Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net (http://www.velocityreviews.com/forums/f29-asp-net.html)
-   -   assembly protection (http://www.velocityreviews.com/forums/t122300-assembly-protection.html)

Fabio R. 03-24-2006 09:19 PM

assembly protection
 
Hi all,
what can I do to avoid that someone replace a dll of my asp.net project with
another one?
Example: in check.dll there's the method VerifyUrl to check if the current
domain name is www.site.com, otherwise it return false.
I don't want that someone replaces check.dll with another one with VerifyUrl
that always return true...
I'm not so expert, so probably I miss something...
Thanks to anyone can help me,
Fabio



Karl Seguin [MVP] 03-24-2006 09:31 PM

Re: assembly protection
 
Sign your assembly (you'll need to sign all other assemblies that reference
it as well).

You can generate a key by doing

sn -k SomeKeyName.snk in a VS.NET command prompt

You can then add the key to your project via the assemblyKeyFile attribute:

[assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]

Here's some references:
http://blogs.msdn.com/junfeng/archiv...11/549355.aspx

or simply google "assembly signing" or "assembly strong naming"

Karl


--
http://www.openmymind.net/
http://www.fuelindustries.com/


"Fabio R." <fabio71 _ at _ yahoo.it> wrote in message
news:OUGhji4TGHA.5972@TK2MSFTNGP10.phx.gbl...
> Hi all,
> what can I do to avoid that someone replace a dll of my asp.net project
> with another one?
> Example: in check.dll there's the method VerifyUrl to check if the current
> domain name is www.site.com, otherwise it return false.
> I don't want that someone replaces check.dll with another one with
> VerifyUrl that always return true...
> I'm not so expert, so probably I miss something...
> Thanks to anyone can help me,
> Fabio
>




Fabio R. 03-24-2006 09:38 PM

Re: assembly protection
 
So I need to sign with the same assemblykey all my dll...
After this, the application stops to work if a dll is replaced with a
disassembled one?
Thansks,
Fabio

"Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
net> ha scritto nel messaggio news:OHzWSp4TGHA.1728@TK2MSFTNGP11.phx.gbl...
> Sign your assembly (you'll need to sign all other assemblies that
> reference it as well).
>
> You can generate a key by doing
>
> sn -k SomeKeyName.snk in a VS.NET command prompt
>
> You can then add the key to your project via the assemblyKeyFile
> attribute:
>
> [assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]
>
> Here's some references:
> http://blogs.msdn.com/junfeng/archiv...11/549355.aspx
>
> or simply google "assembly signing" or "assembly strong naming"
>
> Karl
>
>
> --
> http://www.openmymind.net/
> http://www.fuelindustries.com/
>
>
> "Fabio R." <fabio71 _ at _ yahoo.it> wrote in message
> news:OUGhji4TGHA.5972@TK2MSFTNGP10.phx.gbl...
>> Hi all,
>> what can I do to avoid that someone replace a dll of my asp.net project
>> with another one?
>> Example: in check.dll there's the method VerifyUrl to check if the
>> current domain name is www.site.com, otherwise it return false.
>> I don't want that someone replaces check.dll with another one with
>> VerifyUrl that always return true...
>> I'm not so expert, so probably I miss something...
>> Thanks to anyone can help me,
>> Fabio
>>

>
>




Karl Seguin [MVP] 03-24-2006 11:59 PM

Re: assembly protection
 
A signed assembly isn't fully tamper proof...but it's a step in the right
direction. You might also want to take a look at:
http://msdn.microsoft.com/msdnmag/is...asicInstincts/

Karl

--
http://www.openmymind.net/



"Fabio R." <fabio71 _ at _ yahoo.it> wrote in message
news:%23ZJGIt4TGHA.5900@tk2msftngp13.phx.gbl...
> So I need to sign with the same assemblykey all my dll...
> After this, the application stops to work if a dll is replaced with a
> disassembled one?
> Thansks,
> Fabio
>
> "Karl Seguin [MVP]" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME
> net> ha scritto nel messaggio
> news:OHzWSp4TGHA.1728@TK2MSFTNGP11.phx.gbl...
>> Sign your assembly (you'll need to sign all other assemblies that
>> reference it as well).
>>
>> You can generate a key by doing
>>
>> sn -k SomeKeyName.snk in a VS.NET command prompt
>>
>> You can then add the key to your project via the assemblyKeyFile
>> attribute:
>>
>> [assembly: AssemblyKeyFile("..\\..\\..\\SomeKeyName.key")]
>>
>> Here's some references:
>> http://blogs.msdn.com/junfeng/archiv...11/549355.aspx
>>
>> or simply google "assembly signing" or "assembly strong naming"
>>
>> Karl
>>
>>
>> --
>> http://www.openmymind.net/
>> http://www.fuelindustries.com/
>>
>>
>> "Fabio R." <fabio71 _ at _ yahoo.it> wrote in message
>> news:OUGhji4TGHA.5972@TK2MSFTNGP10.phx.gbl...
>>> Hi all,
>>> what can I do to avoid that someone replace a dll of my asp.net project
>>> with another one?
>>> Example: in check.dll there's the method VerifyUrl to check if the
>>> current domain name is www.site.com, otherwise it return false.
>>> I don't want that someone replaces check.dll with another one with
>>> VerifyUrl that always return true...
>>> I'm not so expert, so probably I miss something...
>>> Thanks to anyone can help me,
>>> Fabio
>>>

>>
>>

>
>




LogicNP 07-14-2010 09:39 AM

This is a step in the right direction but it is very easy to disable .Net's strong name verification on a machine. CryptoLicensing is a licensing scheme which has setting to enforce brute force strong name verification even if its disabled or bypassed on the system. Don't know if you need the licensing features in that tool, but this particular feature is also there.


All times are GMT. The time now is 02:04 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.