StrongNameIdentityPermission Class
Updated: August 2010
Defines the identity permission for strong names. This class cannot be inherited.
Assembly: mscorlib (in mscorlib.dll)
Important Note: |
|---|
In the .NET Framework versions 1.0 and 1.1, identity permissions cannot have an Unrestricted permission state value. In the .NET Framework version 2.0 and later, identity permissions can have any permission state value. This means that in version 2.0 and later versions, identity permissions have the same behavior as permissions that implement the IUnrestrictedPermission interface. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust. For information about executing version 2.0 applications with version 1.1 CAS policy, see <legacyV1CASPolicy> Element. |
Use StrongNameIdentityPermission to confirm that the calling code is in a particular strong-named code assembly.
A strong name identity is based on a cryptographic public key called a binary large object (BLOB), which is optionally combined with the name and version of a specific assembly. The key defines a unique namespace and provides strong verification that the name is genuine, because the definition of the name must be in an assembly that is signed by the corresponding private key.
Note that the validity of the strong name key is not dependent on a trust relationship or on any certificate necessarily being issued for the key.
Note: |
|---|
Full demands for StrongNameIdentityPermission succeed only if all the assemblies in the stack have the correct evidence to satisfy the demand. Link demands that use the StrongNameIdentityPermissionAttribute attribute succeed only if the immediate caller has the correct evidence. |
In the .NET Framework versions 1.0 and 1.1, demands on the identity permissions are effective even when the calling assembly is fully trusted. That is, even if the calling assembly has full trust, a demand for an identity permission fails if the assembly does not meet the demanded criteria. In the .NET Framework version 2.0 and later, demands for identity permissions are ineffective if the calling assembly has full trust. This ensures consistency for all permissions and eliminates the treatment of identity permissions as a special case.
For a complete description of strong names, see the StrongName reference page. For more information about strong-named assemblies, see Strong-Named Assemblies.
The StrongNameIdentityPermission class is used to define strong-name requirements for accessing the public members of a type. The StrongNameIdentityPermissionAttribute attribute can be used to define strong-name requirements at the assembly level. In the .NET Framework version 2.0 and later versions, you can also use the InternalsVisibleToAttribute attribute to specify that all nonpublic types in that assembly are visible to another assembly. For more information, see Friend Assemblies (C# Programming Guide) or Friend Assemblies (Visual Basic).
The following code example demonstrates the use of the StrongNameIdentityPermission class. The example is in the form of a class library, which applies both the StrongNameIdentityPermissionAttribute attribute and the StrongNameIdentityPermission to demand that the caller be signed with a specific strong name.
' The following commented code should be compiled as a console application to execute the ' class library example. ' 'Imports System 'Imports System.Reflection 'Imports StrongNamedLibVb '<Assembly: AssemblyVersion("1.0.0.0")> '<Assembly: AssemblyKeyFile("snKey.snk")> 'Public Class StrongNameTest ' ' Demonstrate the declarative and imperative forms of the StrongNameIdentityPermission. ' Public Shared Sub Main() ' Try ' Dim signed As New Signed ' signed.GetWindirImperative() ' signed.GetWindirDeclarative() ' Console.WriteLine("Called the signed library successfully.") ' Catch e As Exception ' Console.WriteLine(("Exception thrown in called assembly: " + e.Message)) ' End Try ' End Sub 'Main 'End Class 'StrongNameTest Imports System Imports System.Security.Permissions Imports System.Reflection Imports Microsoft.VisualBasic <assembly: AssemblyVersion("1.0.*")> <Assembly: AssemblyKeyFile("snKey.snk")> ' Demand that the calling assembly has a specific strong name key. ' Use Sn.exe to generate the public key string used for the demand. <StrongNameIdentityPermissionAttribute(SecurityAction.Demand, PublicKey:= _ "0024000004800000940000000602000000240000525341310004000001000100ed92913322617b" + _ "c45aae29aaaddd29c1af270797b200e698da08ceceaa546f911ad09ef0f6dbe4221fa30b8210c7" + _ "6fe004702e540068e526273f35bd009d2026226d00ab72f4223b09e896c0f7af688fab2adb4242" + _ "c2bfda793b5c2a259e0d6cd2bd09cbcc20305bd465c113e36b19854602dc53ce4766f568fc576d" + _ "be3822b4")> _ Public Class Signed ' Read the environment windir variable. Public Sub GetWindirImperative() Try ' Use Sn.exe to generate the byte array for the public key. Dim b1 As Byte() = {0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, _ 36, 0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 237, 146, 145, 51, 34, _ 97, 123, 196, 90, 174, 41, 170, 173, 221, 41, 193, 175, 39, 7, 151, 178, 0, _ 230, 152, 218, 8, 206, 206, 170, 84, 111, 145, 26, 208, 158, 240, 246, 219, _ 228, 34, 31, 163, 11, 130, 16, 199, 111, 224, 4, 112, 46, 84, 0, 104, 229, _ 38, 39, 63, 53, 189, 0, 157, 32, 38, 34, 109, 0, 171, 114, 244, 34, 59, 9, _ 232, 150, 192, 247, 175, 104, 143, 171, 42, 219, 66, 66, 194, 191, 218, 121, _ 59, 92, 42, 37, 158, 13, 108, 210, 189, 9, 203, 204, 32, 48, 91, 212, 101, _ 193, 19, 227, 107, 25, 133, 70, 2, 220, 83, 206, 71, 102, 245, 104, 252, _ 87, 109, 190, 56, 34, 180} ' Specify the version of the calling assembly. Dim v1 As New Version("1.0.0.0") Dim blob As New StrongNamePublicKeyBlob(b1) If (ComparePublicKeys()) Then Console.WriteLine("Calling assembly has same key as this assembly.") Else Console.WriteLine("Calling assembly has different key than this assembly.") End If ' Create different permissions to exercise the set operations. Dim snPerm As New StrongNameIdentityPermission(blob, "StrongNamedExeVb", v1) snPerm.Demand() ' Return the location of the Windows directory that is found in ' the windir environment variable. Console.WriteLine(Environment.GetEnvironmentVariable("windir")) Catch e As Exception Console.WriteLine(("Exception thrown in called assembly: " + e.Message)) End Try End Sub 'GetWindir Public Sub GetWindirDeclarative() Try ' Return the location of the Windows directory that is found in ' the windir environment variable. Console.WriteLine(Environment.GetEnvironmentVariable("windir")) Catch e As Exception Console.WriteLine(("Exception thrown in called assembly: " + e.Message)) End Try End Sub 'GetWindir Public Shared Function ComparePublicKeys() As Boolean Try Dim callingAssembly As [Assembly] ' Create a target object. Dim Integer1 As New Int32 Dim Type1 As Type ' Set the Type instance to the target class type. Type1 = Integer1.GetType() ' Create an instance of the assembly class to house the Integer type. callingAssembly = [Assembly].GetAssembly(Integer1.GetType()) ' Display the name of the calling assembly. Dim entryAssembly As [Assembly] = [Assembly].GetEntryAssembly() Dim mainAssembly As String = entryAssembly.FullName Console.WriteLine(("Calling assembly = " + entryAssembly.FullName)) ' Get the name of the assembly being called (this assembly). Dim thisAssembly As String = [Assembly].GetCallingAssembly().FullName Console.WriteLine(("Called assembly=" + thisAssembly)) Dim tokenIndex1 As Integer = thisAssembly.LastIndexOf("PublicKeyToken") Dim tokenIndex2 As Integer = mainAssembly.LastIndexOf("PublicKeyToken") Dim testString1 As String = thisAssembly.Substring(tokenIndex1, 31) Dim testString2 As String = mainAssembly.Substring(tokenIndex2, 31) Return testString1.Equals(testString2) Catch Console.WriteLine("This is an unexpected exception") Throw End Try End Function 'ComparePublicKeys End Class 'Signed
The following code example demonstrates the behavior of the StrongNameIdentityPermission methods.
The example is intended to show how the methods perform if you execute the methods from your code. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications.
Imports System Imports System.Security Imports System.Security.Permissions Public Class StrongNameIdentityDemo ' Public key Private Shared b1 As Byte() = {0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, 36, 0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 237, 146, 145, 51, 34, 97, 123, 196, 90, 174, 41, 170, 173, 221, 41, 193, 175, 39, 7, 151, 178, 0, 230, 152, 218, 8, 206, 206, 170, 84, 111, 145, 26, 208, 158, 240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199, 111, 224, 4, 112, 46, 84, 0, 104, 229, 38, 39, 63, 53, 189, 0, 157, 32, 38, 34, 109, 0, 171, 114, 244, 34, 59, 9, 232, 150, 192, 247, 175, 104, 143, 171, 42, 219, 66, 66, 194, 191, 218, 121, 59, 92, 42, 37, 158, 13, 108, 210, 189, 9, 203, 204, 32, 48, 91, 212, 101, 193, 19, 227, 107, 25, 133, 70, 2, 220, 83, 206, 71, 102, 245, 104, 252, 87, 109, 190, 56, 34, 180} Private blob As New StrongNamePublicKeyBlob(b1) ' Use this version number. Private v1 As New Version("1.0.0.0") ' IsSubsetOf determines whether the current permission is a subset of the specified permission. Private Function IsSubsetOfDemo() As Boolean Dim returnValue As Boolean = True Dim snIdPerm1, snIdPerm2 As StrongNameIdentityPermission snIdPerm1 = New StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", New Version("1.0.0.0")) snIdPerm2 = New StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.MyFile", New Version("1.0.0.0")) If snIdPerm1.IsSubsetOf(snIdPerm2) Then Console.WriteLine("MyCompany.MyDepartment.* is a subset " + "of MyCompany.MyDepartment.MyFile " + vbLf) Else Console.WriteLine("MyCompany.MyDepartment.*" + " is not a subset of MyCompany.MyDepartment.MyFile " + vbLf) End If Return returnValue End Function 'IsSubsetOfDemo ' Union creates a new permission that is the union of the current permission and the specified permission. Private Function UnionDemo() As Boolean Dim returnValue As Boolean = True Dim snIdPerm1, snIdPerm2 As StrongNameIdentityPermission Dim snIdPerm3 As IPermission snIdPerm1 = New StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", New Version("1.0.0.0")) snIdPerm2 = New StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.MyFile", New Version("1.0.0.0")) snIdPerm3 = CType(snIdPerm1.Union(snIdPerm2), StrongNameIdentityPermission) Try Console.WriteLine("The union of MyCompany.MyDepartment.*" + "and MyCompany.MyDepartment.MyFile is " + CType(snIdPerm3, StrongNameIdentityPermission).Name.ToString()) Catch e As Exception Console.WriteLine("An expected exception was thrown: " + e.Message) End Try Return returnValue End Function 'UnionDemo ' Intersect creates and returns a new permission that is the intersection of the current ' permission and the permission specified. Private Function IntersectDemo() As Boolean Dim returnValue As Boolean = True Dim snIdPerm1, snIdPerm2, snIdPerm3 As StrongNameIdentityPermission snIdPerm1 = New StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", New Version("1.0.0.0")) snIdPerm2 = New StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.MyFile", New Version("1.0.0.0")) Try snIdPerm3 = CType(snIdPerm1.Intersect(snIdPerm2), StrongNameIdentityPermission) Console.WriteLine("The intersection of MyCompany.MyDepartment.*" + "MyCompany.MyDepartment.MyFile is " + CType(snIdPerm3, StrongNameIdentityPermission).Name.ToString()) Catch e As Exception Console.WriteLine("An exception was thrown: " + e.ToString()) returnValue = False End Try Return returnValue End Function 'IntersectDemo 'Copy creates and returns an identical copy of the current permission. Private Function CopyDemo() As Boolean Dim returnValue As Boolean = True Dim snIdPerm1, snIdPerm2 As StrongNameIdentityPermission snIdPerm1 = New StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", New Version("1.0.0.0")) snIdPerm2 = New StrongNameIdentityPermission(PermissionState.None) snIdPerm2 = CType(snIdPerm1.Copy(), StrongNameIdentityPermission) Console.WriteLine("Result of copy = " + snIdPerm2.ToString() + vbLf) Return returnValue End Function 'CopyDemo ' ToXml creates an XML encoding of the permission and its current state; 'FromXml reconstructs a permission with the specified state from the XML encoding. Private Function ToFromXmlDemo() As Boolean Dim returnValue As Boolean = True Dim snIdPerm1, snIdPerm2 As StrongNameIdentityPermission snIdPerm1 = New StrongNameIdentityPermission(blob, "MyCompany.MyDepartment.*", New Version("1.0.0.0")) snIdPerm2 = New StrongNameIdentityPermission(PermissionState.None) snIdPerm2.FromXml(snIdPerm1.ToXml()) Console.WriteLine("Result of ToFromXml = " + snIdPerm2.ToString() + vbLf) Return returnValue End Function 'ToFromXmlDemo ' Invoke all demos. Public Function runDemo() As Boolean Dim ret As Boolean = True Dim retTmp As Boolean ' Call the IsSubsetOf demo. retTmp = IsSubsetOfDemo() If retTmp Then Console.Out.WriteLine("IsSubsetOf demo completed successfully.") Else Console.Out.WriteLine("IsSubsetOf demo failed.") End If ret = retTmp AndAlso ret ' Call the Union demo. retTmp = UnionDemo() If retTmp Then Console.Out.WriteLine("Union demo completed successfully.") Else Console.Out.WriteLine("Union demo failed.") End If ret = retTmp AndAlso ret ' Call the Intersect demo. retTmp = IntersectDemo() If retTmp Then Console.Out.WriteLine("Intersect demo completed successfully.") Else Console.Out.WriteLine("Intersect demo failed.") End If ret = retTmp AndAlso ret ' Call the Copy demo. retTmp = CopyDemo() If retTmp Then Console.Out.WriteLine("Copy demo completed successfully") Else Console.Out.WriteLine("Copy demo failed.") End If ret = retTmp AndAlso ret ' Call the ToFromXml demo. retTmp = ToFromXmlDemo() If retTmp Then Console.Out.WriteLine("ToFromXml demo completed successfully") Else Console.Out.WriteLine("ToFromXml demo failed.") End If ret = retTmp AndAlso ret Console.WriteLine("********************************************************" + ControlChars.Lf) Return ret End Function 'runDemo ' Test harness. Public Overloads Shared Sub Main(ByVal args() As [String]) Try Dim democase As New StrongNameIdentityDemo() Dim ret As Boolean = democase.runDemo() If ret Then Console.Out.WriteLine("StrongNameIdentity demo completed successfully.") Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 100 Else Console.Out.WriteLine("StrongNameIdentity demo failed.") Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 101 End If Catch e As Exception Console.Out.WriteLine("StrongNameIdentity demo failed.") Console.WriteLine(e.ToString()) Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 101 End Try End Sub 'Main End Class 'StrongNameIdentityDemo
System.Security.CodeAccessPermission
System.Security.Permissions.StrongNameIdentityPermission
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Important Note: