StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWhy would a .net web app need to check if the public key of the name of the CALLING assembly has the same length as the EXECUTING assembly's?
primarykey
Id
17937278
data
AcceptedAnswerId
17997734
AnswerCount
1
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2013-07-30T02:18:32.890
FavoriteCount
1
LastActivityDate
2013-08-01T15:05:24.123
LastEditDate
2013-07-31T01:37:08.287
LastEditorUserId
87861
OwnerUserId
87861
ParentId
0
PostTypeId
1
Score
1
ViewCount
85
LastEditorDisplayName
text
Body
An old .NET web app I inherited is littered with an odd "assembly security check": it checks that the public key of the name of the calling assembly has the same length as the public key of the name of the executing assembly. The calls look like this: <pre><code>CheckAssembly(System.Reflection.Assembly.GetCallingAssembly(), System.Reflection.Assembly.GetExecutingAssembly(), this); </code></pre> ...and that method is: <pre><code>public static void CheckAssembly(Assembly callingAssembly, Assembly executingAssembly, object useObject) { byte[] assemblyPublicKey = executingAssembly.GetName().GetPublicKey(); byte[] callingPublicKey = callingAssembly.GetName().GetPublicKey(); if (callingPublicKey == null || assemblyPublicKey.Length != callingPublicKey.Length) { throw new SecurityException("The calling assembly does not have permission to use objects of type '" + useObject.GetType().FullName + "'"); } for (int i = 0; i < assemblyPublicKey.Length; i++) { if (assemblyPublicKey[i] != callingPublicKey[i]) { throw new SecurityException("The calling assembly does not have permission to use objects of type '" + useObject.GetType().FullName + "'"); } } } </code></pre> <ol> <li>I think it's checking if it's assemblies (DLL files) have not been swapped or modified or anything. Is that correct? If not, what is this code doing? Any guesses as to why it would have been written?</li> <li>I thought the .net framework would do this anyway, if it's needed. Right?</li> <li>Maybe this is old code from when the app was a winforms app and not a web app? Since it's a web app, we have complete control over what DLLs are on the server, so no security risk, correct?</li> </ol> (Can provide further info if needed).
Tags
<.net><reflection><.net-assembly><code-access-security>
Title
Why would a .net web app need to check if the public key of the name of the CALLING assembly has the same length as the EXECUTING assembly's?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USMGOwen
UserOwnerUserId
1. USMGOwen
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POWhy would a .net web app need to check if the public key of the name of the CALLING assembly has the same length as the EXECUTING assembly's?
 UserUserId
 UShenrym
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POWhy would a .net web app need to check if the public key of the name of the CALLING assembly has the same length as the EXECUTING assembly's?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.