Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Strong Names and Web Assemblies

Reply
Thread Tools

Strong Names and Web Assemblies

 
 
Toby Considine
Guest
Posts: n/a
 
      10-16-2003
I have an assembbly that consists of several .NET DLLs, some of which I
compile in advance, some of which customized for the indivudual user
(skins). On machines that I has control over, no problem. As soon as I
deployed them on publicly hosted sites, I had to add strong naming lest I
get security exceptions.

The service DLL is now strongly named, compiled, and placed in the Site BIN
directory, just as it was before.

Here is the problem.

How do I compile the Web app to be strongly named? Using the [barely]
documented features described in the Auto-generated AssemblyInfo.cs, I get:

// For local projects, the project output directory is defined as
// <Project Directory>\obj\<Configuration>. For example, if your
KeyFile is
// located in the project directory, you would specify the
AssemblyKeyFile
// attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
// For web projects, the project output directory is defined as
// %HOMEPATH%\VSWebCache\<Machine Name>\<Project
Directory>\obj\<Configuration>.

I can figure out how to comile it locally.

This leaves me at a loss as to where I should put the snk on a remotely
hosted site.

thanks

tc


 
Reply With Quote
 
 
 
 
Chris Jackson
Guest
Posts: n/a
 
      10-16-2003
You are compiling on the user's machine? You only need the key pair during
compilation - the public key (which is the only key the end user should ever
see) is placed directly in the compiled file.

One thing you don't want to do is post your private key (and an snk file
contains the full key pair) because then everybody can compile using this
key, and it would appear as if they are you.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"Toby Considine" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have an assembbly that consists of several .NET DLLs, some of which I
> compile in advance, some of which customized for the indivudual user
> (skins). On machines that I has control over, no problem. As soon as I
> deployed them on publicly hosted sites, I had to add strong naming lest I
> get security exceptions.
>
> The service DLL is now strongly named, compiled, and placed in the Site

BIN
> directory, just as it was before.
>
> Here is the problem.
>
> How do I compile the Web app to be strongly named? Using the [barely]
> documented features described in the Auto-generated AssemblyInfo.cs, I

get:
>
> // For local projects, the project output directory is defined as
> // <Project Directory>\obj\<Configuration>. For example, if your
> KeyFile is
> // located in the project directory, you would specify the
> AssemblyKeyFile
> // attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
> // For web projects, the project output directory is defined as
> // %HOMEPATH%\VSWebCache\<Machine Name>\<Project
> Directory>\obj\<Configuration>.
>
> I can figure out how to comile it locally.
>
> This leaves me at a loss as to where I should put the snk on a remotely
> hosted site.
>
> thanks
>
> tc
>
>



 
Reply With Quote
 
 
 
 
Toby Considine
Guest
Posts: n/a
 
      10-16-2003
Perhaps I misinderstnad your question. My app has two parts.

One - business logic, compiled locally by me and placed in bin directory of
web site on shared hosting machined.

"Skins" consisting of ASPX's/ASCX's on remote machine. It is my
understanding that each time the ASPX's are changed, the site modified, the,
the JIT compile funtion of DOT/NET takes over and a new dll is created.

BTW, it appears that this also happens in IIS after a restart, causing the
first load of ASPX-based apps to be characteristically slow.

When I do standard FORMS/based authentication, I get Security Exceptions
thrown off by MSCORLIB. MSCORLIB is being asked about the current
authetication state by the precompiled "LOGI" DLL. It is my understanding
that is addressed by using a SNK file, generated in the usual way before the
DDL is ever deployed.

The probelm is that "On-The-Fly" DLL. I can't seem to prevent it. It is
compiled on the fly after each change. It does not like the new SNd DLL.
- Do I need to tell that new App to trust the new StrongNamed DLL?
- IF so, should this be by reference to the "Public" key only (well
probably).
- How do I refernece that Public Key, then, in the remote compile?

Hope this is clearer.

tc




"Chris Jackson" <chrisjATmvpsDOTorgNOSPAM> wrote in message
news:(E-Mail Removed)...
> You are compiling on the user's machine? You only need the key pair during
> compilation - the public key (which is the only key the end user should

ever
> see) is placed directly in the compiled file.
>
> One thing you don't want to do is post your private key (and an snk file
> contains the full key pair) because then everybody can compile using this
> key, and it would appear as if they are you.
>
> --
> Chris Jackson
> Software Engineer
> Microsoft MVP - Windows XP
> Windows XP Associate Expert
> --
> More people read the newsgroups than read my email.
> Reply to the newsgroup for a faster response.
> (Control-G using Outlook Express)
> --
>
> "Toby Considine" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I have an assembbly that consists of several .NET DLLs, some of which I
> > compile in advance, some of which customized for the indivudual user
> > (skins). On machines that I has control over, no problem. As soon as I
> > deployed them on publicly hosted sites, I had to add strong naming lest

I
> > get security exceptions.
> >
> > The service DLL is now strongly named, compiled, and placed in the Site

> BIN
> > directory, just as it was before.
> >
> > Here is the problem.
> >
> > How do I compile the Web app to be strongly named? Using the [barely]
> > documented features described in the Auto-generated AssemblyInfo.cs, I

> get:
> >
> > // For local projects, the project output directory is defined as
> > // <Project Directory>\obj\<Configuration>. For example, if your
> > KeyFile is
> > // located in the project directory, you would specify the
> > AssemblyKeyFile
> > // attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
> > // For web projects, the project output directory is defined as
> > // %HOMEPATH%\VSWebCache\<Machine Name>\<Project
> > Directory>\obj\<Configuration>.
> >
> > I can figure out how to comile it locally.
> >
> > This leaves me at a loss as to where I should put the snk on a remotely
> > hosted site.
> >
> > thanks
> >
> > tc
> >
> >

>
>



 
Reply With Quote
 
Chris Jackson
Guest
Posts: n/a
 
      10-17-2003
If you are using ASP.NET, and hence have code behind, then there are two
times when pages are compiled. Your code behind is compiled before you
deploy, and your pages themselves are compiled when you access them. (When
the last session is dropped, then the application is shut down, and you must
recompile the aspx page at this point.)

I am unaware of a way to strong name the compiled code that is dynamically
generated. (That doesn't mean it doesn't exist, just that I don't know about
it.)

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"Toby Considine" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Perhaps I misinderstnad your question. My app has two parts.
>
> One - business logic, compiled locally by me and placed in bin directory

of
> web site on shared hosting machined.
>
> "Skins" consisting of ASPX's/ASCX's on remote machine. It is my
> understanding that each time the ASPX's are changed, the site modified,

the,
> the JIT compile funtion of DOT/NET takes over and a new dll is created.
>
> BTW, it appears that this also happens in IIS after a restart, causing the
> first load of ASPX-based apps to be characteristically slow.
>
> When I do standard FORMS/based authentication, I get Security Exceptions
> thrown off by MSCORLIB. MSCORLIB is being asked about the current
> authetication state by the precompiled "LOGI" DLL. It is my understanding
> that is addressed by using a SNK file, generated in the usual way before

the
> DDL is ever deployed.
>
> The probelm is that "On-The-Fly" DLL. I can't seem to prevent it. It is
> compiled on the fly after each change. It does not like the new SNd DLL.
> - Do I need to tell that new App to trust the new StrongNamed DLL?
> - IF so, should this be by reference to the "Public" key only (well
> probably).
> - How do I refernece that Public Key, then, in the remote compile?
>
> Hope this is clearer.
>
> tc
>
>
>
>
> "Chris Jackson" <chrisjATmvpsDOTorgNOSPAM> wrote in message
> news:(E-Mail Removed)...
> > You are compiling on the user's machine? You only need the key pair

during
> > compilation - the public key (which is the only key the end user should

> ever
> > see) is placed directly in the compiled file.
> >
> > One thing you don't want to do is post your private key (and an snk file
> > contains the full key pair) because then everybody can compile using

this
> > key, and it would appear as if they are you.
> >
> > --
> > Chris Jackson
> > Software Engineer
> > Microsoft MVP - Windows XP
> > Windows XP Associate Expert
> > --
> > More people read the newsgroups than read my email.
> > Reply to the newsgroup for a faster response.
> > (Control-G using Outlook Express)
> > --
> >
> > "Toby Considine" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > I have an assembbly that consists of several .NET DLLs, some of which

I
> > > compile in advance, some of which customized for the indivudual user
> > > (skins). On machines that I has control over, no problem. As soon as

I
> > > deployed them on publicly hosted sites, I had to add strong naming

lest
> I
> > > get security exceptions.
> > >
> > > The service DLL is now strongly named, compiled, and placed in the

Site
> > BIN
> > > directory, just as it was before.
> > >
> > > Here is the problem.
> > >
> > > How do I compile the Web app to be strongly named? Using the [barely]
> > > documented features described in the Auto-generated AssemblyInfo.cs, I

> > get:
> > >
> > > // For local projects, the project output directory is defined

as
> > > // <Project Directory>\obj\<Configuration>. For example, if your
> > > KeyFile is
> > > // located in the project directory, you would specify the
> > > AssemblyKeyFile
> > > // attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
> > > // For web projects, the project output directory is defined as
> > > // %HOMEPATH%\VSWebCache\<Machine Name>\<Project
> > > Directory>\obj\<Configuration>.
> > >
> > > I can figure out how to comile it locally.
> > >
> > > This leaves me at a loss as to where I should put the snk on a

remotely
> > > hosted site.
> > >
> > > thanks
> > >
> > > tc
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: "Strong typing vs. strong testing" namekuseijin Python 229 10-29-2010 09:02 AM
Re: "Strong typing vs. strong testing" namekuseijin C Programming 214 10-17-2010 01:12 PM
problems with strong named assemblies Dmitry Bond. ASP .Net 1 11-01-2005 08:32 AM
Compilation fails when a windows form user control is assigned a strong name but it refers to an activex control which does not have strong name ashish_gokhale ASP .Net Web Controls 0 05-05-2005 01:38 PM
Private Assemblies & Strong Names?? Chris Mohan ASP .Net Security 1 07-13-2004 03:07 PM



Advertisments