method call only from "allowed" assemblies

TheMSsForum.com: The Microsoft Software Forum

Hi,
I was thinking of a "security concept" (- although it may already exist in
the .NET Framework): to allow only some assemblies to call a method form
another assembly...
something like... a public method can be called by another assembly within
an application but also by anyone from outside;
this mechanism would check at method level/above method level who is calling
and allow/disallow the call.

Is this already implemented in .NET Framework?

I would greatly appreciate some feedback on how this may be implemented
(using StackTrace maybe)...

Thank you,
Daniel
Top

Re: method call only from "allowed" assemblies by Sijin

Sijin
Mon Sep 27 09:17:21 CDT 2004

You can use the StrongNameIdentityPermission for this, only callers that
are signed using the specified key can call methods that demand this
permission.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritypermissionsstrongnameidentitypermissionclasstopic.asp
http://www.theserverside.net/developmentor/thread.tss?thread_id=25117

Sijin Joseph
http://www.indiangeek.net
http://weblogs.asp.net/sjoseph


Bamse wrote:
> Hi,
> I was thinking of a "security concept" (- although it may already exist in
> the .NET Framework): to allow only some assemblies to call a method form
> another assembly...
> something like... a public method can be called by another assembly within
> an application but also by anyone from outside;
> this mechanism would check at method level/above method level who is calling
> and allow/disallow the call.
>
> Is this already implemented in .NET Framework?
>
> I would greatly appreciate some feedback on how this may be implemented
> (using StackTrace maybe)...
>
> Thank you,
> Daniel
>
>
Top

Re: method call only from "allowed" assemblies by Bamse

Bamse
Mon Sep 27 12:23:07 CDT 2004

I'll check that but...that would work on the general case, where all calling
assemblies might be signed;
in my case I have signed and unsigned assemblies that call the method(s).

I was thinking more of checking the calling assembly's identity and if it's
mine
(or one that I set "allowed") to go and execute the call, otherwize throw an
exception

"Sijin Joseph" <sijinNOSPAMdotnet@hotmail.com> wrote in message
news:uLjauzJpEHA.2864@TK2MSFTNGP12.phx.gbl...
> You can use the StrongNameIdentityPermission for this, only callers that
> are signed using the specified key can call methods that demand this
> permission.
>
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritypermissionsstrongnameidentitypermissionclasstopic.asp
> http://www.theserverside.net/developmentor/thread.tss?thread_id=25117
>
> Sijin Joseph
> http://www.indiangeek.net
> http://weblogs.asp.net/sjoseph
>
>
> Bamse wrote:
> > Hi,
> > I was thinking of a "security concept" (- although it may already exist
in
> > the .NET Framework): to allow only some assemblies to call a method form
> > another assembly...
> > something like... a public method can be called by another assembly
within
> > an application but also by anyone from outside;
> > this mechanism would check at method level/above method level who is
calling
> > and allow/disallow the call.
> >
> > Is this already implemented in .NET Framework?
> >
> > I would greatly appreciate some feedback on how this may be implemented
> > (using StackTrace maybe)...
> >
> > Thank you,
> > Daniel
> >
> >


Top

Re: method call only from "allowed" assemblies by Sijin

Sijin
Tue Sep 28 01:20:46 CDT 2004

Can you tell me how you would determine if the calling assembly was
yours, or allow an assembly to call into your assembly? It depends on
what method you want to use...let me know..we'll figure something out.

Sijin Joseph
http://www.indiangeek.net
http://weblogs.asp.net/sjoseph


Bamse wrote:
> I'll check that but...that would work on the general case, where all calling
> assemblies might be signed;
> in my case I have signed and unsigned assemblies that call the method(s).
>
> I was thinking more of checking the calling assembly's identity and if it's
> mine
> (or one that I set "allowed") to go and execute the call, otherwize throw an
> exception
>
> "Sijin Joseph" <sijinNOSPAMdotnet@hotmail.com> wrote in message
> news:uLjauzJpEHA.2864@TK2MSFTNGP12.phx.gbl...
>
>>You can use the StrongNameIdentityPermission for this, only callers that
>>are signed using the specified key can call methods that demand this
>>permission.
>>
>>
>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritypermissionsstrongnameidentitypermissionclasstopic.asp
>
>>http://www.theserverside.net/developmentor/thread.tss?thread_id=25117
>>
>>Sijin Joseph
>>http://www.indiangeek.net
>>http://weblogs.asp.net/sjoseph
>>
>>
>>Bamse wrote:
>>
>>>Hi,
>>>I was thinking of a "security concept" (- although it may already exist
>
> in
>
>>>the .NET Framework): to allow only some assemblies to call a method form
>>>another assembly...
>>>something like... a public method can be called by another assembly
>
> within
>
>>>an application but also by anyone from outside;
>>>this mechanism would check at method level/above method level who is
>
> calling
>
>>>and allow/disallow the call.
>>>
>>>Is this already implemented in .NET Framework?
>>>
>>>I would greatly appreciate some feedback on how this may be implemented
>>>(using StackTrace maybe)...
>>>
>>>Thank you,
>>>Daniel
>>>
>>>
>
>
>
Top

Re: method call only from "allowed" assemblies by jch

jch
Tue Sep 28 08:59:03 CDT 2004

How can you tell that the calling assembly is one of your assemblies if the
assemblies do not have a strong name? By giving your assemblies a strong
name you know for sure that the assembly has been created by you (as long as
no one steals your key-pair file). StrongNameIdentityPermission(Attribute)
was designed with your case in mind.

Regards, Jakob.
http://www.dotninjas.dk

"Bamse" wrote:

> I'll check that but...that would work on the general case, where all calling
> assemblies might be signed;
> in my case I have signed and unsigned assemblies that call the method(s).
>
> I was thinking more of checking the calling assembly's identity and if it's
> mine
> (or one that I set "allowed") to go and execute the call, otherwize throw an
> exception
>
> "Sijin Joseph" <sijinNOSPAMdotnet@hotmail.com> wrote in message
> news:uLjauzJpEHA.2864@TK2MSFTNGP12.phx.gbl...
> > You can use the StrongNameIdentityPermission for this, only callers that
> > are signed using the specified key can call methods that demand this
> > permission.
> >
> >
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritypermissionsstrongnameidentitypermissionclasstopic.asp
> > http://www.theserverside.net/developmentor/thread.tss?thread_id=25117
> >
> > Sijin Joseph
> > http://www.indiangeek.net
> > http://weblogs.asp.net/sjoseph
> >
> >
> > Bamse wrote:
> > > Hi,
> > > I was thinking of a "security concept" (- although it may already exist
> in
> > > the .NET Framework): to allow only some assemblies to call a method form
> > > another assembly...
> > > something like... a public method can be called by another assembly
> within
> > > an application but also by anyone from outside;
> > > this mechanism would check at method level/above method level who is
> calling
> > > and allow/disallow the call.
> > >
> > > Is this already implemented in .NET Framework?
> > >
> > > I would greatly appreciate some feedback on how this may be implemented
> > > (using StackTrace maybe)...
> > >
> > > Thank you,
> > > Daniel
> > >
> > >
>
>
>
Top