My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Wednesday, December 3, 2003
« Two new Security newsletters from Micros... | Main | .NET Rocks! - Pat Hynds on Security »

Q. How can I limit access to a .NET assembly that I've created? I've got two separate assemblies A and B. A references B and uses a number of instance methods on B, but I don't want any other assembly to be able to access B. In effect, I'd like to make B "private" to my application. Is there any way to achieve that with .NET?

A. There are probably a number of ways to achieve this, but the simplest involves signing your calling assembly A with a unique public / private key pair (use sn -k to achieve this). Once it's signed, you can use the StrongNameIdentityPermission attribute on the callee assembly B to demand that any callers are signed with a matching public key. If any other assembly tries to call B that isn't signed with the same key, a SecurityException will be thrown.

For more information on the StrongNameIdentityPermission attribute, see the appropriate topic in the MSDN Library. There's also a good walkthrough here.
[Tim Sneath's Blog]

Also check out the following Chapters from "Improving Web Application Security: Threats and Countermeasures"

Chapter 8 – Code Access Security in Practice
http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh08.asp

Chapter 9 – Using Code Access Security with ASP .NET
http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp

[Now Playing: Dulhe Raja - Hum Kisise Kum Nahin]

Tags:: Security
12/3/2003 9:23 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.