Summary:
This article describes how to use
Code Access Security
Techniques protect the code, so that the code is not called by malicious.
As a .NET developer, you don't have a day when you write code, your components run on more and more machines. Suddenly one day, you found that the components you wrote are referenced in the project written by others, and the most intimate is that the man actually uses your name to destroy it! You can't help but call OH shit !, then open MSDN to see what way can help you stop this conspiracy.
OK, the method found, that is the Code Access Security provided by the .NET platform. A class that is inherited in CodeAccessPermission can help you implement different aspects, different scope of code security control. What you need to do is to pick out the most suitable categories, thus achieving the purpose of protecting your components.
After some pick, you finally determined the use of the StrongNameIdentityPermissionattribute class. This class allows you to bind components (or classes, methods) with a strong name (usually the strong name used when you publish programs), so that only you can use you if the client program has the strong name signature. s component. That is, in addition to the client code you write because of the same signature, any third-party code cannot pass StrongNameIdentityPermissionattribute, so you can't maliciously call your components :). It sounds really good, let's do it right away!
For the sake of simplicity, create a very simple Class Library project, the code is as follows:
// SecureComp.dll
Using system;
Namespace MUSICLAND
{
Public Class SecureComp
{
Public String Confidential ()
{
Return "this is confidential!";
}
}
}
This component is very poor because anyone can write code to call it. Below, you have to play a point :):
First introduced the system.security.permissions namespace:
Using system.security.permissions;
Then, in the component level plus the strongNameIdentityPermissionAttribute property:
[Assembly: StrongnameIdentityPermissionatTribute (SecurityAction.Requestminimum,
Publickey = "002400000480000094000000000000000000000000000000000000000000000000-20100010001000000000000000000000020000002
"283259f23d645358d65812b69136846b03a7d15124545fc3ed27d89d1330cceda4232c7bc6e8a0e7ecd857f8"
"126D0859E2300237B3CAB6F7737A92F585CBF2AFB4B475C537703EFB96E17E5921FF00C6E022B22F3D772F14"
"6A3A5C7F6CCAD3131B8D0465E6709E5A28CC3CA1C8B610AF4162C1A18C0FEB8E6993AB1")]
Namespace MUSICLAND
...
Note that SecurityAction.Requestminimum is used here, which declaresses the resource access indicated by StrongNameIdentInTryPermissionattribute (that is, the secureComp.dll is as a result of the same resource), otherwise the CLR will not be allowed to be adjusted. ( That is, the client code) Access the requested resource; in addition, the hexadi (transforming into a string type) of the public key) is added to the publickey property. CRL will determine whether the callout is legal in accordance with this period during operation, unless the caller has a corresponding private key, otherwise it will not be able to access. It seems that usually protect your key file because the leakage of key files (especially private key) will become the root of your endless nightmare, and delay signing is more important here. :.) To say this, you will have a big question mark: How did this long copUblickey get it? Do you want me to get together? of course not. Remember that sn.exe tool? By it can extract publickey. OK, open your command line, locate the directory where the key file is located and enter the following:
Sn -P key.snk publickey.snk
In this way, the extracted kinetile information is stored in the publickey.snk file. You only need to read the public key information and transform into an appropriate format. Here, you can use the Secry.exe tool that .NET Framework, but according to what I know, the output of the Secry tool is an array format (I tested all the output options provided by Secutil on your own machine, but the resulting result They are all, this makes me feel very unexpected, I don't know if there is a better way), so I wrote a gadget to complete this read and conversion. If you are interested, you can send me an email (because I have no my own network space can be stored. Of course, you can write yourself, because it is too simple, just read the binary file). Its running interface is shown in Figure 1:
Ok, now your code is all armed. Try to write a Console client to call SecureComp, how is the result? Is it "unable to get the corresponding permissions"? Try to sign the client program with key.snk to sign again, this time you can visit! :)
Conclusion: Appropriate Application Code Access Security allows your code to be protected, not being called correctly by third parties; however, too much security will also cause the code running efficiency to drop, resulting in a negative impact.
Since I am also in the learning process, if there is a mistake in the text, explain that there is no complete or have a better solution, please advise. My email address is: yanghada@vip.sina.com.
