assembly protection

Discussion in 'ASP .Net' started by Fabio R., Mar 24, 2006.

  1. Fabio R.

    Fabio R. Guest

    Hi all,
    what can I do to avoid that someone replace a dll of my asp.net project with
    another one?
    Example: in check.dll there's the method VerifyUrl to check if the current
    domain name is www.site.com, otherwise it return false.
    I don't want that someone replaces check.dll with another one with VerifyUrl
    that always return true...
    I'm not so expert, so probably I miss something...
    Thanks to anyone can help me,
    Fabio
     
    Fabio R., Mar 24, 2006
    #1
    1. Advertising

  2. Sign your assembly (you'll need to sign all other assemblies that reference
    it as well).

    You can generate a key by doing

    sn -k SomeKeyName.snk in a VS.NET command prompt

    You can then add the key to your project via the assemblyKeyFile attribute:

    [assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]

    Here's some references:
    http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx

    or simply google "assembly signing" or "assembly strong naming"

    Karl


    --
    http://www.openmymind.net/
    http://www.fuelindustries.com/


    "Fabio R." <fabio71 _ at _ yahoo.it> wrote in message
    news:...
    > Hi all,
    > what can I do to avoid that someone replace a dll of my asp.net project
    > with another one?
    > Example: in check.dll there's the method VerifyUrl to check if the current
    > domain name is www.site.com, otherwise it return false.
    > I don't want that someone replaces check.dll with another one with
    > VerifyUrl that always return true...
    > I'm not so expert, so probably I miss something...
    > Thanks to anyone can help me,
    > Fabio
    >
     
    Karl Seguin [MVP], Mar 24, 2006
    #2
    1. Advertising

  3. Fabio R.

    Fabio R. Guest

    So I need to sign with the same assemblykey all my dll...
    After this, the application stops to work if a dll is replaced with a
    disassembled one?
    Thansks,
    Fabio

    "Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
    net> ha scritto nel messaggio news:...
    > Sign your assembly (you'll need to sign all other assemblies that
    > reference it as well).
    >
    > You can generate a key by doing
    >
    > sn -k SomeKeyName.snk in a VS.NET command prompt
    >
    > You can then add the key to your project via the assemblyKeyFile
    > attribute:
    >
    > [assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]
    >
    > Here's some references:
    > http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx
    >
    > or simply google "assembly signing" or "assembly strong naming"
    >
    > Karl
    >
    >
    > --
    > http://www.openmymind.net/
    > http://www.fuelindustries.com/
    >
    >
    > "Fabio R." <fabio71 _ at _ yahoo.it> wrote in message
    > news:...
    >> Hi all,
    >> what can I do to avoid that someone replace a dll of my asp.net project
    >> with another one?
    >> Example: in check.dll there's the method VerifyUrl to check if the
    >> current domain name is www.site.com, otherwise it return false.
    >> I don't want that someone replaces check.dll with another one with
    >> VerifyUrl that always return true...
    >> I'm not so expert, so probably I miss something...
    >> Thanks to anyone can help me,
    >> Fabio
    >>

    >
    >
     
    Fabio R., Mar 24, 2006
    #3
  4. A signed assembly isn't fully tamper proof...but it's a step in the right
    direction. You might also want to take a look at:
    http://msdn.microsoft.com/msdnmag/issues/03/08/BasicInstincts/

    Karl

    --
    http://www.openmymind.net/



    "Fabio R." <fabio71 _ at _ yahoo.it> wrote in message
    news:%...
    > So I need to sign with the same assemblykey all my dll...
    > After this, the application stops to work if a dll is replaced with a
    > disassembled one?
    > Thansks,
    > Fabio
    >
    > "Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
    > net> ha scritto nel messaggio
    > news:...
    >> Sign your assembly (you'll need to sign all other assemblies that
    >> reference it as well).
    >>
    >> You can generate a key by doing
    >>
    >> sn -k SomeKeyName.snk in a VS.NET command prompt
    >>
    >> You can then add the key to your project via the assemblyKeyFile
    >> attribute:
    >>
    >> [assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]
    >>
    >> Here's some references:
    >> http://blogs.msdn.com/junfeng/archive/2006/03/11/549355.aspx
    >>
    >> or simply google "assembly signing" or "assembly strong naming"
    >>
    >> Karl
    >>
    >>
    >> --
    >> http://www.openmymind.net/
    >> http://www.fuelindustries.com/
    >>
    >>
    >> "Fabio R." <fabio71 _ at _ yahoo.it> wrote in message
    >> news:...
    >>> Hi all,
    >>> what can I do to avoid that someone replace a dll of my asp.net project
    >>> with another one?
    >>> Example: in check.dll there's the method VerifyUrl to check if the
    >>> current domain name is www.site.com, otherwise it return false.
    >>> I don't want that someone replaces check.dll with another one with
    >>> VerifyUrl that always return true...
    >>> I'm not so expert, so probably I miss something...
    >>> Thanks to anyone can help me,
    >>> Fabio
    >>>

    >>
    >>

    >
    >
     
    Karl Seguin [MVP], Mar 24, 2006
    #4
  5. Fabio R.

    LogicNP

    Joined:
    Oct 10, 2009
    Messages:
    3
    This is a step in the right direction but it is very easy to disable .Net's strong name verification on a machine. CryptoLicensing is a licensing scheme which has setting to enforce brute force strong name verification even if its disabled or bypassed on the system. Don't know if you need the licensing features in that tool, but this particular feature is also there.
     
    LogicNP, Jul 14, 2010
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Prasanna Padmanabhan
    Replies:
    1
    Views:
    825
    Mattias Sjögren
    Nov 19, 2003
  2. Brent
    Replies:
    1
    Views:
    1,373
    Brent
    Jan 23, 2004
  3. SA
    Replies:
    0
    Views:
    482
  4. Horatiu Margavan via .NET 247

    Assembly's manifest definition does not match the assembly reference.

    Horatiu Margavan via .NET 247, Aug 30, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    3,626
    Horatiu Margavan via .NET 247
    Aug 30, 2004
  5. g
    Replies:
    69
    Views:
    2,221
    Oliver Wong
    Apr 25, 2006
Loading...

Share This Page