When everyone is doing project development, they are generally layered, such as the UI layer, the business layer, and the data access layer. The business layer refers to the DLL of the data access layer (for example) and uses the method in use. When the project is completed and used by the customer, some BT customers can also ask someone who knows a little about NET to refer to yours and call the methods in it to destroy it. For example, you can directly use the ChangePwd(string UserName, string Pwd) method inside to change the password of other users, and at this time you...
OK, it's time to start talking about how to protect our code:
First we need to make our assembly into a strongly named assembly.
Here we enter sn -k c:\ in the .NET command prompt to create a new random key pair and store it in c:\
Then create a new class library ClassLibrary1, which has only a class file, the code is as follows:
using System;
namespace ClassLibrary1
{
public class Class1
{
public Class1()
{
//
// TODO: Add constructor logic here
//
}
public string Insert()
{
return "ok";
}
}
}
Code:
//...................................................................................................................................
[assembly: AssemblyKeyFile("c:\\")] // Connect to the file generated with the strong naming tool above.
Then create a WindowApplication to call our ClassLibrary1, code:
private void button1_Click(object sender, e)
{
(new ClassLibrary1.Class1().Insert());
}
Don't modify WindowApplication.
It can be run directly here, but everyone can see that this way can successfully call the method in Class1.
Now let's modify the code:
using System;
using ;
namespace ClassLibrary1
{
[StrongNameIdentityPermissionAttribute(, PublicKey =
"00240000048000009400000006020000002400005253413100040000010001000551684edd1600"+
"8ccbdd337b1cf1490490d97fe0048c5f3629cc4f5104578499eace9b2a94115022edd620def472"+
"8b4f088291cfa77a40659afba611fdafbb7894b93a64049d439936bd0cd8dc0704625aeb735892"+
"e9eb3f910a49a2925af10515d935654d7adac5567ff6d780d23d587de0ff4d271da7b30680fa88"+
"a47a4ba4")]
public class Class1
{
public Class1()
{
//
// TODO: Add constructor logic here
//
}
public string Insert()
{
return "ok";
}
}
}
Then, after compiling, run windowapplication and call the method in class1, an error will occur.
The StrongNameIdentityPermissionAttribute here is a class in CAS (Code Access Security) provided by NET. For details, please refer to MSDN. It requires the direct caller to have been granted the specified permissions. Here, the window application must grant permissions. If you use the required requirement that all advanced callers in the call stack have been granted the permissions specified by the current permission object. Their difference is: if windowapplication has been authorized to access, and there is also a windowapplication2 (unauthorized to access) to call class1 by calling button1_Click method in windowapplication, it can be successfully called if used at this time, but it cannot be called with windowapplication2. Windowsapplication can be called in both cases.
Speaking of this, everyone must ask PublicKey = how to get the following string of such a long one. The string after PublicKey is the public key saved in the c:\ file you started to generate. Then how can I see this public key? It is still used.
Enter sn -p c:\ c:\ (Extract the public key from and store it in )
Enter sn -tp c:\ (display public key information)
You can see the string behind PublicKey in the above command. What else do you want? Copy that string.
Finally, everyone must be concerned about how to call class1 in windowapplication at this time. In fact, it is simple. Just modify the windowapplication to:
[assembly: AssemblyKeyFile("c:\\")]
Everything is OK here. Everyone sees that the most important thing is the file, so you must protect your own files.