrongName interface:

    // File: Test.cpp
    // Compile: cl.exe /Zi /FeTest.exe Test.cpp ole32.lib mscoree.lib
    #include <stdio.h>
    #include <windows.h>
    #include <cor.h>
    #include <metahost.h>
    #include <atlbase.h>
    #define IfFailRet(hrValue) do { if (FAILED(hrValue)) return; } while (false)
    void wmain()
     CComPtr<ICLRMetaHost> pMetaHost;
     CComPtr<ICLRRuntimeInfo> pRuntime;
     CComPtr<ICLRStrongName> pCLRStrongName;
     IfFailRet(CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost, (void **)&pMetaHost));
     IfFailRet(pMetaHost->GetRuntime(L"v4.0.30319", IID_ICLRRuntimeInfo, (void **)&pRuntime));
     IfFailRet(pRuntime->GetInterface(CLSID_CLRStrongName, IID_ICLRStrongName, (void **)&pCLRStrongName));
     printf("pCLRStrongName = 0x%08x\n", pCLRStrongName);


    Saturday, March 5, 2011 4:52 AM
  • Hi,

    thanks for your advice, however, it is C++ code and not C# one. Actually I know how to do in in C++ (MSDN has example), however, this way has a problem. I always use "Any CPU" platform for my C# software, because some clients still use x86 computers. I prefer not to create 2 versions of any software (one for 64 bit clients and one for 32 bit ones), I use "Any CPU" platform instead. And native C++ code can not use this platform. It means that I have to create 2 versions of DLL files with "IsStrongNameValid" method, and also I have to create a C# "Any CPU" DLL that will check if main process 32 bit or 64 bit and load correct C++ DLL. It is possible way, however, it is not elegant I think. So, my question is: "Are there any C#-only solution?" Can we make this check by using PInvoke and C# without any usage of C++ native code, so we'll not have to create 3 DLLs: one x86, one x64 and one "Any CPU" to make this code portable on both x86 and x64 computers?

    Monday, March 7, 2011 8:45 AM
  • Check out the links I sent above. One of them points to this managed Wrappers for Hosting APIs: http://clractivation.codeplex.com/


    • Marked as answer by VASoftOnline Wednesday, March 9, 2011 9:08 AM
    Monday, March 7, 2011 4:58 PM
  • Hi Vitaliy,


    Welcome to the MSDN forum!


    Actually, we always suggest not to compile on “AnyCPU” platform. I think you can use X86 platform. Because using X86 means assembly can run by 32-bit, x86-compatuble CLR. If on a 64-bit Windows OS, assembly compiled with x86 will execute on the 32 bit CLR running under WOW 64.


    So if the unmanaged method(StrongNameSignatureVerificationEx) can be used well in .Net 2 of x86 compiled, so can .Net 4.


    Paul Zhou [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, March 8, 2011 6:59 AM
  • Thanks, Karel, it is exactly what I searched.
    Wednesday, March 9, 2011 9:09 AM