Join Ted Neward for an in-depth discussion in this video Strong-named assemblies, part of CLR Assemblies Deployment for .NET Developers.
- Now, one of the things I mentioned earlier is that .NET is very, very concerned about security as a part of this platform. And one of the things that we can do to help secure code is that we can use what's call strong naming, to in fact, put some verification and some validation around the assembly. Now, bear in mind, understand very, very importantly, this does not make your application, as a whole, secure. This will not help you against Anonymous if they should come calling against your laptop. What this will do is this will enable you to make certain that when you create code and you compile code and you deploy code, if anybody were to tamper with that file, .NET will be able to discover that and prevent that code from being loaded.
This is simply one tool in an arsenal of tools against people who want to do bad things. To strong-name an assembly, we will require a public/private key pair. Microsoft provides a command line utility called SN, for strong name, to generate that public/private key pair. We can reference it from within code in a variety of different ways. Once we do that, there will be a digital signature. In other words, Microsoft will look at the contents of the file and it will generate a cryptographic hash.
This is a one way function meaning that only this content will be able to produce that particular hash. And then a shortened version of that hash will be embedded in any assembly that uses this one. If the shortened version, what's also known as a public key token, if it doesn't seem to match up with the hash, Microsoft will say "ehh". This doesn't look like it was when it was first built and it will prevent the load. This is a little bit easier to see than to talk about, so let me show you what I mean by that.
- Reviewing the concept of assemblies
- Reviewing library assemblies in ildasm
- Working with assemblies and modules
- Working with assembly scope types
- Reviewing assembly names and versions
- Referencing assemblies from managed code