views:

933

answers:

3

Is it possible to use the Assembly.LoadFrom overload with the Evidence parameter to ensure the assembly is strongly named? I want to be able to specify the assembly name, culture, version, and public key token. If any of this information does not match the assembly should fail to load.

+2  A: 

You can get an Assembly's public key after loading it - if it loads successfully and has a public key, then it's strong-named:

Assembly assembly = Assembly.LoadFrom (...);
byte[] pk = assembly.GetName().GetPublicKey();

Better still, check the assembly's public key and version info before loading it:

AssemblyName an = AssemblyName.GetAssemblyName ("myfile.exe");
byte[] publicKey = an.GetPublicKey();
CultureInfo culture = an.CultureInfo;
Version version = an.Version;

If GetPublicKey() returns a non-null value, and then the assembly successfully loads, it has a valid strong name.

Joe Albahari
A: 

I have a way for breaking the strong-name verification for patching System.Windows.Forms.dll. If I'm using it, there's not much you can do about it.

EDIT: my trick requires full trust.

Joshua
Are you delay-signing perhaps? If so, this will only work on machines on which you disable strong-name verification (sn -Vr) for that assembly. Otherwise, what are you doing? Has the private key for .NET framework assemblies been leaked?
Joe Albahari
The key hasn't been leaked. The loader assumes the file it gets is the file it asked for.
Joshua
A: 

I found another way to do this.

var assemblyName = new AssemblyName(<fully qualified type name>);
assemblyName.CodeBase = <path to assembly>

Assembly.Load(assemblyName);