Re: Can you verify AppDomain when assemly loads?
- From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
- Date: Tue, 8 Aug 2006 16:13:40 -0400
If this is basically an intellectual property issue, why not use a licensing approach? If that seems like too much work, then the friend assemblies approach mentioned by dorminey might be suitable if you're using fx 2.0. If you're still using fx 1.1, it might seem tempting to use link demands for an identity permission (e.g.: StrongNameIdentityPermission), but be aware that these are quite easy for highly privileged code to bypasse, and they are automatically passed by fully trusted code under fx 2.0.
"MariusI" <MariusI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:AF9ADCA0-BDB8-43BD-BAA3-90EBD6345A9A@xxxxxxxxxxxxxxxx
Basically, to prevent folks from using my API in their own projects
"Nicole Calinoiu" wrote:
But why? Because you want to prevent folks from using your API without
paying a licensing fee or because you want your dll to be able to trust its
calling code to have reliably performed some operation (e.g.: data
validation or user authentication/authorization)?
"MariusI" <MariusI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1CAD339F-12BE-4C64-BE7F-86D4B6232782@xxxxxxxxxxxxxxxx
>I want to do this to avoid third party vendors from putting a using
>statement
> refering to our biz logic dll.
>
> "Nicole Calinoiu" wrote:
>
>> Not really. Even if you could find a way to intercept all messages,
>> there
>> would be no way to tell whether the evidence the app domain presents
>> about
>> itself is accurate or spoofed. Why are you concerned about the >> identity
>> of
>> the invoking code--licensing or trust issues?
>>
>>
>> "MariusI" <MariusI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:CD428E3F-52BB-4BCE-92FB-46A42382409F@xxxxxxxxxxxxxxxx
>> >I was wondering if there any security mechanisms in the framework >> >which
>> > enables me to identify the appdomain which my dll is being loaded >> > into?
>> > For
>> > ex. if I want to make sure that the appdomain was created by a >> > program
>> > from
>> > our company.
>> >
>> > One approach is probably to use AOP and intersept all message calls,
>> > checking some pre condition, but this sounds like a lot of overhead.
>> > Are
>> > there any ways enable/disable AOP at runtime. For example veryfing >> > the
>> > user
>> > at the first method call and then removing all method interceptions?
>>
se of sn.exe?
>\:
.
- Follow-Ups:
- Re: Can you verify AppDomain when assemly loads?
- From: MariusI
- Re: Can you verify AppDomain when assemly loads?
- References:
- Re: Can you verify AppDomain when assemly loads?
- From: Nicole Calinoiu
- Re: Can you verify AppDomain when assemly loads?
- Prev by Date: problem to read binary data
- Next by Date: Remote DB Access Security
- Previous by thread: Re: Can you verify AppDomain when assemly loads?
- Next by thread: Re: Can you verify AppDomain when assemly loads?
- Index(es):
Relevant Pages
|
