Identity Permission

The identity permission represents characteristics that identify code, such as the location from which it was loaded or the digital signature that was used to sign the assembly. This information is called evidence and is provided by the loader or a trusted host (such as IE or ASP.NET). The CLR uses the evidence to grant identity permissions to the code when it is loaded. The identity permission classes are listed in Table 7.2; they all derive from CodeAccessPermission.

Table 7.2: IktyHta

Permission Class

Permission Represented

CodeAccessPermission

The base class for all the identity permission

classes.

PublisherldentityPermission

The software publisher's digital signature.

Table 7.2: lililtiiiiilt«

Permission Class

Permission Represented

SiteIdentityPermission

The site where the code originated.

StrongNameIdentityPermission

The strong name of the assembly.

URLIdentityPermission

The full URL where the code originated.

ZoneIdentityPermission

The security zone where the code originated.

Assemblies can be identified by their text name, version number, and culture information, but sometimes this is not adequate. Strong names provide a way to ensure that assemblies can be uniquely identified.

A strong name consists of the text name, version number, and culture information plus a public key and a digital signature. The strong name is generated from the assembly using a private key, and assemblies with the same strong name are expected to be identical. Using an encryption key to produce a strong name has several advantages:

■ Names are unique because they use unique private keys for generation. It is therefore possible to determine who has created a particular assembly.

■ No one can produce a new version of your assembly and pass it off as genuine because it will not have been signed with your private key.

■ No one can tamper with the contents of an assembly because the signing process involves generating a check-sum for the assembly that will be checked at runtime.

0 0

Post a comment