|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Publisher SecurityCan anybody describe me why this code: string assemblyPath = "myassembly.dll"; X509Certificate cert = X509Certificate.CreateFromSignedFile(assemblyPath); Evidence evidence = new Evidence(); evidence.AddHost(new Publisher(cert)); AssemblyName asmName = AssemblyName.GetAssemblyName ( assemblyPath ); Assembly asm1 = Assembly.Load(asmName); Assembly asm2 = Assembly.Load(asmName, evidence); Assembly asm3 = Assembly.LoadFrom(assemblyPath); PublisherMembershipCondition cond = new PublisherMembershipCondition(cert); Console.WriteLine("Evidence check: {0}", cond.Check(evidence)); Console.WriteLine("1 assembly check: {0}", cond.Check(asm1.Evidence)); Console.WriteLine("2 assembly check: {0}", cond.Check(asm2.Evidence)); Console.WriteLine("3 assembly check: {0}", cond.Check(asm3.Evidence)); //------------------------------------ output: Evidence check: true 1 assembly check: false 2 assembly check: false 3 assembly check: false I signed assembly by call: signtool.exe sign /f key.pfx /p mypassword /v myassembly.dll When I create AppDomain, I set domain policy: PolicyLevel policyLevel = PolicyLevel.CreateAppDomainLevel(); string assemblyPath = "myassembly.dll"; X509Certificate cert = X509Certificate.CreateFromSignedFile(assemblyPath); CodeGroup codeGroup = new UnionCodeGroup(new PublisherMembershipCondition(cert), new PolicyStatement(new PermissionSet(PermissionState.Unrestricted))); policyLevel.RootCodeGroup = codeGroup; domain.SetAppDomainPolicy(policyLevel); Thanks a lot for any help. Vadim Is the issuing hierarchy for the signing cert verifiable and trusted? For
example, if you've issued the signing cert yourself using makecert, have you added the fake root CA as a trusted root CA on your test machine? Show quoteHide quote "Vadim Malishev" <vmalis***@swsoft.com> wrote in message news:e6TRO0QHGHA.2460@TK2MSFTNGP10.phx.gbl... > Hello All. > > Can anybody describe me why this code: > > string assemblyPath = "myassembly.dll"; > X509Certificate cert = X509Certificate.CreateFromSignedFile(assemblyPath); > > Evidence evidence = new Evidence(); > > evidence.AddHost(new Publisher(cert)); > > AssemblyName asmName = AssemblyName.GetAssemblyName ( assemblyPath ); > > Assembly asm1 = Assembly.Load(asmName); > > Assembly asm2 = Assembly.Load(asmName, evidence); > > Assembly asm3 = Assembly.LoadFrom(assemblyPath); > > PublisherMembershipCondition cond = new > PublisherMembershipCondition(cert); > > Console.WriteLine("Evidence check: {0}", cond.Check(evidence)); > > Console.WriteLine("1 assembly check: {0}", cond.Check(asm1.Evidence)); > > Console.WriteLine("2 assembly check: {0}", cond.Check(asm2.Evidence)); > > Console.WriteLine("3 assembly check: {0}", cond.Check(asm3.Evidence)); > > //------------------------------------ > > output: > Evidence check: true > > 1 assembly check: false > > 2 assembly check: false > > 3 assembly check: false > > > > I signed assembly by call: > > signtool.exe sign /f key.pfx /p mypassword /v myassembly.dll > > > When I create AppDomain, I set domain policy: > PolicyLevel policyLevel = PolicyLevel.CreateAppDomainLevel(); > > string assemblyPath = "myassembly.dll"; > > X509Certificate cert = X509Certificate.CreateFromSignedFile(assemblyPath); > > > CodeGroup codeGroup = new UnionCodeGroup(new > PublisherMembershipCondition(cert), new PolicyStatement(new > PermissionSet(PermissionState.Unrestricted))); > > policyLevel.RootCodeGroup = codeGroup; > > domain.SetAppDomainPolicy(policyLevel); > > > > Thanks a lot for any help. > Vadim > > 
Other interesting topics
Client/Server application with single login-SecureStream?
Securing a .NET webapp with ActiveDir and SQL-server? Issuing X.509 Certificates How can I access more properties of the AD Acount Application Security and Trust How to make Windows inaccessible from my software user? Directory access check SHA1Managed class has different results in 2.0 vs. 1.1?? Kerberos S4U problem LogParser - Error |
|||||||||||||||||||||||
