Click here to Skip to main content
Click here to Skip to main content

Is Someone Using Your Assembly? (SecUtil.exe .NET Framework Tools Series)

, 16 Jan 2006
Rate this:
Please Sign up or sign in to vote.
SecUtil.exe

Introduction

There are a lot of assemblies that we create in our projects daily. Have we ever wondered that all those assemblies that we write after putting in such a lot of hard work and effort could be easily used by someone else. Also at times you don't want others to use a particular class or a method because it may retrieve some important or confidential information. .NET by itself works on the concept of sharing assemblies between applications which enables rapid application development (RAD). We can secure our code by identifying the caller.

Managed code offers several ways to restrict method access:

  • Limit the scope of accessibility to the class, assembly, or derived classes, if they can be trusted. This is the simplest way to limit method access. Note that, in general, derived classes can be less trustworthy than the class they derive from, though in some cases they share the parent class's identity. In particular, do not infer trust from the keyword protected, which is not necessarily used in the security context.
  • Limit the method access to callers of a specified identity -- essentially, any particular evidence (strong name, publisher, zone, and so on) you choose.
  • Limit the method access to callers having whatever permissions you select.

Let's see how we can accomplish this:

  1. Create a strong named assembly e.g. Calc.dll with one class called MyClass having the Add() method which adds two numbers.
  2. .NET Framework has a tool called SecUtil.exe.
  3. Go to the Visual Studio command prompt
  4. Type SecUtil.exe /?. This will display help and all the available options.
  5. Then type secutil.exe -s -hex -c Calc.dll (or the name of your DLL).
  6. This will display the public key as hexadecimal value as shown below:
C:\DotNet\DLLProj\bin\Debug>secutil -hex -c -s Calc.dll
Microsoft (R) .NET Framework SecUtil 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
Public Key =
0x0024000004800000940000000602000000240000525341310004000001000100D96FE3B963FC64
B8A9B6CA05B859A67B8B30603A0D696E1F95D8C9B23C5B2EEF139B96A5CC55C2E38D05B7FD675434
A3EE1EF70C69AE3BDE8E646BF652C006278884856E10D3CD0273B458A3E8ECAF47BE51FC7619E271
6602B6EFE34824238F1CAF86960691256D0608E317217E174F4947397A9D5D0BA48785E8CB726E0F
CA
Name =
Calc
Version =
1.0.1761.29820
Success

Now You can use this public key with any class or method in your assembly that you don't want anyone else to access, you can use the StrongNameIdentityPermissionAttribute for this. Any calling code that isn't signed with your *.snk file won't have access to it.

Here I have used it at the class level. You can also achieve the same at the method or assembly level.

So, let's secure our class:

// put this code above the class as shown

[StrongNameIdentityPermissionAttribute(SecurityAction.Demand,
PublicKey = 
"0x0024000004800000940000000602000000240000525341310004000001000100D96FE3B963FC64" +
"B8A9B6CA05B859A67B8B30603A0D696E1F95D8C9B23C5B2EEF139B96A5CC55C2E38D05B7FD675434" +
"A3EE1EF70C69AE3BDE8E646BF652C006278884856E10D3CD0273B458A3E8ECAF47BE51FC7619E271"+
"6602B6EFE34824238F1CAF86960691256D0608E317217E174F4947397A9D5D0BA48785E8CB726E0FCA")]

public class MyClass
{
public MyClass()
{
}

public int Add(int i , int j)
{
}
}
  1. Now create any Win app which will be a client app for this assembly.
  2. Do not strong name this assembly.
  3. Reference the above assembly in the client App.
  4. Call the Add method or any other method of Myclass.
  5. The code will compile.
  6. Try and execute the function call. You will get an error message similar to the one below:
Additional information: Request for the permission of 
type System.Security.Permissions.StrongNameIdentityPermission, mscorlib, 
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.

History

  • 16th January, 2006: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Namratha Shah
Architect
United States United States
Namratha Shah a.k.a. Nasha is from orginally from Bombay, India but currently residing NJ, USA. She has to her credit, a Bachelor’s Degree in Microbiology and Biotechnology and a Master's in Computer and Software Applications (1999-2001) from Somaiya College Bombay. She started her career with C and C++ and then moved on to Microsoft Technologies. She has over 7.5 years experience in software architecture, design and development. She is a Certified Scrum Master and a member of the CORE .NET Architecture team. She has been Awarded with Microsoft’s Prestigious Most Valuable Professional (MVP) twice consecutively in years 2005 and 2006 in Visual C#.NET for her outstanding contributions to the .NET community.

Comments and Discussions

 
QuestionFramwork version 4.0 Pinmemberlill.LEIF23-Mar-11 20:03 
GeneralMy vote of 1 PinmemberMember 307848118-Mar-09 21:51 
GeneralIt doesnt work at all!! [modified] PinmemberMember 307848118-Mar-09 21:33 
GeneralNope...!!! PinmemberAbhilashAshok31-Dec-07 23:37 
GeneralI don't recieve any Error Message PinmemberZarrinPour11-Feb-07 20:15 
GeneralRe: I don't recieve any Error Message PinmemberBOB198323-Oct-07 11:04 
GeneralPeople can steal your code anyway PinmemberHeinz_3-Aug-06 10:49 
GeneralA few things to consider PinmemberMrEyes17-Jan-06 4:26 
GeneralPreventing someone from examine your original app and/or assemblies PinmemberT-luv16-Jan-06 18:19 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.140827.1 | Last Updated 16 Jan 2006
Article Copyright 2006 by Namratha Shah
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid