Tech Off Thread

12 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Hard one ...

Back to Forum: Tech Off
  • User profile image
    Natty Gur

    Ok, you ask for it ...

    I'm creating Assembly dynamically in memory using CodeDom. That's fine but I want to register that dynamic assembly as COM+ server application. The problem I'm facing is how can I generate SN key in memory and assign it to my dynamic assembly. I try to disassemble SN.EXE to get an idea what going on there but SN.exe isn't .NET image. Any idea?
     

  • User profile image
    Loadsgood

    No sorry.

  • User profile image
    robert

    Okay while I have no idea how sn.exe works - there is a very easy way to generate key. Use System.Diagnostics.Process to kick off a new instance of sn.exe and then read the results from disk. I see two apporaches, use sn.exe to generate a key then assign it to your assembly before/during compilation or write your assembly to disk then use SN.exe to sign it.

    A third apporach would be to generate a key in advance and hold it as resource of your application, this has the advanatage that all dyncamical generated apps had the same key. If you want to ensure only apps that were dynamically generate were signed by that key you could encrypt the key itself, but then you have the problem of how to store the key that encrypts the key ...

    None of these apporaches glamous as reverse engineering sn.exe but thier alot easier. If your really want to reverse engineer sn.exe then I'm pretty sure the crytographic algorthyms are covered as part of the EMCA strandard of C#.

  • User profile image
    Natty Gur

     

    Thanks,

    I cant call sn.exe since I need to use it as part of web request and I cant ensure that all users got enough rights to lunch application. I'll take a look at EMCA standard.

     

  • User profile image
    robert

    I'd still be temped to find away of giving whatever security context your web request runs in to have enough rights to kick of a new process, but agree that this may have potenial security implication.

    BUT I had another brain wave check out "rotor" the shared source implemenation of the .NET framework comes with an implemenation of sn.exe.

    This artical gives an overview of rotor:
    http://msdn.microsoft.com/msdnmag/issues/02/07/SharedSourceCLI/default.aspx

    Download it here:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=3A1C93FA-7462-47D0-8E56-8DD34C6292F0&displaylang=en

  • User profile image
    Mike Dimmick

    "Giving a Dynamic Assembly a Strong Name": http://msdn.microsoft.com/library/en-us/cpguide/html/cpcongivingdynamicassemblystrongname.asp

    You'll still need a strong naming key.

  • User profile image
    Charles

    Natty Gur wrote:

     

    Thanks,

    I cant call sn.exe since I need to use it as part of web request and I cant ensure that all users got enough rights to lunch application. I'll take a look at EMCA standard.

     



    What exactly is your application doing? From a security perspective, it concerns me that you are dynamically generating (user created?) assemblies on the server. What type of app is this?

    Please elaborate on exactly what you are doing and I will see to it that you get help from a CLR dev.

    Keep on posting,

    Charles

  • User profile image
    Charles

    Natty Gur wrote:

    Ok, you ask for it ...

    I'm creating Assembly dynamically in memory using CodeDom. That's fine but I want to register that dynamic assembly as COM+ server application. The problem I'm facing is how can I generate SN key in memory and assign it to my dynamic assembly. I try to disassemble SN.EXE to get an idea what going on there but SN.exe isn't .NET image. Any idea?  



    Question for you from a CLR architect:

    "I assume you need a strong name of your generated assembly in order to register it as a COM+ server application, but there is never any other reason you need the strong name and you never need to reuse the strong name signing key. Is this true?"


    Keep on posting,


    Charles

  • User profile image
    Natty Gur

    Hi,

    thanks. I'm developing application server. I'm generating dynamic code to produce services to hosted classes. Actually I want to supply levels of isolation and I thought to register dynamic assembly that serve as controllers facade as COM+ application to achieve high isolation.
    I don't want to deploy my infrastructure with strong name key neither to use any processes. I thought to use RegistrationHelper class to register dynamic assemblies. I just look for a way to add strong name to dynamic assembly without using sn.exe or *.snk file.

    Meanwhile I made some architecture maneuvers and managed to overcome that problem but Ill be glad to it the right way.

  • User profile image
    Natty Gur

    Charles wrote:
    Natty Gur wrote:

    Ok, you ask for it ...

    I'm creating Assembly dynamically in memory using CodeDom. That's fine but I want to register that dynamic assembly as COM+ server application. The problem I'm facing is how can I generate SN key in memory and assign it to my dynamic assembly. I try to disassemble SN.EXE to get an idea what going on there but SN.exe isn't .NET image. Any idea?  



    Question for you from a CLR architect:

    "I assume you need a strong name of your generated assembly in order to register it as a COM+ server application, but there is never any other reason you need the strong name and you never need to reuse the strong name signing key. Is this true?"


    Keep on posting,


    Charles


    Yep.

  • User profile image
    Natty Gur

    Thanks for your time and effort.

  • User profile image
    Charles

    For the time being, if you've successfully overcome this issue by redesigning your solution, then I'd recommend going with it...

    The CLR team may be addressing this currently unsupported functionality in the future. It would be a useful addition to strong name generation: deriving the strong name of any assembly - whether it was signed or not - to be used in cases where there is no signer and where no revision control is needed (as is true in this case where the assembly is dynamically generated).

    Thanks for sharing your problem. Sorry the solution was so abstruse.


    Keep on posting,

    Charles

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.