assembly protection

[Fabio R.]

Hi all,
what can I do to avoid that someone replace a dll of my asp.net project with
another one?
Example: in check.dll there's the method VerifyUrl to check if the current
domain name is www.site.com, otherwise it return false.
I don't want that someone replaces check.dll with another one with VerifyUrl
that always return true...
I'm not so expert, so probably I miss something...
Thanks to anyone can help me,
Fabio

 

[Karl Seguin [MVP]]

Sign your assembly (you'll need to sign all other assemblies that reference
it as well).

You can generate a key by doing

sn -k SomeKeyName.snk in a VS.NET command prompt

You can then add the key to your project via the assemblyKeyFile attribute:

[assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]

Here's some references:
http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx

or simply google "assembly signing" or "assembly strong naming"

Karl

 

[Fabio R.]

So I need to sign with the same assemblykey all my dll...
After this, the application stops to work if a dll is replaced with a
disassembled one?
Thansks,
Fabio

"Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
net> ha scritto nel messaggio news:[email protected]...

Sign your assembly (you'll need to sign all other assemblies that
reference it as well).

You can generate a key by doing

sn -k SomeKeyName.snk in a VS.NET command prompt

You can then add the key to your project via the assemblyKeyFile
attribute:

[assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]

Here's some references:
http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx

or simply google "assembly signing" or "assembly strong naming"

Karl


--
http://www.openmymind.net/
http://www.fuelindustries.com/

Hi all,
what can I do to avoid that someone replace a dll of my asp.net project
with another one?
Example: in check.dll there's the method VerifyUrl to check if the
current domain name is www.site.com, otherwise it return false.
I don't want that someone replaces check.dll with another one with
VerifyUrl that always return true...
I'm not so expert, so probably I miss something...
Thanks to anyone can help me,
Fabio

 

[Karl Seguin [MVP]]

A signed assembly isn't fully tamper proof...but it's a step in the right
direction. You might also want to take a look at:
http://msdn.microsoft.com/msdnmag/issues/03/08/BasicInstincts/

Karl

--
http://www.openmymind.net/

So I need to sign with the same assemblykey all my dll...
After this, the application stops to work if a dll is replaced with a
disassembled one?
Thansks,
Fabio

"Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
net> ha scritto nel messaggio

Sign your assembly (you'll need to sign all other assemblies that
reference it as well).

You can generate a key by doing

sn -k SomeKeyName.snk in a VS.NET command prompt

You can then add the key to your project via the assemblyKeyFile
attribute:

[assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]

Here's some references:
http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx

or simply google "assembly signing" or "assembly strong naming"

Karl


--
http://www.openmymind.net/
http://www.fuelindustries.com/

Hi all,
what can I do to avoid that someone replace a dll of my asp.net project
with another one?
Example: in check.dll there's the method VerifyUrl to check if the
current domain name is www.site.com, otherwise it return false.
I don't want that someone replaces check.dll with another one with
VerifyUrl that always return true...
I'm not so expert, so probably I miss something...
Thanks to anyone can help me,
Fabio

 

[LogicNP]

This is a step in the right direction but it is very easy to disable .Net's strong name verification on a machine. CryptoLicensing is a licensing scheme which has setting to enforce brute force strong name verification even if its disabled or bypassed on the system. Don't know if you need the licensing features in that tool, but this particular feature is also there.