how can I protect my assembly by use strongnameidentitypermission with .NET 2.0?

how can I protect my assembly by use strongnameidentitypermission with .NET 2.0?

Post by Ares Che » Tue, 09 Sep 2008 21:28:56


是一封 MIME 格式的多方邮件。


Hi, all
In .NET 1.1, I can protect my assembly by use "StrongNameIdentityPermission", so only the caller with the special StrongName Sign can call my functions in the important assembly.

But how can I do this with .NET 2.0? I find some detail with this topic from a link as below
http://msdn.microsoft.com/en-us/library/system.security.permissions.strongnameidentitypermission.aspx

In the .NET Framework versions 1.0 and 1.1, identity permissions cannot have an Unrestricted permission state value. In the .NET Framework version 2.0, identity permissions can have any permission state value. This means that in version 2.0, identity permissions have the same behavior as permissions that implement the IUnrestrictedPermission interface. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust. For information on executing version 2.0 applications with version 1.1 CAS policy, see <legacyV1CASPolicy> Element.

My problem is :"a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust."

Any advice is welcome, thank you


--

Best regards,
Ares
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content=text/html;charset=gb2312>
<META content="MSHTML 6.00.6000.16705" name=GENERATOR></HEAD>
<BODY id=MailContainerBody
style="PADDING-RIGHT: 10px; PADDING-LEFT: 10px; PADDING-TOP: 15px"
bgColor=#cce8cf leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><FONT face=微软雅黑 size=2>Hi, all</FONT></DIV>
<DIV><FONT face=微软雅黑 size=2>In .NET 1.1, I can protect my assembly by use
"StrongNameIdentityPermission", so only the caller with the special StrongName
Sign can call my functions in the important assembly. </FONT></DIV>
<DIV><FONT face=微软雅黑 size=2></FONT> </DIV>
<DIV><FONT face=微软雅黑 size=2>But how can I do this with .NET 2.0? I find some
detail with this topic from a link as below</FONT></DIV>
<DIV><FONT face=微软雅黑 size=2><A
title="http://msdn.microsoft.com/en-us/library/system.security.permissions.strongnameidentitypermission.aspx CTRL + 单击以下链接"
href="http://msdn.microsoft.com/en-us/library/system.security.permissions.strongnameidentitypermission.aspx">http://msdn.microsoft.com/en-us/library/system.security.permissions.strongnameidentitypermission.aspx</A></FONT></DIV>
<DIV><FONT face=微软雅黑 size=2></FONT> </DIV><FONT face=微软雅黑 size=2>
<DIV>
<P>In the .NET Framework versions 1.0 and 1.1, identity permissions cannot have
an <SPAN sdata="cer"
target="F:System.Security.Permissions.PermissionState.Unrestricted"><A
id=ctl00_rs1_mainContentContainer_ctl31
onclick="javascript:Track('ctl00_rs1_mainContentContainer_cpe49180_c|ctl00_rs1_mainContentContainer_ctl31',this);"
href="http://msdn.microsoft.com/en-us/library/system.security.permissions.permissionstate.unrestricted.aspx"><FONT
title="http://msdn.microsoft.com/en-us/library/system.security.permissions.permissionstate.unrestricted.aspx CTRL + 单击以下链接"
color=#0033cc>Unrestricted</FONT></A></SPAN> permission state value. In the .NET
 
 
 

how can I protect my assembly by use strongnameidentitypermission with .NET 2.0?

Post by Pavel Mina » Tue, 09 Sep 2008 21:55:30


Well, that's why it's called "Full Trust", right? Given that a full trust
assembly can do any imaginable tricks with unmanaged code anyway, if really
needed, it could override any and all security checks, so why bother?