none
How to prevent untrusted code from calling my assembly RRS feed

  • Question

  • I would like to know how to allow only trusted assemblies to call my code. I know that I can use CAS to do this, but I also know that system has changed significantly recently. What is the current recommended way to do this? Where can I find a good example? Thanks.

    GregP

    Saturday, November 9, 2013 12:34 PM

Answers

All replies

  • Hi GregP,

    There are two ways to work with Framework Security. One is Code Access Security. Another is Role-Based Security. Code security answers the questions "Where is the code from, who wrote the code, and what can the code do? “. While User security answers the questions, "Who is the user and what can the user do?” In our case, I think CAS is particularly appropriate for your situation. Role-Based Security was used in ASP. NET and MVC.

    CAS changed more in NET 4, you could see more information from this below page. https://www.simple-talk.com/dotnet/.net-framework/whats-new-in-code-access-security-in-.net-framework-4.0---part-i/

    Best Regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, November 11, 2013 3:29 AM
    Moderator
  • I have read those blog posts. While interesting, they don't seem to address my issue. I have an assembly that I want to protect. The only callers must be known to me. If someone else adds a reference to it I don't want them to be able to call any of the methods.  Those posts say to me that if someone were to create an exe mark itself SecurityCritical (the default) then there is nothing I can do to prevent him from calling into my assembly. I assume that this is wrong but I cannot find out how to accomplish this. Does anyone know where I can find an example?

    Thanks.


    GregP

    Monday, November 11, 2013 3:31 PM
  • Hi GregP,

    The purpose of CAS is to prevent the code to run without authorization. I don’t think CAS could handle your case. Someone has posted a similar question, I recommend you have a look at it. http://stackoverflow.com/questions/96624/how-to-prevent-others-from-using-my-net-assembly.

    Hope could give you some inspiration.

    Best Regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, November 12, 2013 2:17 AM
    Moderator