This book in the past few years fragmented read two or three times, as a classic book, should repeat read and reread, since I began to write Bo, I am also ready to think of the classic good book reread carefully read it again, and put the notes into the blog, good memory than bad writing, but also in the process can deepen their understanding of the depth, And, of course, it's shared with friends in the technology community.
Strong-Named Assemblies
Advantages
- Assembly sharing
- Version coexistence, resolving DLL Hell
- Security Policy (tamper-proof)
- Release policy control
Identity composition
- File name (excluding extension) + version number + language culture + public key
CLR load mode
- Weak-named assembly private deployment, where the CLR uses only the assembly name when searching in a base directory or subdirectory
- When the CLR searches for a strong-named assembly, it uses the completed assembly identity
Create steps
- Get the key using strong Name (SN.exe), Sn–k mycompany.snk, which contains the binary public and private keys
- (optional) sn–p mycompany.snk Mycompany.publickey, creating a file that contains only the public key
- (optional) SN–TP Mycompany.publickey, view full public and public key token, private key not viewable
- Compiling csc/keyfile:mycompany.snk App.cs with CSC
- The compiler opens the SNK file, signs the assembly with the private key, and embeds the public key in the manifest
- Find assemblies all files by FileDef inventory metadata
- Hash All Files
- (optional) hash algorithm al.exe/algid or System.Reflection.AssemblyAlgorithmIdAttribute
- (optional) The SHA-1 algorithm is used by default
- Using the hashing algorithm to process the contents of the PE file, using the private key signature to obtain the RSA digital signature
- Signature is stored in a reserved area of the PE file (tamper-proof)
- The CLR header of the PE file is updated to reflect the embedded location of the digital signature in the file
Public Key Token
- The public key token is a 64-bit hash of the public key SN.EXE–TP can be viewed
Assembly definition
- AssemblyDef metadata table records and stores the full public key
- Full public key to prevent tampering
Assembly reference
- AssemblyRef metadata table lists the identities of each strong assembly
- AssemblyRef the actual stored public key is the last 8 bytes of the hash, referred to as the public key token
- When the CLR makes a security or trust decision, the public key is used instead of the public key token
Gac
- Global assembly Cache (Globals Assembly cache)
- Table of Contents:. NET 3.5 and previous version C:\Windows\Assembly. NET4.0 and later C:\Windows\Microsoft.NET\Assembly
- Organization: A structured organization that generates names of subdirectories by algorithm
- Recommendation: Never manually copy files to the GAC directory, instead use gacutil.exe/i to install/u Uninstall
- Recommendation: GACUTIL.EXE/R switches, assembly bindings installation and uninstallation
- Recommendation: Use Windows Installer (MSI) to talk about assemblies installed to the GAC
- Trade-offs: Violating simple deployment principles (replicating Directories), general private deployment, using the GAC for special reasons (such as sharing)
Delay signing
- Also called partial signature, only the public key is used to generate the assembly, temporarily without the private key
- There is no security and tampering problem because it is only a development phase delay and will be signed when the package is deployed
- Compile switch: csc/delaysign, al.exe/delay[sign]
- When packaging and deploying, use the SN.exe signature again, using the-R switch (hashing the file, signing with the private key)
- To embed an RSA digital signature into a file's reserved space
- Steps:
- Compiling csc/keyfile/delaysign
- Causes the CLR to temporarily trust the assembly, does not hash, and does not compare hashes SN.EXE–VR MyAssembly.dll
- When deployed, gets the private key, executes the command sn.exe–r MyAssembly.dll Mycompany.privatekey
- In the actual environment, execute the command, re-enable assembly validation, Sn.exe–vu–myassembly.dll
The CLR process of loading and executing assemblies
Others (Tips)
- When the CSC compiles, the lookup Assembly finds an assembly in 4 places
- Working directory
- Contains the directory of the CSC.exe itself, and the directories contain various files of the DLL
- Directories specified using the/lib compiler switch
- Directories specified using the LIB environment variable
- Attention! The above lookup directory is only compiled, and the runtime does not load the assembly from here
- The platform schema is not differentiated at compile time, and the correct assembly is loaded by the CLR at runtime
- Load assembly order at run time
- Find in the GAC
- CodeBase in the specified URI (Security authentication Tamper-proof)
- Find in working directory
- The. NET Framework installs two sets of assemblies by default
- Assembly of the compiler CLR directory facilitates generation
- Copies in the GAC facilitate loading at run time
- Failed to install GAC or load assembly by comparing hashes in filedef inventory table store
Conclusion
To tell the truth, there are a few parts of this section oneself also stay in the degree of smattering, did not do actual verification, good reading superficial understanding, after the need will be carefully verified!
Reading notes-CLR via C # Chapter 3
