Ask a Question related to ASP.NET Security, Design and Development.
-
Chris Mohan #1
Private Assemblies & Strong Names??
Hi, I've signed a private assembly with a strong name and have deployed it in a web app's bin directory. Things work fine, yet I recently read you "can't" do this:
From: [url]http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp[/url]
"private assemblies... This type of assembly cannot be strong named. Strong named assemblies used by ASP.NET Web applications must be installed in the global assembly cache. This restriction is necessary because of the internal workings of the multi-application domain worker process."
I wonder if this statement is as literal as the wording suggests or if the author is being bombastic. Could it be that the statment really means: "If you want to re-use your assembly in multiple application domains you need to sign it with a strong name and deploy it to the GAC"?
The code in my signed assembly sends email; I'm currenlty calling the class directly, but I'd like to use declarative security in order to only allow an inputValidation class to call it directly.
There are various reasons why I prefer not to install these assemblies in the GAC. Is installing them in the GAC really my only option if I want the assembly to have a strong name(even if I really don't need the strong name)?
Chris Mohan Guest
-
HTML embbeded (via <object> tag) Strong FullTrust Assemblies fail!
My problem: I am attempting to create a strong named .NET library assembly which needs FullTrust permissions when loaded from the Internet zone and... -
COM Interop and Delay Signing of Strong Names
I have a VB.NET DLL that I wish to Delay Sign (ie. I want to assign a strong name after compiling the DLL and obfuscating it). This DLL will also be... -
Strong Names and Web Assemblies
I have an assembbly that consists of several .NET DLLs, some of which I compile in advance, some of which customized for the indivudual user... -
Private Fotopages - private Web Galleries WANTED!
Hello NG I am still seeking links to private (hobby / non professional/ amateur) fotopages in Australia -or any other Country to be used at... -
Machine names v. User names
Good Morning... Unfortunately one of our mainframe processes require a local machine name that is identical to the local user account name. For... -
Jim Cheshire [MSFT] #2 RE: Private Assemblies & Strong Names??
Hi Chris,
In a word, yes. In the current architecture of ASP.NET, strong-named
assemblies are loaded domain neutral. That means that they are not
unloaded until the ASP.NET worker process is unloaded. This can cause
issues with file access because the files remain locked by the process even
when the app domain is unloaded.
In version 1.0 and 1.1, strong-named assemblies are retricted to the GAC
only.
Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
[email]jamesche@online.microsoft.com[/email]
This post is provided "AS-IS" with no warranties and confers no rights.
--------------------microsoft.public.dotnet.framework.aspnet.security: 10758>Thread-Topic: Private Assemblies & Strong Names??
>thread-index: AcRogC6GKCVSc+YNRg2OuCyxd+/P2Q==
>X-WBNR-Posting-Host: 192.239.90.254
>From: "=?Utf-8?B?Q2hyaXMgTW9oYW4=?=" <ChrisMohan@discussions.microsoft.com>
>Subject: Private Assemblies & Strong Names??
>Date: Mon, 12 Jul 2004 19:22:01 -0700
>Lines: 10
>Message-ID: <FB5FF40F-B2D0-4896-8B94-4300572C1060@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGXA03.phx.gbl
>Xref: cpmsftngxa06.phx.gblin a web app's bin directory. Things work fine, yet I recently read you>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Hi, I've signed a private assembly with a strong name and have deployed it
"can't" do this:Strong named assemblies used by ASP.NET Web applications must be installed>
>From: [url]http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp[/url]
>"private assemblies... This type of assembly cannot be strong named.
in the global assembly cache. This restriction is necessary because of the
internal workings of the multi-application domain worker process."author is being bombastic. Could it be that the statment really means: "If>
>I wonder if this statement is as literal as the wording suggests or if the
you want to re-use your assembly in multiple application domains you need
to sign it with a strong name and deploy it to the GAC"?class directly, but I'd like to use declarative security in order to only>
>The code in my signed assembly sends email; I'm currenlty calling the
allow an inputValidation class to call it directly.the GAC. Is installing them in the GAC really my only option if I want the>
>There are various reasons why I prefer not to install these assemblies in
assembly to have a strong name(even if I really don't need the strong name)?>Jim Cheshire [MSFT] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
