Hi,

I am really new to .NET security. I hope that someone could help me or
give hints to resolve this quite simple problem :

I have to develop a .NET application that will connect to a database.
The assembly has to be called by a .NET Windows service issued by a
partner.

I want to be sure that ONLY this .NET windows service will call my
assembly and not another app that would like to access the database
through my assembly.

So my question is :
How to obtain authentication of the client of my assembly?

The security domain is very large for .NET, so if you have some hints
about a way to resolve the authentication you're the welcomed.

Best regards,
Adriano Labate

Hi,

there is not really a bullet proof way of doing this...

what you could do is to check the strong name of the caller - you could use
Assembly.GetCallingAssembly and extract the strong name from there...

But be aware that if someone physically owns your assembly - he can poke
around in it (using reflector) and will find ways around that protection...

The only solution would be to run all the code in partial trust - which is
not really realistic in your case...


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)