none
Verifying publisher evidence of System.Addin before loading RRS feed

  • Question

  • I am building an application which utilises the System.Addin infrastructure to allow 3rd party developers to extend its functionality.

    However, we wish to limit this capability to authorized software publishers, with the ability to revoke their status.

    The obvious way I see to implement this, is to require that AddIns are authenticode signed, with a certificate that we have issued.

    This way, our host application can verify the publisher's 'issuer' information, to ensure that it is our certificate - if not then we havent granted the authorization for the AddIn to load.

     

    I am, however, at a loss on how to implement this in the application. I dont know if I need to proceed down the CAS path with something similar to the StrongNameIdentityPermission, or if I need to provide some sort of custom SecurityManager for the Application Domain that is loading the assemblies...

     

    Can anybody help me out here?

     

    Thanks

    Wednesday, April 2, 2008 9:58 PM

Answers

  • Code Snippet

    // addin is the Addin you want to verify

    // token is the AddinToken of the Addin

     

    // Get the AppDomain of the addin

    AppDomain addInDomain = AddInController.GetAddInController(addin).AppDomain;

     

    // Get the assembly of the addin

    Assembly addinAsm;

    foreach (Assembly asm in AppDomain.CurrentDomain.GetAssemblies())

    {

        if (asm.FullName.Equals(token.AssemblyName.FullName))

        {

            addinAsm = asm;

            break;

        }

    }

     

    // Get the trusted evidence of the assembly

    IEnumerator hostEvidence = addinAsm.Evidence.GetHostEnumerator();

    Publisher publisherOfAddin;

    while (hostEvidence.MoveNext())

    {

        if (hostEvidence.Current.GetType() == typeof(Publisher))

        {

            publisherOfAddin = hostEvidence.Current as Publisher;

            break;

        }

    // You get the Publisher instance of the loaded assembly of the Addin now.


    I wrote the code for you and hope this can get you started. Also recommended reading the following reference about this issue:

    Enumerating Evidence


    Hope this helps!


    Thanks!




    Wednesday, April 9, 2008 3:27 AM

All replies

  • Please check out AddInToken.Publisher Property to get and check the publisher of the add-in.

    Hope this can get you started.

    Thanks!

    Monday, April 7, 2008 6:52 AM
  • Thanks Feng, but this 'Publisher' property has nothing to do with the security evidence of the AddIn Assembly - which is what I need.
    How do I retrieve the Assembly Evidence of the AddIn from within the host?

    Thanks

     - Adam
    Monday, April 7, 2008 8:36 AM
  • Code Snippet

    // addin is the Addin you want to verify

    // token is the AddinToken of the Addin

     

    // Get the AppDomain of the addin

    AppDomain addInDomain = AddInController.GetAddInController(addin).AppDomain;

     

    // Get the assembly of the addin

    Assembly addinAsm;

    foreach (Assembly asm in AppDomain.CurrentDomain.GetAssemblies())

    {

        if (asm.FullName.Equals(token.AssemblyName.FullName))

        {

            addinAsm = asm;

            break;

        }

    }

     

    // Get the trusted evidence of the assembly

    IEnumerator hostEvidence = addinAsm.Evidence.GetHostEnumerator();

    Publisher publisherOfAddin;

    while (hostEvidence.MoveNext())

    {

        if (hostEvidence.Current.GetType() == typeof(Publisher))

        {

            publisherOfAddin = hostEvidence.Current as Publisher;

            break;

        }

    // You get the Publisher instance of the loaded assembly of the Addin now.


    I wrote the code for you and hope this can get you started. Also recommended reading the following reference about this issue:

    Enumerating Evidence


    Hope this helps!


    Thanks!




    Wednesday, April 9, 2008 3:27 AM
  • Thanks Feng,

     

    I actually just finished writing a very similar method for performing the check, as you have described above.

     

    The only real differences are, my one operates on the AddInToken, meaning that you dont have to Activate the AddIn to be able to check it (I didnt want to execute any code in the AddIn until I knew it was authorized), and I check the Authority Key byte-array instead of comparing the Publisher evidence against the hosts - but I could go either way on that one...

    negligable differences.

     

    Thanks for the help

     

    Regards,

     

    Adam

     

    Wednesday, April 9, 2008 4:44 AM