Is it possible to use the Assembly.LoadFrom overload with the Evidence parameter to ensure the assembly is strongly named? I want to be able to specify the assembly name, culture, version, and public key token. If any of this information does not match the assembly should fail to load.
views:
933answers:
3
+2
A:
You can get an Assembly's public key after loading it - if it loads successfully and has a public key, then it's strong-named:
Assembly assembly = Assembly.LoadFrom (...);
byte[] pk = assembly.GetName().GetPublicKey();
Better still, check the assembly's public key and version info before loading it:
AssemblyName an = AssemblyName.GetAssemblyName ("myfile.exe");
byte[] publicKey = an.GetPublicKey();
CultureInfo culture = an.CultureInfo;
Version version = an.Version;
If GetPublicKey() returns a non-null value, and then the assembly successfully loads, it has a valid strong name.
Joe Albahari
2009-05-01 02:46:24
A:
I have a way for breaking the strong-name verification for patching System.Windows.Forms.dll. If I'm using it, there's not much you can do about it.
EDIT: my trick requires full trust.
Joshua
2009-05-01 02:48:42
Are you delay-signing perhaps? If so, this will only work on machines on which you disable strong-name verification (sn -Vr) for that assembly. Otherwise, what are you doing? Has the private key for .NET framework assemblies been leaked?
Joe Albahari
2009-05-01 02:53:33
The key hasn't been leaked. The loader assumes the file it gets is the file it asked for.
Joshua
2009-05-01 15:17:40