locked
Reflection - Strong Name RRS feed

  • Question

  • Hello, Pls any1 can help to answer my question. Why when ni use Reflection in my Exe to get the path like:

    Me.m_RunningPath = Reflection.Assembly.GetExecutingAssembly.Location 'including filename

    and i try to use the Strong Name to verify the Dll. I found that if i'm not using "Reflection" to get the path and direct call the dll, the same way of Strong name will work fine.However if i use reflection,even version wrong it also verify as approved. Is it anyway wrong or i can't use reflection for calling dll in my Exe. Thank you.

     

     

    Monday, June 26, 2006 6:07 AM

Answers

  • So basically you want to prevent your EXE from loading Dlls that you didn't build.  If you can narrow down where you load the assembly then checking strong names and whatnot is fine but for general protection I believe CAS will solve your problem better.  I believe you can use PublisherMembershipCondition and/or StrongNameIdentityPermission and friends to set up a permission demand that requires that assemblies called by your EXE match your publisher and/or strong name requirements.  This will then enforce the security at load time rather than you having to do it yourself.  However this is just a thought based on what I've heard from others who asked similar questions.  You'd have to read up on it to see if it would work for you.  I don't know much about it myself.  Good luck.

    Michael Taylor - 6/26/06

     

    • Unmarked as answer by daphne62 Thursday, February 12, 2009 3:41 AM
    • Marked as answer by daphne62 Thursday, February 12, 2009 3:42 AM
    Tuesday, June 27, 2006 12:00 PM

All replies

  • Could you clarify what you are trying to accomplish, perhaps with some source code?  I'm not quite sure what you are asking.

    Michael Taylor - 6/26/06

    Monday, June 26, 2006 11:37 AM
  • Now i want to do 1 checking when run Exe at branches that if found 1 of the dll calling in Exe was not developed by us, then the system will block who Exe continue. It's some sort like DLL verification. We use Strong name to do,but we found only when in the Exe use Testing ts= new testing() calling instance only work ,but if we use like following:

    Me.m_RunningPath = Reflection.Assembly.GetExecutingAssembly.Location '

    to calling Dll in the Exe, the strong name won't work to verify the snk file even the version Dll not correct.So i would like to ask is it using Reflection under Strong name will not work or need to do some extra setting on it? Or is it some way else can do Dll verify things. Thank you.

    Tuesday, June 27, 2006 12:13 AM
  • If you want to check if an assembly has a certain strong name then you can call Assembly.GetName on that assembly and check the KeyPair property.
    Tuesday, June 27, 2006 7:07 AM
  • Take a look at this.
    Tuesday, June 27, 2006 9:10 AM
  • So basically you want to prevent your EXE from loading Dlls that you didn't build.  If you can narrow down where you load the assembly then checking strong names and whatnot is fine but for general protection I believe CAS will solve your problem better.  I believe you can use PublisherMembershipCondition and/or StrongNameIdentityPermission and friends to set up a permission demand that requires that assemblies called by your EXE match your publisher and/or strong name requirements.  This will then enforce the security at load time rather than you having to do it yourself.  However this is just a thought based on what I've heard from others who asked similar questions.  You'd have to read up on it to see if it would work for you.  I don't know much about it myself.  Good luck.

    Michael Taylor - 6/26/06

     

    • Unmarked as answer by daphne62 Thursday, February 12, 2009 3:41 AM
    • Marked as answer by daphne62 Thursday, February 12, 2009 3:42 AM
    Tuesday, June 27, 2006 12:00 PM