Protect your code-Who moved my components?

Source: China IT lab
As A. Net developer, you write Code Your components are running on more and more machines. Suddenly one day, you found that the component you wrote was referenced in a project written by someone else, and the most annoying thing was that the person was doing evil in your name to destroy his system! You can't help it. Shout Oh shit !, Open msdn and see if there is any way to help you block this conspiracy.

OK. The method is found. That is. NET platform provides code access security. A large number of classes inherited from codeaccesspermission can help you implement code security control in different aspects and scopes. All you need to do is to pick out the most suitable categories and apply them to protect your components.

After some selection, you finally decided to use the strongnameidentitypermissionattribute class. This class allows you to publish components (or classes, methods) with a strong name (usually you releaseProgramIn this way, your component can be used only when the client program has the strong name signature. That is to say, any third-party Code cannot be protected by strongnameidentitypermissionattribute except that the client code you write is allowed to use components because it has the same signature, therefore, you cannot maliciously call your components :). It sounds really good. Just do it now!

for simplicity, first create a simple class library project. The Code is as follows:
// securecomp. DLL
using system;
namespace musicland
{< br> public class securecomp
{< br> Public String confidential ()
{< br> return "this is confidential! ";
}< BR >}< br> the current component is very poor, because anyone can write code to call it. Next, you have to do something:

first introduce system. security. permissions namespace:
using system. security. permissions;
then, add the strongnameidentitypermissionattribute attribute at the component level:
[Assembly: strongnameidentitypermissionattribute (securityaction. requestminimum, publickey = "002400000480000094000000060200000024369525341310004000001000100c11c8497d" + "minimum" + "126 Domains "+" domains ")]
namespace musicland
...
note that securityaction is used here. requestminimum, which declares that unless the resource access permission indicated by strongnameidentitypermissionattribute is obtained (that is, the access permission to securecomp. the access permission of the DLL component can be set to securecomp. otherwise, the CLR will not allow the caller (that is, the client code) to access the requested resources. In addition, the publickey attribute includes the hexadecimal representation of the public key that you allow (converted to the string type ). The CRL determines whether the caller is valid based on the public key during its operation. It cannot be accessed unless the caller has the corresponding private key. It seems that you must always protect your key files, because the leakage of key files (especially private keys) will become the root of your endless nightmare, and the delayed signature (Delay signing) it is particularly important here :.)

Here, you must have a big question mark: How did you get this long publickey? Can't I make it out of thin air? Of course not. Do you still remember the sn.exe tool? You can extract the publickey. OK, open your command line, locate the directory where the key file is located, and enter the following content:

Sn-P key. SNK publickey. SNK
In this way, the extracted public key information is stored in the publickey. SNK file. Now you only need to read the public key information and convert it into a proper format. Here, you can use. Net framework's own secutil.exe tool, but as far as I know, the output of the secutil tool is in array format (I tested all the output options provided by secutil on my machine, but the results are the same, this makes me very surprised, I wonder if you have a better way), so I wrote a small tool to complete this read and conversion. If you are interested, you can send me an email (because I don't have my own network space to store it. Of course, you can also write it by yourself, because it is too simple to read binary files ).

Now your code is fully armed. Try to write a console client to call securecomp. What is the result? Is it "unable to obtain the corresponding Permissions "? Try to use key. SNK to sign the client program and then access it. This time, you can access it! :)
Conclusion: The proper application of code access security can protect your code from incorrect calls by third parties. However, excessive security protection may also reduce the code running efficiency, this has a negative impact.