How to forbid a .NET DLL class library to be referenced

Question

How can I forbid dll class library to be referenced in other solutions?

Possible duplicate: http://stackoverflow.com/questions/96624/how-to-prevent-others-from-using-my-net-assembly — Cody Gray - on strike, Dec 01 '10 at 10:40
Is it a problem to make all the classes internal and make that only available to your specified assemblies? — leppie, Dec 01 '10 at 10:42
Becouse I need to reference my SecreteLibrary.dll in same solution as MyProgram.exe — Simon, Dec 01 '10 at 11:22

score 6 · Accepted Answer · answered Dec 01 '10 at 10:32

6

You could look into adding a StrongNameIdentityPermission to your class library that matches the strong name of the program you do want to be able to use it with.

Alternatively, you could explore using InternalsVisibleToAttribute, although it may require some design changes in your library code. This should work as long as neither assembly is signed, or both are signed with a strong name. The argument specified on the attribute should match the public key and the name of the assembly that you want to be able to access its internal members.

But really, this will only stop someone who isn't trying very hard to use your library. They won't be able to add a reference, but it doesn't prevent someone from bypassing it through Reflection or disassembling your code. There are always ways around almost any security measure that you implement.

answered Dec 01 '10 at 10:32

Cody Gray - on strike

239,200
50
490
574

I read few articles about strong name singing and it seem quite hard for me to understand. Is there some easy tutorial how to do it? Against dissasembling I am using Babel.net. – Simon Dec 01 '10 at 11:24
@Simon: You can sign the assembly in the development environment if you're using VS 2005 or later. Have you seen this how-to: http://msdn.microsoft.com/en-us/library/ms247123.aspx? – Cody Gray - on strike Dec 01 '10 at 11:26
@Cody Gray: OK, I have signed my main assembly like in that article. Now I have build error, other referenced libreries: Error 5 Assembly generation failed -- Referenced assembly 'MyProgram.Library' does not have a strong name MyProgram – Simon Dec 01 '10 at 11:34
@Simon: Yes, now you'll need to sign all of the other assemblies that your program references. It's throwing that error because a signed assembly cannot reference other *unsigned* assemblies. Like I mentioned above, you either have to have *none* of your assemblies signed with a strong name or *all* of them. – Cody Gray - on strike Dec 01 '10 at 11:40
@Cody Gray: Thank you, should I sign them with same key as the main one? – Simon Dec 01 '10 at 11:43
@Simon: It's sort of up to you. You may find the answers to [this question](http://stackoverflow.com/questions/35373) informative. Ultimately I'd suggest that you sign them all with the same key, but make sure that they have different names. – Cody Gray - on strike Dec 01 '10 at 11:45
@Cody Gray: I still getting same build error, even if I have all of my class library signed with the same key as main assembly. Error 2 Assembly generation failed -- Referenced assembly 'MyProgram.Library' does not have a strong name – Simon Dec 01 '10 at 11:55
1

StrongNameIdentityPermission will be ignored in full-trust environment in .Net 3.5 SP1, like running locally on a machine. See http://msdn.microsoft.com/en-us/library/cc713694.aspx – Lars Truijens Jun 05 '11 at 18:40
@Lars: That's a good point. Strong name verification was one of the things that was eliminated in an attempt to make the loader faster. I thought it was .NET 4.0 that eliminated that extra step; good to know it was as far back as .NET 3.5 SP1. – Cody Gray - on strike Jun 06 '11 at 08:34

score 5 · Answer 2 · answered Dec 01 '10 at 10:31

5

You can use something called as StrongNameIdentityPermission to prevent others from referencing your library.

answered Dec 01 '10 at 10:31

Sachin Shanbhag

54,530
11
89
103

I wonder why the english version of that page is missing the very useful samples from the german version: http://msdn.microsoft.com/de-de/library/system.security.permissions.strongnameidentitypermission.aspx – VVS Dec 01 '10 at 10:35
Switch to .net 3.5 in en version. – Simon Dec 01 '10 at 11:18
1

Will be ignored in full-trust environment in .Net 3.5 SP1, like running locally on a machine. See http://msdn.microsoft.com/en-us/library/cc713694.aspx – Lars Truijens Jun 05 '11 at 18:39

score -1 · Answer 3 · answered Dec 01 '10 at 10:33

-1

You can embed you DLL into your EXE via setting the "Build Action"-Property to "Embedded ressource". Your DLL is not shipped as a single file and no one can use it.

answered Dec 01 '10 at 10:33

EvilMM

901
4
9

Of course, this requires you to unpack the DLL file on application startup, which not only presents a bunch of potential permissions issues (and things like Windows Data Execution Prevention), but also means anyone could make a copy of the DLL file during runtime and do with it as they like. – Cody Gray - on strike Dec 01 '10 at 10:45

k3b · Answer 4 · 2010-12-01T11:21:33.930

-1

You can make some dll class methods to fail if it is not used by your own main program.

 Assembly main = System.Reflection.Assembly.GetExecutingAssembly();

 if (main.FullName != .....)
     throw new NotSupportedException();

or

 if (IsSignedWith(main, myCompanysX509Certificate))
     throw new NotSupportedException();

edited Dec 01 '10 at 11:21

answered Dec 01 '10 at 10:34

k3b

14,517
7
53
85

Where can I get method IsSIgnedWith? and what about that parameters main and myCompanysX509Certificate, what does it mean? Thank you – Simon Dec 01 '10 at 12:20
IsSignedWith is an example that you can ask some properties of the main exe file. maybe you can ask if the main.exe is signed with a cerificate – k3b Dec 02 '10 at 08:28

How to forbid a .NET DLL class library to be referenced

4 Answers4

Linked