Ask a Question related to ASP.NET Security, Design and Development.
-
Toby Considine #1
Strong Names and Web Assemblies
I have an assembbly that consists of several .NET DLLs, some of which I
compile in advance, some of which customized for the indivudual user
(skins). On machines that I has control over, no problem. As soon as I
deployed them on publicly hosted sites, I had to add strong naming lest I
get security exceptions.
The service DLL is now strongly named, compiled, and placed in the Site BIN
directory, just as it was before.
Here is the problem.
How do I compile the Web app to be strongly named? Using the [barely]
documented features described in the Auto-generated AssemblyInfo.cs, I get:
// For local projects, the project output directory is defined as
// <Project Directory>\obj\<Configuration>. For example, if your
KeyFile is
// located in the project directory, you would specify the
AssemblyKeyFile
// attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
// For web projects, the project output directory is defined as
// %HOMEPATH%\VSWebCache\<Machine Name>\<Project
Directory>\obj\<Configuration>.
I can figure out how to comile it locally.
This leaves me at a loss as to where I should put the snk on a remotely
hosted site.
thanks
tc
Toby Considine Guest
-
HTML embbeded (via <object> tag) Strong FullTrust Assemblies fail!
My problem: I am attempting to create a strong named .NET library assembly which needs FullTrust permissions when loaded from the Internet zone and... -
Private Assemblies & Strong Names??
Hi, I've signed a private assembly with a strong name and have deployed it in a web app's bin directory. Things work fine, yet I recently read you... -
COM Interop and Delay Signing of Strong Names
I have a VB.NET DLL that I wish to Delay Sign (ie. I want to assign a strong name after compiling the DLL and obfuscating it). This DLL will also be... -
Too many assemblies asp.net
I have been developing several web applications in VB.NET. I have started to notice that when I run one of the applications, all the assemblies for... -
Machine names v. User names
Good Morning... Unfortunately one of our mainframe processes require a local machine name that is identical to the local user account name. For... -
Chris Jackson #2 Re: Strong Names and Web Assemblies
You are compiling on the user's machine? You only need the key pair during
compilation - the public key (which is the only key the end user should ever
see) is placed directly in the compiled file.
One thing you don't want to do is post your private key (and an snk file
contains the full key pair) because then everybody can compile using this
key, and it would appear as if they are you.
--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--
"Toby Considine" <tobias@cpytech.com> wrote in message
news:uXdSCc4kDHA.3732@tk2msftngp13.phx.gbl...BIN> I have an assembbly that consists of several .NET DLLs, some of which I
> compile in advance, some of which customized for the indivudual user
> (skins). On machines that I has control over, no problem. As soon as I
> deployed them on publicly hosted sites, I had to add strong naming lest I
> get security exceptions.
>
> The service DLL is now strongly named, compiled, and placed in the Siteget:> directory, just as it was before.
>
> Here is the problem.
>
> How do I compile the Web app to be strongly named? Using the [barely]
> documented features described in the Auto-generated AssemblyInfo.cs, I>
> // For local projects, the project output directory is defined as
> // <Project Directory>\obj\<Configuration>. For example, if your
> KeyFile is
> // located in the project directory, you would specify the
> AssemblyKeyFile
> // attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
> // For web projects, the project output directory is defined as
> // %HOMEPATH%\VSWebCache\<Machine Name>\<Project
> Directory>\obj\<Configuration>.
>
> I can figure out how to comile it locally.
>
> This leaves me at a loss as to where I should put the snk on a remotely
> hosted site.
>
> thanks
>
> tc
>
>
Chris Jackson Guest
-
Toby Considine #3 Re: Strong Names and Web Assemblies
Perhaps I misinderstnad your question. My app has two parts.
One - business logic, compiled locally by me and placed in bin directory of
web site on shared hosting machined.
"Skins" consisting of ASPX's/ASCX's on remote machine. It is my
understanding that each time the ASPX's are changed, the site modified, the,
the JIT compile funtion of DOT/NET takes over and a new dll is created.
BTW, it appears that this also happens in IIS after a restart, causing the
first load of ASPX-based apps to be characteristically slow.
When I do standard FORMS/based authentication, I get Security Exceptions
thrown off by MSCORLIB. MSCORLIB is being asked about the current
authetication state by the precompiled "LOGI" DLL. It is my understanding
that is addressed by using a SNK file, generated in the usual way before the
DDL is ever deployed.
The probelm is that "On-The-Fly" DLL. I can't seem to prevent it. It is
compiled on the fly after each change. It does not like the new SNd DLL.
- Do I need to tell that new App to trust the new StrongNamed DLL?
- IF so, should this be by reference to the "Public" key only (well
probably).
- How do I refernece that Public Key, then, in the remote compile?
Hope this is clearer.
tc
"Chris Jackson" <chrisjATmvpsDOTorgNOSPAM> wrote in message
news:eIgFfRClDHA.2140@TK2MSFTNGP09.phx.gbl...ever> You are compiling on the user's machine? You only need the key pair during
> compilation - the public key (which is the only key the end user shouldI> see) is placed directly in the compiled file.
>
> One thing you don't want to do is post your private key (and an snk file
> contains the full key pair) because then everybody can compile using this
> key, and it would appear as if they are you.
>
> --
> Chris Jackson
> Software Engineer
> Microsoft MVP - Windows XP
> Windows XP Associate Expert
> --
> More people read the newsgroups than read my email.
> Reply to the newsgroup for a faster response.
> (Control-G using Outlook Express)
> --
>
> "Toby Considine" <tobias@cpytech.com> wrote in message
> news:uXdSCc4kDHA.3732@tk2msftngp13.phx.gbl...> > I have an assembbly that consists of several .NET DLLs, some of which I
> > compile in advance, some of which customized for the indivudual user
> > (skins). On machines that I has control over, no problem. As soon as I
> > deployed them on publicly hosted sites, I had to add strong naming lest> BIN> > get security exceptions.
> >
> > The service DLL is now strongly named, compiled, and placed in the Site> get:> > directory, just as it was before.
> >
> > Here is the problem.
> >
> > How do I compile the Web app to be strongly named? Using the [barely]
> > documented features described in the Auto-generated AssemblyInfo.cs, I>> >
> > // For local projects, the project output directory is defined as
> > // <Project Directory>\obj\<Configuration>. For example, if your
> > KeyFile is
> > // located in the project directory, you would specify the
> > AssemblyKeyFile
> > // attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
> > // For web projects, the project output directory is defined as
> > // %HOMEPATH%\VSWebCache\<Machine Name>\<Project
> > Directory>\obj\<Configuration>.
> >
> > I can figure out how to comile it locally.
> >
> > This leaves me at a loss as to where I should put the snk on a remotely
> > hosted site.
> >
> > thanks
> >
> > tc
> >
> >
>
Toby Considine Guest
-
Chris Jackson #4 Re: Strong Names and Web Assemblies
If you are using ASP.NET, and hence have code behind, then there are two
times when pages are compiled. Your code behind is compiled before you
deploy, and your pages themselves are compiled when you access them. (When
the last session is dropped, then the application is shut down, and you must
recompile the aspx page at this point.)
I am unaware of a way to strong name the compiled code that is dynamically
generated. (That doesn't mean it doesn't exist, just that I don't know about
it.)
--
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--
"Toby Considine" <tobias@cpytech.com> wrote in message
news:etvSAzClDHA.3316@TK2MSFTNGP11.phx.gbl...of> Perhaps I misinderstnad your question. My app has two parts.
>
> One - business logic, compiled locally by me and placed in bin directorythe,> web site on shared hosting machined.
>
> "Skins" consisting of ASPX's/ASCX's on remote machine. It is my
> understanding that each time the ASPX's are changed, the site modified,the> the JIT compile funtion of DOT/NET takes over and a new dll is created.
>
> BTW, it appears that this also happens in IIS after a restart, causing the
> first load of ASPX-based apps to be characteristically slow.
>
> When I do standard FORMS/based authentication, I get Security Exceptions
> thrown off by MSCORLIB. MSCORLIB is being asked about the current
> authetication state by the precompiled "LOGI" DLL. It is my understanding
> that is addressed by using a SNK file, generated in the usual way beforeduring> DDL is ever deployed.
>
> The probelm is that "On-The-Fly" DLL. I can't seem to prevent it. It is
> compiled on the fly after each change. It does not like the new SNd DLL.
> - Do I need to tell that new App to trust the new StrongNamed DLL?
> - IF so, should this be by reference to the "Public" key only (well
> probably).
> - How do I refernece that Public Key, then, in the remote compile?
>
> Hope this is clearer.
>
> tc
>
>
>
>
> "Chris Jackson" <chrisjATmvpsDOTorgNOSPAM> wrote in message
> news:eIgFfRClDHA.2140@TK2MSFTNGP09.phx.gbl...> > You are compiling on the user's machine? You only need the key pairthis> ever> > compilation - the public key (which is the only key the end user should> > see) is placed directly in the compiled file.
> >
> > One thing you don't want to do is post your private key (and an snk file
> > contains the full key pair) because then everybody can compile usingI> > key, and it would appear as if they are you.
> >
> > --
> > Chris Jackson
> > Software Engineer
> > Microsoft MVP - Windows XP
> > Windows XP Associate Expert
> > --
> > More people read the newsgroups than read my email.
> > Reply to the newsgroup for a faster response.
> > (Control-G using Outlook Express)
> > --
> >
> > "Toby Considine" <tobias@cpytech.com> wrote in message
> > news:uXdSCc4kDHA.3732@tk2msftngp13.phx.gbl...> > > I have an assembbly that consists of several .NET DLLs, some of whichI> > > compile in advance, some of which customized for the indivudual user
> > > (skins). On machines that I has control over, no problem. As soon aslest> > > deployed them on publicly hosted sites, I had to add strong namingSite> I> > > get security exceptions.
> > >
> > > The service DLL is now strongly named, compiled, and placed in theas> > BIN> > get:> > > directory, just as it was before.
> > >
> > > Here is the problem.
> > >
> > > How do I compile the Web app to be strongly named? Using the [barely]
> > > documented features described in the Auto-generated AssemblyInfo.cs, I> > >
> > > // For local projects, the project output directory is definedremotely> > > // <Project Directory>\obj\<Configuration>. For example, if your
> > > KeyFile is
> > > // located in the project directory, you would specify the
> > > AssemblyKeyFile
> > > // attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
> > > // For web projects, the project output directory is defined as
> > > // %HOMEPATH%\VSWebCache\<Machine Name>\<Project
> > > Directory>\obj\<Configuration>.
> > >
> > > I can figure out how to comile it locally.
> > >
> > > This leaves me at a loss as to where I should put the snk on a>> >> > > hosted site.
> > >
> > > thanks
> > >
> > > tc
> > >
> > >
> >
>
Chris Jackson Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
