如何只将已签名的程序集加载到新的AppDomain?

时间:2023-01-11 02:53:54

I'm doing a addin system where the main app loads assemblies Addin1.dll and Addin2.dll on runtime in new AppDomain's.

我正在做一个插件系统,其中主应用程序在新的AppDomain中运行时加载程序集Addin1.dll和Addin2.dll。

However, in case that Addin1.dll is signed (strong name) with my key and Addin2.dll is not, I want to be able to only load Addin1.dll and reject Addin2.dll.

但是,如果Addin1.dll使用我的密钥签名(强名称)而Addin2.dll不是,我希望只能加载Addin1.dll并拒绝Addin2.dll。

I'm suspecting that it needs to be done by setting some parameters in AppDomainSetup?

我怀疑它需要通过在AppDomainSetup中设置一些参数来完成吗?

3 个解决方案

#1


2  

Look into the Assembly.Load method that takes an Evidence parameter. You can find an example of how to create an evidence from your public key here.

查看带有Evidence参数的Assembly.Load方法。您可以在此处找到如何从公钥创建证据的示例。

#2


0  

You can implment a DomainManager and base your load/block decision's on whatever you like. I answered a somewhat related question here.

你可以实现一个DomainManager,并根据你喜欢的方式决定你的加载/阻止决策。我在这里回答了一个有点相关的问题

#3


0  

You can use Load method of AppDomain class to load new assembly into Appdomain, provided the assembly's publisher policy is satisfied by the client or end user environment.

如果客户端或最终用户环境满足程序集的发布者策略,则可以使用AppDomain类的Load方法将新程序集加载到Appdomain中。

Also the strong named assembly follows all the rules laid down by publisher of the assembly and the CLR. So the user of the assembly needs to satisfy the security aspect of the assembly being loaded into the appdomain.

强名称程序集也遵循程序集发布者和CLR规定的所有规则。因此,程序集的用户需要满足加载到appdomain中的程序集的安全性方面。

The CLR loads the referenced global assembly from the GAC using the strong name properties. If the referenced assembly is available in the GAC, CLR will return its containing subdirectory and the file holding the manifest is loaded. Finding the assembly this way assures the caller that the assembly loaded at runtime came from the same publisher that built the assembly the code was compiled against. Now comparison of public key token in the referencing assembly’s assemblyRef table and public key token in the referenced assembly’s AssemblyDef table. If the referenced assembly isn’t in the GAC, the CLR looks in the application’s base directory and then in the private paths identified in the application’s configuration file; if the application containing the assembly is installed using the MSI, then CLR invokes MSI to load the required assembly. IF the assembly is not found in any of these location, an exception is thrown and finally the binding of assembly fails.

CLR使用强名称属性从GAC加载引用的全局程序集。如果引用的程序集在GAC中可用,则CLR将返回其包含的子目录,并且加载包含清单的文件。以这种方式查找程序集可以确保调用者在运行时加载的程序集来自构建编译代码的程序集的同一发布者。现在比较引用程序集的assemblyRef表中的公钥令牌和引用程序集的AssemblyDef表中的公钥令牌。如果引用的程序集不在GAC中,则CLR将查找应用程序的基本目录,然后查找应用程序配置文件中标识的专用路径;如果使用MSI安装包含程序集的应用程序,则CLR将调用MSI以加载所需的程序集。如果在任何这些位置找不到程序集,则抛出异常,最后程序集的绑定失败。

#1


2  

Look into the Assembly.Load method that takes an Evidence parameter. You can find an example of how to create an evidence from your public key here.

查看带有Evidence参数的Assembly.Load方法。您可以在此处找到如何从公钥创建证据的示例。

#2


0  

You can implment a DomainManager and base your load/block decision's on whatever you like. I answered a somewhat related question here.

你可以实现一个DomainManager,并根据你喜欢的方式决定你的加载/阻止决策。我在这里回答了一个有点相关的问题

#3


0  

You can use Load method of AppDomain class to load new assembly into Appdomain, provided the assembly's publisher policy is satisfied by the client or end user environment.

如果客户端或最终用户环境满足程序集的发布者策略,则可以使用AppDomain类的Load方法将新程序集加载到Appdomain中。

Also the strong named assembly follows all the rules laid down by publisher of the assembly and the CLR. So the user of the assembly needs to satisfy the security aspect of the assembly being loaded into the appdomain.

强名称程序集也遵循程序集发布者和CLR规定的所有规则。因此,程序集的用户需要满足加载到appdomain中的程序集的安全性方面。

The CLR loads the referenced global assembly from the GAC using the strong name properties. If the referenced assembly is available in the GAC, CLR will return its containing subdirectory and the file holding the manifest is loaded. Finding the assembly this way assures the caller that the assembly loaded at runtime came from the same publisher that built the assembly the code was compiled against. Now comparison of public key token in the referencing assembly’s assemblyRef table and public key token in the referenced assembly’s AssemblyDef table. If the referenced assembly isn’t in the GAC, the CLR looks in the application’s base directory and then in the private paths identified in the application’s configuration file; if the application containing the assembly is installed using the MSI, then CLR invokes MSI to load the required assembly. IF the assembly is not found in any of these location, an exception is thrown and finally the binding of assembly fails.

CLR使用强名称属性从GAC加载引用的全局程序集。如果引用的程序集在GAC中可用,则CLR将返回其包含的子目录,并且加载包含清单的文件。以这种方式查找程序集可以确保调用者在运行时加载的程序集来自构建编译代码的程序集的同一发布者。现在比较引用程序集的assemblyRef表中的公钥令牌和引用程序集的AssemblyDef表中的公钥令牌。如果引用的程序集不在GAC中,则CLR将查找应用程序的基本目录,然后查找应用程序配置文件中标识的专用路径;如果使用MSI安装包含程序集的应用程序,则CLR将调用MSI以加载所需的程序集。如果在任何这些位置找不到程序集,则抛出异常,最后程序集的绑定失败。