Click here to Skip to main content
15,946,012 members
Please Sign up or sign in to vote.
3.00/5 (1 vote)
See more:
Hello,

i'm writing a class library and i need to verify that it is just called by a trusted application.
Is there any way to check if the caller is signed with a key from a special company (via the public key)?

thx for any hints
Posted
Comments
Sergey Alexandrovich Kryukov 16-Jun-15 11:43am    
I wonder, why? Normally, the entry assembly (the application assembly) takes all the responsibility for the trust. If your library requires, say, full trust, and this is not the case, the call would cause some exception. What's wrong with that?
—SA
Andy Lanng 16-Jun-15 11:54am    
I did something like this where all of my methods are internal and I only allow one other assembly to view the internals.
I can't remember how I added the setting, but in AssemblyInfo.cs there is the line:

[assembly: InternalsVisibleTo("DatabaseAccess")]
Sergey Alexandrovich Kryukov 16-Jun-15 11:59am    
This is not what what the inquirer asking about, but it could be what he really needs.
This is the technique of using friend Assemblies:
https://msdn.microsoft.com/en-us/library/0tke9fxk.aspx

Good point, anyway.

As to the original inquirer's question, I answered, please see Solution 1.

—SA
Andy Lanng 16-Jun-15 12:07pm    
ah cool - I stumbled upon it so It's good to know exactly what it does and doesn't do.

Great answer. 5*
Sergey Alexandrovich Kryukov 16-Jun-15 12:08pm    
Thank you, Andy. :-)
—SA

1 solution

First of all, I doubt that it is really needed — please see my comment to the question.

But let's assume you really need this information. This is easy to do. First of all, you need to get the entry assembly. This is the application assembly you were asking about. When you do it, you need to get its AssemblyName object.
C#
using System.Reflection;

//...

Assembly entryAssembly = Assembly.GetEntryAssembly();
AssemblyName name = entryAssembly.GetName();

The AssemblyName object found carries all the information on the assembly signature, such as:
https://msdn.microsoft.com/en-us/library/system.reflection.assemblyname.getpublickeytoken%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.reflection.assemblyname.getpublickey%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.reflection.assemblyname.keypair%28v=vs.110%29.aspx[^].

See also:
https://msdn.microsoft.com/en-us/library/system.reflection.assembly.getentryassembly%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.reflection.assembly%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/y3bk16ya(v=vs.110).aspx[^],
https://msdn.microsoft.com/en-us/library/System.Reflection.AssemblyName%28v=vs.110%29.aspx[^].

[EDIT]

Please pay attention for our discussion in the comments to the question with Andy Lanng, who reminded me an alternative possibility, friend assemblies:
https://msdn.microsoft.com/en-us/library/ms177208.aspx[^],
https://msdn.microsoft.com/en-us/library/0tke9fxk.aspx[^],
https://msdn.microsoft.com/en-us/library/bb384966.aspx[^],
https://msdn.microsoft.com/en-us/library/bb385180.aspx[^],
https://msdn.microsoft.com/en-us/library/system.runtime.compilerservices.internalsvisibletoattribute.assemblyname.aspx[^].

It can be much better for maintainability of your code. Open the first article referenced above and pay attention that you can give the string representation of the strong name of the assembly to the InternalsVisibleTo attribute parameter. That said, you can open up internals only to the assembly you tag with world-unique strong name, based on public-key cryptography, which makes faking this limitation cryptographically infeasible. Also pay attention for the property AllowMultiple set to true for this attribute, so you can apply this assembly-level attribute to your library assembly, allowing more than one referencing assemblies. Also note that you limit the set of the assemblies having access to library internals to the referencing assemblies, not just the entry assemblies, which gives you more control. Take a closer look: https://msdn.microsoft.com/en-us/library/system.runtime.compilerservices.internalsvisibletoattribute.aspx[^].

See also:
https://en.wikipedia.org/wiki/Public-key_cryptography[^],
https://en.wikipedia.org/wiki/Computational_complexity_theory[^].

Another alternative you can consider could be private assemblies:
https://msdn.microsoft.com/en-us/library/windows/desktop/ff951638%28v=vs.85%29.aspx[^].

Even though these alternatives are not exactly what you were asking about, they could be more adequate to what you really need.

—SA
 
Share this answer
 
v3

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900