StrongNameIdentityPermission Class

Updated: August 2010

Defines the identity permission for strong names. This class cannot be inherited.

Namespace:  System.Security.Permissions
Assembly:  mscorlib (in mscorlib.dll)

[SerializableAttribute]
[ComVisibleAttribute(true)]
public sealed class StrongNameIdentityPermission : CodeAccessPermission

Important noteImportant Note:

In the .NET Framework versions 1.0 and 1.1, identity permissions cannot have an Unrestricted permission state value. In the .NET Framework version 2.0 and later, identity permissions can have any permission state value. This means that in version 2.0 and later versions, identity permissions have the same behavior as permissions that implement the IUnrestrictedPermission interface. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust. For information about executing version 2.0 applications with version 1.1 CAS policy, see <legacyV1CASPolicy> Element.

Use StrongNameIdentityPermission to confirm that the calling code is in a particular strong-named code assembly.

A strong name identity is based on a cryptographic public key called a binary large object (BLOB), which is optionally combined with the name and version of a specific assembly. The key defines a unique namespace and provides strong verification that the name is genuine, because the definition of the name must be in an assembly that is signed by the corresponding private key.

Note that the validity of the strong name key is not dependent on a trust relationship or on any certificate necessarily being issued for the key.

NoteNote:

Full demands for StrongNameIdentityPermission succeed only if all the assemblies in the stack have the correct evidence to satisfy the demand. Link demands that use the StrongNameIdentityPermissionAttribute attribute succeed only if the immediate caller has the correct evidence.

In the .NET Framework versions 1.0 and 1.1, demands on the identity permissions are effective even when the calling assembly is fully trusted. That is, even if the calling assembly has full trust, a demand for an identity permission fails if the assembly does not meet the demanded criteria. In the .NET Framework version 2.0 and later, demands for identity permissions are ineffective if the calling assembly has full trust. This ensures consistency for all permissions and eliminates the treatment of identity permissions as a special case.

For a complete description of strong names, see the StrongName reference page. For more information about strong-named assemblies, see Strong-Named Assemblies.

The StrongNameIdentityPermission class is used to define strong-name requirements for accessing the public members of a type. The StrongNameIdentityPermissionAttribute attribute can be used to define strong-name requirements at the assembly level. In the .NET Framework version 2.0 and later versions, you can also use the InternalsVisibleToAttribute attribute to specify that all nonpublic types in that assembly are visible to another assembly. For more information, see Friend Assemblies (C# Programming Guide) or Friend Assemblies (Visual Basic).

The following code example demonstrates the use of the StrongNameIdentityPermission class. The example is in the form of a class library, which applies both the StrongNameIdentityPermissionAttribute attribute and the StrongNameIdentityPermission to demand that the caller be signed with a specific strong name.

//The following commented code should be compiled as an console application to execute the 
// class library example. 
// 
//using System; 
//using System.Reflection; 
//using SignedLib; 
//[assembly: AssemblyVersion("1.0.0.0")]
//[assembly: AssemblyKeyFile("snKey.snk")]
//public class StrongNameTest 
//{ 
//  // Demonstrate the declarative and imperative forms of the StrongNameIdentityPermission. 
//  public static void Main() 
//  { 
//      try 
//      { 
//            Signed signedLib = new Signed(); 
//            signedLib.GetWindirImperative(); 
//            signedLib.GetWindirDeclarative(); 
//            Console.WriteLine( "Called the signed library assembly methods successfully.");
//      } 
//      catch (Exception e) 
//      { 
//            Console.WriteLine( "Exception thrown in called assembly: " + e.Message);
//      } 
//   } 
//} 
// 
// Class library example to demonstrate StrongNameIdentityPermission and  
// StrongNameIdentityPermissionAttribute. 
using System;
using System.Security.Permissions;
using System.Reflection;
[assembly: AssemblyVersion("1.0.*")]
[assembly :AssemblyKeyFile("snKey.snk")]
namespace SignedLib
{

    public class Signed
    {
        // Read the windir environment variable. 
        public void GetWindirImperative()
        {
            try
            {
                // Use Sn.exe to generate the byte array for the public key.
                byte[] b1 = { 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, 36, 
                    0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 237, 146, 145, 51, 34, 
                    97, 123, 196, 90, 174, 41, 170, 173, 221, 41, 193, 175, 39, 7, 151, 
                    178, 0, 230, 152, 218, 8, 206, 206, 170, 84, 111, 145, 26, 208, 158, 
                    240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199, 111, 224, 4, 112, 
                    46, 84, 0, 104, 229, 38, 39, 63, 53, 189, 0, 157, 32, 38, 34, 109, 0, 
                    171, 114, 244, 34, 59, 9, 232, 150, 192, 247, 175, 104, 143, 171, 42, 
                    219, 66, 66, 194, 191, 218, 121, 59, 92, 42, 37, 158, 13, 108, 210, 
                    189, 9, 203, 204, 32, 48, 91, 212, 101, 193, 19, 227, 107, 25, 133, 
                    70, 2, 220, 83, 206, 71, 102, 245, 104, 252, 87, 109, 190, 56, 34, 180 };

                // Specify the version of the calling assembly.
                Version v1 = new Version("1.0.0.0");
                StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(b1);
                Console.WriteLine(ComparePublicKeys() ? "Calling assembly has same key as this assembly " : "Calling assembly has different key than this assembly");
                // Create different permissions to exercise the set operations.
                StrongNameIdentityPermission snPerm = new StrongNameIdentityPermission(blob, "StrongNamedExe", v1);
                snPerm.Demand();
                // Return the location of the Windows directory that is found in  
                // the windir environment variable.
                Console.WriteLine(Environment.GetEnvironmentVariable("windir"));
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception thrown in called assembly: " + e.Message);
            }
        }
    // Use an attribute to demand that the calling assembly has a specific strong name key. 
    // Use Sn.exe to generate the public key string used for the demand.
    [StrongNameIdentityPermissionAttribute(SecurityAction.Demand, PublicKey = 
        "0024000004800000940000000602000000240000525341310004000001000100ed92913322617b" +
        "c45aae29aaaddd29c1af270797b200e698da08ceceaa546f911ad09ef0f6dbe4221fa30b8210c7" +
        "6fe004702e540068e526273f35bd009d2026226d00ab72f4223b09e896c0f7af688fab2adb4242" +
        "c2bfda793b5c2a259e0d6cd2bd09cbcc20305bd465c113e36b19854602dc53ce4766f568fc576d" +
        "be3822b4")]
        public void GetWindirDeclarative()
        {
            try
            {
                // Return the location of the Windows directory that is found in  
                // the windir environment variable.
                Console.WriteLine(Environment.GetEnvironmentVariable("windir"));
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception thrown in called assembly: " + e.Message);
            }
        }
        public static bool ComparePublicKeys()
        {
            try
            {
                Assembly callingAssembly;

                // Create a target object.
                Int32 integer1 = new Int32();
                Type type1;

                // Set the Type instance to the target class type.
                type1 = integer1.GetType();

                // Create an instance of the assembly class to house the Integer type.  
                callingAssembly = Assembly.GetAssembly(integer1.GetType());

                // Display the name of the calling assembly.
                Assembly entryAssembly = Assembly.GetEntryAssembly();
                string mainAssembly = entryAssembly.FullName;

                Console.WriteLine("Calling assembly = " + entryAssembly.FullName);

                // Get the name of the assembly being called (this assembly).
                string thisAssembly = Assembly.GetCallingAssembly().FullName;

                Console.WriteLine("Called assembly=" + thisAssembly);

                int tokenIndex1 = thisAssembly.LastIndexOf("PublicKeyToken");
                int tokenIndex2 = mainAssembly.LastIndexOf("PublicKeyToken");
                string testString1 = thisAssembly.Substring(tokenIndex1, 31);
                string testString2 = mainAssembly.Substring(tokenIndex2, 31);

                return testString1.Equals(testString2);
            }
            catch
            {
                Console.WriteLine("This is an unexpected exception");
                throw;
            }
        }
    }
}

The following code example demonstrates the behavior of the StrongNameIdentityPermission methods.

The example is intended to show how the methods perform if you execute the methods from your code. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications.

using System;
using System.Security;
using System.Security.Permissions;


public class StrongNameIdentityDemo
{
    // Public key 
    static byte[] b1 = { 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, 36, 0, 0,
82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 237, 146, 145, 51, 34,
97, 123, 196, 90, 174, 41, 170, 173, 221, 41, 193, 175, 39, 7,
151, 178, 0, 230, 152, 218, 8, 206, 206, 170,84, 111, 145, 26,
208, 158, 240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199, 111,
224, 4, 112, 46, 84, 0, 104, 229, 38, 39, 63, 53, 189, 0, 157,
32, 38, 34, 109, 0, 171, 114, 244, 34, 59, 9, 232, 150, 192, 247,
175, 104, 143, 171, 42, 219, 66, 66, 194, 191, 218, 121, 59, 92,
42, 37, 158, 13, 108, 210, 189, 9, 203, 204, 32, 48, 91, 212, 101,
193, 19, 227, 107, 25, 133, 70, 2, 220, 83, 206, 71, 102, 245, 104,
252, 87, 109, 190, 56, 34, 180};

    StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(b1);
    // Use this version number.
    Version v1 = new Version("1.0.0.0");
    // IsSubsetOf determines whether the current permission is a subset of the specified permission. 
    private bool IsSubsetOfDemo()
    {

        bool returnValue = true;

        StrongNameIdentityPermission snIdPerm1, snIdPerm2;

        snIdPerm1 = new StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", new Version("1.0.0.0"));
        snIdPerm2 = new StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.MyFile", new Version("1.0.0.0"));

        if (snIdPerm1.IsSubsetOf(snIdPerm2))
        {

            Console.WriteLine("MyCompany.MyDepartment.* is a subset " +
            "of MyCompany.MyDepartment.MyFile \n");
        }
        else
        {
            Console.WriteLine("MyCompany.MyDepartment.*" +
            " is not a subset of MyCompany.MyDepartment.MyFile \n");
        }

        return returnValue;
    }
    // Union creates a new permission that is the union of the current permission and the specified permission. 
    private bool UnionDemo()
    {

        bool returnValue = true;

        StrongNameIdentityPermission snIdPerm1, snIdPerm2;
        IPermission snIdPerm3;

        snIdPerm1 = new StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", new Version("1.0.0.0"));
        snIdPerm2 = new StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.MyFile", new Version("1.0.0.0"));

        snIdPerm3 = (StrongNameIdentityPermission)snIdPerm1.Union(snIdPerm2);

        try
        {
            Console.WriteLine("The union of MyCompany.MyDepartment.*" +
            "and MyCompany.MyDepartment.MyFile is " +
            ((StrongNameIdentityPermission)snIdPerm3).Name.ToString());
        }
        catch (Exception e)
        {
            Console.WriteLine("An expected exception was thrown: " + e.Message);
        }


        return returnValue;

    }
    // Intersect creates and returns a new permission that is the intersection of the current 
    // permission and the permission specified. 
    private bool IntersectDemo()
    {

        bool returnValue = true;

        StrongNameIdentityPermission snIdPerm1, snIdPerm2, snIdPerm3;

        snIdPerm1 = new StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", new Version("1.0.0.0"));
        snIdPerm2 = new StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.MyFile", new Version("1.0.0.0"));

        try
        {

            snIdPerm3 = (StrongNameIdentityPermission)snIdPerm1.Intersect(snIdPerm2);

            Console.WriteLine("The intersection of MyCompany.MyDepartment.*"
            + "MyCompany.MyDepartment.MyFile is "
            + ((StrongNameIdentityPermission)snIdPerm3).Name.ToString());

        }
        catch (Exception e)
        {
            Console.WriteLine("An exception was thrown: " + e);
            returnValue = false;
        }

        return returnValue;

    }
    //Copy creates and returns an identical copy of the current permission. 
    private bool CopyDemo()
    {
        bool returnValue = true;

        StrongNameIdentityPermission snIdPerm1, snIdPerm2;

        snIdPerm1 = new StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", new Version("1.0.0.0"));
        snIdPerm2 = new StrongNameIdentityPermission(PermissionState.None);

        snIdPerm2 = (StrongNameIdentityPermission)snIdPerm1.Copy();
        Console.WriteLine("Result of copy = " + snIdPerm2.ToString() + "\n");

        return returnValue;
    }
    // ToXml creates an XML encoding of the permission and its current state; 
    //FromXml reconstructs a permission with the specified state from the XML encoding. 
    private bool ToFromXmlDemo()
    {

        bool returnValue = true;

        StrongNameIdentityPermission snIdPerm1, snIdPerm2;

        snIdPerm1 = new StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", new Version("1.0.0.0"));    
        snIdPerm2 = new StrongNameIdentityPermission(PermissionState.None);
        snIdPerm2.FromXml(snIdPerm1.ToXml());
        Console.WriteLine("Result of ToFromXml = " + snIdPerm2.ToString() + "\n");

        return returnValue;

    }
    // Invoke all demos. 
    public bool RunDemo()
    {

        bool ret = true;
        bool retTmp;
        // Call the IsSubsetOf demo. 
        if (retTmp = IsSubsetOfDemo()) Console.Out.WriteLine("IsSubsetOf demo completed successfully.");
        else
            Console.Out.WriteLine("IsSubsetOf demo failed.");
        ret = retTmp && ret;

        // Call the Union demo. 
        if (retTmp = UnionDemo()) Console.Out.WriteLine("Union demo completed successfully.");
        else
            Console.Out.WriteLine("Union demo failed.");
        ret = retTmp && ret;

        // Call the Intersect demo. 
        if (retTmp = IntersectDemo()) Console.Out.WriteLine("Intersect demo completed successfully.");
        else
            Console.Out.WriteLine("Intersect demo failed.");
        ret = retTmp && ret;


        // Call the Copy demo. 
        if (retTmp = CopyDemo()) Console.Out.WriteLine("Copy demo completed successfully");
        else
            Console.Out.WriteLine("Copy demo failed.");
        ret = retTmp && ret;

        // Call the ToFromXml demo. 
        if (retTmp = ToFromXmlDemo()) Console.Out.WriteLine("ToFromXml demo completed successfully");
        else
            Console.Out.WriteLine("ToFromXml demo failed.");
        ret = retTmp && ret;

        Console.WriteLine("********************************************************\n");


        return (ret);






    }
    // Test harness. 
    public static void Main(String[] args)
    {
        try
        {
            StrongNameIdentityDemo democase = new StrongNameIdentityDemo();
            bool ret = democase.RunDemo();
            if (ret)
            {
                Console.Out.WriteLine("StrongNameIdentity demo completed successfully.");
                Console.Out.WriteLine("Press the Enter key to exit.");
                string consoleInput = Console.ReadLine();
                System.Environment.ExitCode = 100;
            }
            else
            {
                Console.Out.WriteLine("StrongNameIdentity demo failed.");
                Console.Out.WriteLine("Press the Enter key to exit.");
                string consoleInput = Console.ReadLine();
                System.Environment.ExitCode = 101;
            }
        }
        catch (Exception e)
        {
            Console.Out.WriteLine("StrongNameIdentity demo failed.");
            Console.WriteLine(e.ToString());
            Console.Out.WriteLine("Press the Enter key to exit.");
            string consoleInput = Console.ReadLine();
            System.Environment.ExitCode = 101;
        }
        // Catch non-CLSCompliant exceptions. 
        catch
        {
            Console.WriteLine("An unexpected non-CLSCompliant exception was thrown.");
        }
    }
}

System.Object
  System.Security.CodeAccessPermission
    System.Security.Permissions.StrongNameIdentityPermission

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

Date

History

Reason

August 2010

Modified and reorganized the remarks.

Customer feedback.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft