How to verify an application

Question

3.00/5 (1 vote)

See more:

Hello,

i'm writing a class library and i need to verify that it is just called by a trusted application.
Is there any way to check if the caller is signed with a key from a special company (via the public key)?

thx for any hints

Posted 16-Jun-15 4:31am

Andreas666

Add a Solution

Comments

Sergey Alexandrovich Kryukov 16-Jun-15 11:43am

I wonder, why? Normally, the entry assembly (the application assembly) takes all the responsibility for the trust. If your library requires, say, full trust, and this is not the case, the call would cause some exception. What's wrong with that?
—SA

Andy Lanng 16-Jun-15 11:54am

I did something like this where all of my methods are internal and I only allow one other assembly to view the internals.
I can't remember how I added the setting, but in AssemblyInfo.cs there is the line:


[assembly: InternalsVisibleTo("DatabaseAccess")]

Sergey Alexandrovich Kryukov 16-Jun-15 11:59am

This is not what what the inquirer asking about, but it could be what he really needs.
This is the technique of using friend Assemblies:
https://msdn.microsoft.com/en-us/library/0tke9fxk.aspx

Good point, anyway.

As to the original inquirer's question, I answered, please see Solution 1.

—SA

Andy Lanng 16-Jun-15 12:07pm

ah cool - I stumbled upon it so It's good to know exactly what it does and doesn't do.

Great answer. 5*

Sergey Alexandrovich Kryukov 16-Jun-15 12:08pm

Thank you, Andy. :-)
—SA

Sergey Alexandrovich Kryukov 16-Jun-15 15:14pm

Thank you again for reminding me this opportunity and the good idea.
I updated my answer to credit you for that and to add some explanations why this possibility might me much better for the inquirer.
Also, it's worth mentioning another similar alternative, private assemblies.
—SA

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2015-06-16T05:53:00

First of all, I doubt that it is really needed — please see my comment to the question.

But let's assume you really need this information. This is easy to do. First of all, you need to get the entry assembly. This is the application assembly you were asking about. When you do it, you need to get its AssemblyName object.

C#

using System.Reflection;

//...

Assembly entryAssembly = Assembly.GetEntryAssembly();
AssemblyName name = entryAssembly.GetName();

The AssemblyName object found carries all the information on the assembly signature, such as:
https://msdn.microsoft.com/en-us/library/system.reflection.assemblyname.getpublickeytoken%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.reflection.assemblyname.getpublickey%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.reflection.assemblyname.keypair%28v=vs.110%29.aspx[^].

See also:
https://msdn.microsoft.com/en-us/library/system.reflection.assembly.getentryassembly%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.reflection.assembly%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/y3bk16ya(v=vs.110).aspx[^],
https://msdn.microsoft.com/en-us/library/System.Reflection.AssemblyName%28v=vs.110%29.aspx[^].

[EDIT]

Please pay attention for our discussion in the comments to the question with Andy Lanng, who reminded me an alternative possibility, friend assemblies:
https://msdn.microsoft.com/en-us/library/ms177208.aspx[^],
https://msdn.microsoft.com/en-us/library/0tke9fxk.aspx[^],
https://msdn.microsoft.com/en-us/library/bb384966.aspx[^],
https://msdn.microsoft.com/en-us/library/bb385180.aspx[^],
https://msdn.microsoft.com/en-us/library/system.runtime.compilerservices.internalsvisibletoattribute.assemblyname.aspx[^].

It can be much better for maintainability of your code. Open the first article referenced above and pay attention that you can give the string representation of the strong name of the assembly to the InternalsVisibleTo attribute parameter. That said, you can open up internals only to the assembly you tag with world-unique strong name, based on public-key cryptography, which makes faking this limitation cryptographically infeasible. Also pay attention for the property AllowMultiple set to true for this attribute, so you can apply this assembly-level attribute to your library assembly, allowing more than one referencing assemblies. Also note that you limit the set of the assemblies having access to library internals to the referencing assemblies, not just the entry assemblies, which gives you more control. Take a closer look: https://msdn.microsoft.com/en-us/library/system.runtime.compilerservices.internalsvisibletoattribute.aspx[^].

See also:
https://en.wikipedia.org/wiki/Public-key_cryptography[^],
https://en.wikipedia.org/wiki/Computational_complexity_theory[^].

Another alternative you can consider could be private assemblies:
https://msdn.microsoft.com/en-us/library/windows/desktop/ff951638%28v=vs.85%29.aspx[^].

Even though these alternatives are not exactly what you were asking about, they could be more adequate to what you really need.

—SA