 | |
StrongNameIdentityPermission error
Dotnet Security microsoft.public.dotnet.security
 |
| | Thread Tools | Search this Thread | Display Modes |
#1
 
| |||
| |||
|
StrongNameIdentityPermission error -
06-18-2004
, 08:19 AM
#2
| |||
| |||
|
|
Hi All We have developed a set of technical environmental services (logging,security,exception handling etc.) to be used within our company. We want to secure these assemblies by requesting a StrongNameIdentityPermission on all of the public classes with the key that our company uses to sign their .NET assemblies. This will prevent other non-trusted assemblies from using our assemblies (although I know there is a way to hack the check). Here is a sample of the code that we use to request the permissions with: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.SANLAM_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... The KeyConstants.SANLAM_PUBLIC_KEY is a hex representation of the public part of our key and was extracted using: sn -tp ourPublicKey.snk However, when we run the code we get the following exception: A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll Additional information: Request for the permission of type System.Security.Permissions.StrongNameIdentityPerm ission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. Why is this happening as the code calling the assembly is signed using our company's key? If I change the SecurityAction.Demand to LinkDemand everything works but that implies that another assembly can use any of our company's assemblies to abuse the 'secured' assemblies. What am I doing wrong? Thanks -- Carel Lotz "I want to code till I die" - Robert C. Martin |
#3
| |||
| |||
|
|
Hi Carel, What you get from "sn -tp ourPublicKey.snk" is the public key token which is just a "short version" of the actual public key blob. You can easily see the key token using ILDasm or Reflector. To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:09E0C8AC-F38C-4B30-A0E9-C774FECDC204 (AT) microsoft (DOT) com... Hi All We have developed a set of technical environmental services (logging,security,exception handling etc.) to be used within our company. We want to secure these assemblies by requesting a StrongNameIdentityPermission on all of the public classes with the key that our company uses to sign their .NET assemblies. This will prevent other non-trusted assemblies from using our assemblies (although I know there is a way to hack the check). Here is a sample of the code that we use to request the permissions with: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.SANLAM_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... The KeyConstants.SANLAM_PUBLIC_KEY is a hex representation of the public part of our key and was extracted using: sn -tp ourPublicKey.snk However, when we run the code we get the following exception: A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll Additional information: Request for the permission of type System.Security.Permissions.StrongNameIdentityPerm ission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. Why is this happening as the code calling the assembly is signed using our company's key? If I change the SecurityAction.Demand to LinkDemand everything works but that implies that another assembly can use any of our company's assemblies to abuse the 'secured' assemblies. What am I doing wrong? Thanks -- Carel Lotz "I want to code till I die" - Robert C. Martin |
#4
| |||
| |||
|
|
... To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. |
1. Create a company public/private key pair using: sn -k ourKey.snk
2. Export the public key to a separate file: sn -p ourKey.snk ourPublicKey.snk
3. Dump the hex representation of the public key: sn -tp outPublicKey.snk
4. Set up a constant that contains the dump information, i.e.
Public Const OUR_COMPANY_PUBLIC_KEY As String = _
"0024000004800000940000000602000000240000525341310 0040000010001006d6e773ee0e4c2e2dfd87b0e4a9104a060b 0183176c14d6885ca4f4137734341bbc48bcadf4f4275a1590 19c1b32b3ca5df19787ccff95c3abf37847ef0339c5beec286 5df99f3c17d366966a824b12a15a26e90f6e22a918a24058e6 691b0a3bc2326dcaa844d0d2a66105fef2853222af86c2f596 eef0ac13736f420ad86bd"
5. Set up a StrongNameIdentityPermission using the above mentioned constant:
<StrongNameIdentityPermission(SecurityAction.Deman d, PublicKey:=KeyConstants.OUR_COMPANY_PUBLIC_KEY)> _
Public NotInheritable Class SecurityManager ...
Hope this clears out any confusion. What am I doing wrong?
--
Carel Lotz
"I want to code till I die" - Robert C. Martin
"Fernando Vicaria [MSFT]" wrote:
Quote:
|
Hi Carel, What you get from "sn -tp ourPublicKey.snk" is the public key token which is just a "short version" of the actual public key blob. You can easily see the key token using ILDasm or Reflector. To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:09E0C8AC-F38C-4B30-A0E9-C774FECDC204 (AT) microsoft (DOT) com... Hi All We have developed a set of technical environmental services (logging,security,exception handling etc.) to be used within our company. We want to secure these assemblies by requesting a StrongNameIdentityPermission on all of the public classes with the key that our company uses to sign their .NET assemblies. This will prevent other non-trusted assemblies from using our assemblies (although I know there is a way to hack the check). Here is a sample of the code that we use to request the permissions with: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.SANLAM_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... The KeyConstants.SANLAM_PUBLIC_KEY is a hex representation of the public part of our key and was extracted using: sn -tp ourPublicKey.snk However, when we run the code we get the following exception: A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll Additional information: Request for the permission of type System.Security.Permissions.StrongNameIdentityPerm ission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. Why is this happening as the code calling the assembly is signed using our company's key? If I change the SecurityAction.Demand to LinkDemand everything works but that implies that another assembly can use any of our company's assemblies to abuse the 'secured' assemblies. What am I doing wrong? Thanks -- Carel Lotz "I want to code till I die" - Robert C. Martin |
#5
| |||
| |||
|
|
Hi Fernando You wrote ... To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. From I can understand from the documentation, sn -p will extract the public key out of the private/public key pair that you have created using the sn -k command. I did execute the command to generate the ourPublicKey.snk file. Here is the list of commands that I executed and the order in which I executed them: 1. Create a company public/private key pair using: sn -k ourKey.snk 2. Export the public key to a separate file: sn -p ourKey.snk ourPublicKey.snk 3. Dump the hex representation of the public key: sn -tp outPublicKey.snk 4. Set up a constant that contains the dump information, i.e. Public Const OUR_COMPANY_PUBLIC_KEY As String = _ "0024000004800000940000000602000000240000525341310 0040000010001006d6e773ee0e4c2e2dfd87b0e4a9104a060b 0183176c14d6885ca4f4137734341bbc48bcadf4f4275a1590 19c1b32b3ca5df19787ccff95c3abf37847ef0339c5beec286 5df99f3c17d366966a824b12a15a26e90f6e22a918a24058e6 691b0a3bc2326dcaa844d0d2a66105fef2853222af86c2f596 eef0ac13736f420ad86bd" 5. Set up a StrongNameIdentityPermission using the above mentioned constant: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.OUR_COMPANY_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... Hope this clears out any confusion. What am I doing wrong? -- Carel Lotz "I want to code till I die" - Robert C. Martin "Fernando Vicaria [MSFT]" wrote: Hi Carel, What you get from "sn -tp ourPublicKey.snk" is the public key token which is just a "short version" of the actual public key blob. You can easily see the key token using ILDasm or Reflector. To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:09E0C8AC-F38C-4B30-A0E9-C774FECDC204 (AT) microsoft (DOT) com... Hi All We have developed a set of technical environmental services (logging,security,exception handling etc.) to be used within our company. We want to secure these assemblies by requesting a StrongNameIdentityPermission on all of the public classes with the key that our company uses to sign their .NET assemblies. This will prevent other non-trusted assemblies from using our assemblies (although I know there is a way to hack the check). Here is a sample of the code that we use to request the permissions with: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.SANLAM_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... The KeyConstants.SANLAM_PUBLIC_KEY is a hex representation of the public part of our key and was extracted using: sn -tp ourPublicKey.snk However, when we run the code we get the following exception: A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll Additional information: Request for the permission of type System.Security.Permissions.StrongNameIdentityPerm ission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. Why is this happening as the code calling the assembly is signed using our company's key? If I change the SecurityAction.Demand to LinkDemand everything works but that implies that another assembly can use any of our company's assemblies to abuse the 'secured' assemblies. What am I doing wrong? Thanks -- Carel Lotz "I want to code till I die" - Robert C. Martin |
#6
| |||
| |||
|
|
Hi Carel, Did you sign the assembly? As all potential callers of your assembly must be signed they will require at least one of the two conditions bellow: 1. Your assembly must be signed 2. Callers must have the AllowPartiallyTrustedCallersAttribute declared If you still have problems I have a simple example if you need. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:22306357-093C-4B2B-8196-50E514EAB49E (AT) microsoft (DOT) com... Hi Fernando You wrote ... To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. From I can understand from the documentation, sn -p will extract the public key out of the private/public key pair that you have created using the sn -k command. I did execute the command to generate the ourPublicKey.snk file. Here is the list of commands that I executed and the order in which I executed them: 1. Create a company public/private key pair using: sn -k ourKey.snk 2. Export the public key to a separate file: sn -p ourKey.snk ourPublicKey.snk 3. Dump the hex representation of the public key: sn -tp outPublicKey.snk 4. Set up a constant that contains the dump information, i.e. Public Const OUR_COMPANY_PUBLIC_KEY As String = _ "0024000004800000940000000602000000240000525341310 0040000010001006d6e773ee0e4c2e2dfd87b0e4a9104a060b 0183176c14d6885ca4f4137734341bbc48bcadf4f4275a1590 19c1b32b3ca5df19787ccff95c3abf37847ef0339c5beec286 5df99f3c17d366966a824b12a15a26e90f6e22a918a24058e6 691b0a3bc2326dcaa844d0d2a66105fef2853222af86c2f596 eef0ac13736f420ad86bd" 5. Set up a StrongNameIdentityPermission using the above mentioned constant: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.OUR_COMPANY_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... Hope this clears out any confusion. What am I doing wrong? -- Carel Lotz "I want to code till I die" - Robert C. Martin "Fernando Vicaria [MSFT]" wrote: Hi Carel, What you get from "sn -tp ourPublicKey.snk" is the public key token which is just a "short version" of the actual public key blob. You can easily see the key token using ILDasm or Reflector. To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:09E0C8AC-F38C-4B30-A0E9-C774FECDC204 (AT) microsoft (DOT) com... Hi All We have developed a set of technical environmental services (logging,security,exception handling etc.) to be used within our company. We want to secure these assemblies by requesting a StrongNameIdentityPermission on all of the public classes with the key that our company uses to sign their .NET assemblies. This will prevent other non-trusted assemblies from using our assemblies (although I know there is a way to hack the check). Here is a sample of the code that we use to request the permissions with: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.SANLAM_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... The KeyConstants.SANLAM_PUBLIC_KEY is a hex representation of the public part of our key and was extracted using: sn -tp ourPublicKey.snk However, when we run the code we get the following exception: A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll Additional information: Request for the permission of type System.Security.Permissions.StrongNameIdentityPerm ission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. Why is this happening as the code calling the assembly is signed using our company's key? If I change the SecurityAction.Demand to LinkDemand everything works but that implies that another assembly can use any of our company's assemblies to abuse the 'secured' assemblies. What am I doing wrong? Thanks -- Carel Lotz "I want to code till I die" - Robert C. Martin |
#7
| |||
| |||
|
|
Hi Fernando The assemblies calling the 'secured' assemblies are all signed using the same key. -- Carel Lotz "I want to code till I die" - Robert C. Martin "Fernando Vicaria [MSFT]" wrote: Hi Carel, Did you sign the assembly? As all potential callers of your assembly must be signed they will require at least one of the two conditions bellow: 1. Your assembly must be signed 2. Callers must have the AllowPartiallyTrustedCallersAttribute declared If you still have problems I have a simple example if you need. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:22306357-093C-4B2B-8196-50E514EAB49E (AT) microsoft (DOT) com... Hi Fernando You wrote ... To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. From I can understand from the documentation, sn -p will extract the public key out of the private/public key pair that you have created using the sn -k command. I did execute the command to generate the ourPublicKey.snk file. Here is the list of commands that I executed and the order in which I executed them: 1. Create a company public/private key pair using: sn -k ourKey.snk 2. Export the public key to a separate file: sn -p ourKey.snk ourPublicKey.snk 3. Dump the hex representation of the public key: sn -tp outPublicKey.snk 4. Set up a constant that contains the dump information, i.e. Public Const OUR_COMPANY_PUBLIC_KEY As String = _ "0024000004800000940000000602000000240000525341310 0040000010001006d6e773ee0e4c2e2dfd87b0e4a9104a060b 0183176c14d6885ca4f4137734341bbc48bcadf4f4275a1590 19c1b32b3ca5df19787ccff95c3abf37847ef0339c5beec286 5df99f3c17d366966a824b12a15a26e90f6e22a918a24058e6 691b0a3bc2326dcaa844d0d2a66105fef2853222af86c2f596 eef0ac13736f420ad86bd" 5. Set up a StrongNameIdentityPermission using the above mentioned constant: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.OUR_COMPANY_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... Hope this clears out any confusion. What am I doing wrong? -- Carel Lotz "I want to code till I die" - Robert C. Martin "Fernando Vicaria [MSFT]" wrote: Hi Carel, What you get from "sn -tp ourPublicKey.snk" is the public key token which is just a "short version" of the actual public key blob. You can easily see the key token using ILDasm or Reflector. To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:09E0C8AC-F38C-4B30-A0E9-C774FECDC204 (AT) microsoft (DOT) com... Hi All We have developed a set of technical environmental services (logging,security,exception handling etc.) to be used within our company. We want to secure these assemblies by requesting a StrongNameIdentityPermission on all of the public classes with the key that our company uses to sign their .NET assemblies. This will prevent other non-trusted assemblies from using our assemblies (although I know there is a way to hack the check). Here is a sample of the code that we use to request the permissions with: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.SANLAM_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... The KeyConstants.SANLAM_PUBLIC_KEY is a hex representation of the public part of our key and was extracted using: sn -tp ourPublicKey.snk However, when we run the code we get the following exception: A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll Additional information: Request for the permission of type System.Security.Permissions.StrongNameIdentityPerm ission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. Why is this happening as the code calling the assembly is signed using our company's key? If I change the SecurityAction.Demand to LinkDemand everything works but that implies that another assembly can use any of our company's assemblies to abuse the 'secured' assemblies. What am I doing wrong? Thanks -- Carel Lotz "I want to code till I die" - Robert C. Martin |
#8
| |||
| |||
|
|
Hi Fernando I've just verified again. All my assemblies (secured and non-secured) are signed with the same key. -- Carel Lotz "I want to code till I die" - Robert C. Martin "Fernando Vicaria [MSFT]" wrote: What about the one you called "secured"? "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news  C8C62E7-0C97-45CC-8AB9-CA5F925E4EAB (AT) microsoft (DOT) com...Hi Fernando The assemblies calling the 'secured' assemblies are all signed using the same key. -- Carel Lotz "I want to code till I die" - Robert C. Martin "Fernando Vicaria [MSFT]" wrote: Hi Carel, Did you sign the assembly? As all potential callers of your assembly must be signed they will require at least one of the two conditions bellow: 1. Your assembly must be signed 2. Callers must have the AllowPartiallyTrustedCallersAttribute declared If you still have problems I have a simple example if you need. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:22306357-093C-4B2B-8196-50E514EAB49E (AT) microsoft (DOT) com... Hi Fernando You wrote ... To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. From I can understand from the documentation, sn -p will extract the public key out of the private/public key pair that you have created using the sn -k command. I did execute the command to generate the ourPublicKey.snk file. Here is the list of commands that I executed and the order in which I executed them: 1. Create a company public/private key pair using: sn -k ourKey.snk 2. Export the public key to a separate file: sn -p ourKey.snk ourPublicKey.snk 3. Dump the hex representation of the public key: sn -tp outPublicKey.snk 4. Set up a constant that contains the dump information, i.e. Public Const OUR_COMPANY_PUBLIC_KEY As String = _ "0024000004800000940000000602000000240000525341310 0040000010001006d6e773ee0e4c2e2dfd87b0e4a9104a060b 0183176c14d6885ca4f4137734341bbc48bcadf4f4275a1590 19c1b32b3ca5df19787ccff95c3abf37847ef0339c5beec286 5df99f3c17d366966a824b12a15a26e90f6e22a918a24058e6 691b0a3bc2326dcaa844d0d2a66105fef2853222af86c2f596 eef0ac13736f420ad86bd" 5. Set up a StrongNameIdentityPermission using the above mentioned constant: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.OUR_COMPANY_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... Hope this clears out any confusion. What am I doing wrong? -- Carel Lotz "I want to code till I die" - Robert C. Martin "Fernando Vicaria [MSFT]" wrote: Hi Carel, What you get from "sn -tp ourPublicKey.snk" is the public key token which is just a "short version" of the actual public key blob. You can easily see the key token using ILDasm or Reflector. To get the key blob use "sn -p ourPublicKey.snk public.key" to export the public key blob to a separate file and then use a HexEditor to view it. Hope this helps. Regards, Fernando "Carel Lotz" <CarelLotz (AT) discussions (DOT) microsoft.com> wrote in message news:09E0C8AC-F38C-4B30-A0E9-C774FECDC204 (AT) microsoft (DOT) com... Hi All We have developed a set of technical environmental services (logging,security,exception handling etc.) to be used within our company. We want to secure these assemblies by requesting a StrongNameIdentityPermission on all of the public classes with the key that our company uses to sign their .NET assemblies. This will prevent other non-trusted assemblies from using our assemblies (although I know there is a way to hack the check). Here is a sample of the code that we use to request the permissions with: StrongNameIdentityPermission(SecurityAction.Demand , PublicKey:=KeyConstants.SANLAM_PUBLIC_KEY)> _ Public NotInheritable Class SecurityManager ... The KeyConstants.SANLAM_PUBLIC_KEY is a hex representation of the public part of our key and was extracted using: sn -tp ourPublicKey.snk However, when we run the code we get the following exception: A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll Additional information: Request for the permission of type System.Security.Permissions.StrongNameIdentityPerm ission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. Why is this happening as the code calling the assembly is signed using our company's key? If I change the SecurityAction.Demand to LinkDemand everything works but that implies that another assembly can use any of our company's assemblies to abuse the 'secured' assemblies. What am I doing wrong? Thanks -- Carel Lotz "I want to code till I die" - Robert C. Martin |
|
« Previous Thread
|
Next Thread »
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.