Say I've written a .Net dll and want to distribute it with my application. How can I prevent any user with the savvy to install a copy of VS from adding a reference to this dll to their own applications?
+1
A:
I seriously doubt this is possible. Even if it were, an assembly with full thrust can fake all evidence and pretend to be your program.
erikkallen
2009-07-21 22:01:33
+8
A:
There is no way to prevent a user from adding a reference. It's a passive action from the part of your DLL and there is nothing you can do to prevent it from occuring.
What you can do though, is make adding a reference a non-worthwhile operation. For instance, if all types in the DLL were internal or private, it take more than simply adding a reference for users to use the types in the DLL. Furthmore, obfuscating the DLL would make it even harder.
JaredPar
2009-07-21 22:01:38
A free obfuscator is built into Visual Studio if you need it. (Tools -> Dotfuscator Community Edition)
Billy ONeal
2009-07-21 22:08:20
Many thanks - I'll certainly have a look at securing my assemblies, although it occurs to me that if all the types in a dll were private or internal, that dll wouldn't be very useful. I also have a look at obfuscation - had a quick play with Dotfuscator CE, which seems ok - but may need to get the pro version since CE doesn't look powerful enough.
Leonard H Martin
2009-07-21 23:08:41
you can make other assemblies your friend and they'd then have access to internal types
Rune FS
2009-07-22 08:54:21
+5
A:
You cannot prevent someone from adding a reference to your dll. What you can do however is to make it hard for them to use it if they do add a reference.
Code Access Security (CAS) can be used to prevent unauthorised code for calling into an assembly, but this has an effect on the performance of calls, and is overkill for this purpose.
Another approach would be to mark everything in the dll as internal. If you have other assemblies that need access to the classes in the dll, make them friend assemblies using the InteralsVisibleTo attribute. This allows other assemblies to access to the internal classes of your dll. Tie this together with signed assemblies (to use with the InternalsVisibleTo definitions) and it should be enough.
adrianbanks
2009-07-21 22:02:03
+1
A:
Although .NET does not allow true static linking, you may be able to fake it, packaging your dll and exe into one assembly. Here is a tool that can do this: ILMerge There may be others.
DanDan
2009-07-21 22:04:54
Even if you link everything using ILMerge someone can still add the exe as a reference and easily invoke any public methods.
Joe Kuemerle
2009-07-22 02:09:37
A:
You could obfuscate the DLL (Tools -> Dotfuscator Community Edition) to make it unworthwile to reference your DLL.
Billy ONeal
2009-07-21 22:05:11