It is the building block of an application which provides all required execution information to “CLR”.
Functions of an Assembly:
à It contains IL that gets executed by CLR
à It forms the security boundaries
à It allows the side – by –side execution of multiple version of same assembly.
Features of assemblies
· Assemblies are self-describing.
· Version dependencies are recorded inside an assembly manifest.
· Assemblies can be loaded side-by-side.
· Application isolation is endured using application domains.
· Installation can be as easy as copying the files that belong to an assembly.
Assemblies can be private or shared.
It contains the information about the assembly like identity of an assembly, Scope of the assembly and also contains the security permissions.
It contains the data about the object that is Name of an object, the bases, interfaces implemented in that object and also the types and members of an object.
3. IL code
Compiled version of an application Program code
Resources used by that Assembly.
Namespace and Assembly
Assembly is physical grouping of logical units but Namespace logically groups classes. Namespace can span in multiple assemblies.
Types of an Assembly
There are two types
1. Private Assembly
This is used by a single application and this assembly is stored in that application installation folder.
2. Shared Assembly
This is used by multiple applications and this is stored in Global Assembly Catch (GAC). We have to give cryptographically Strong Name for these shared assemblies.
A strong name is a .NET assembly name combined with its version number and other information to uniquely identify the assembly. This allows multiple versions of the same assembly to peacefully co-exist in the global assembly cache, where shared assemblies are typically stored.
Three main goals for having strong name
1. Name Uniqueness:
Name of shared assemblies should be unique globally.
2. Prevent Name Spoofing:
Developer doesn’t want some one releasing the version of their assemblies. We can avoid this problem by using strong name.
3. Provide identity on Reference:
While resolving reference to an assembly, strong name guarantees that the loaded assembly came from the expected publisher.
Use of strong names
Strong names are required to store shared assemblies in the global assembly cache (GAC). This is because the GAC allows multiple versions of the same assembly to reside on your system simultaneously, so that each application can find and use its own version of your assembly. This helps avoid DLL Hell, where applications that may be compiled to different versions of your assembly could potentially break because they are all forced to use the same version of your assembly.
Another reason to use strong names is to make it difficult for hackers to spoof your assembly, in other words, replace or inject your assembly with a virus or malicious code.
Strong name key file
A strong name key file has a .snk extension and contains a unique public-private key pair. You use the strong name key file to digitally sign your assembly (see below). Note that this type of file is not secure, as the private key in a .snk file can be easily compromised.
For added protection, Visual Studio can encrypt a strong name key file, which produces a file with the .pfx (Personal Information exchange) extension. The .pfx file is more secure because whenever someone attempts to use the encrypted key, she will be prompted for the password.
Steps for Giving strong name to DLL
- Open .net command prompt.
- Go to the folder containing DLL.
- Type sn -k test.snk, you can use any file name instead of test. This will create test.snk file in that folder.
- Open the assemblyinfo.cs file of project.
- Type file path in this tag [assembly:AssemblyKeyFile@”E:\hemant\practice\HP\bin\Debug\HP.snk”)]
- Build application, finally your strong name created for your DLL.
Signing an Assembly
The first thing that you need to do is create a public/private key pair that will be used to encrypt the assembly.
To create a key/pair you can use the strong name utility:
sn –k <file name
This will create the file containing the keys defaulting to RSA encryption. You should keep this file save as you will need it for signing future assemblies if you wish to keep them authenticated.
Now, there are a few different methods for strongly naming an assembly, either from within Visual Studio or through the command line.
If you wish to give developers access to the private key you can simply add in an attribute to the project. This code should go within the AssemblyInfo.cs file.
If you do not wish to give your developers access to your private key you can delay sign the assembly.
Then the assembly must have verification turned off otherwise the assembly will not load on the developer’s machine:
c:\> sn -Vr myassembly.dll
Finally, when the code is ready to be released you can fully sign the assembly using the sn.exe tool.
c:\> sn -R myassembly.dll mykey.snk
Signing and Delay Signing
Delayed signing refers to a technique of partially signing assemblies while they are in development. Signing an assembly basically certifies that assembly by the manufacturer and prevents tampering and hi-jacking of that assembly. The signing is accomplished by using public key/private key encoding of parts of the assembly. The public key is embedded in the assembly and will be used by third-parties who want to reference the assembly. There are many more benefits to signing an assembly, but the main purpose of delayed signing is to allow a company to protect and control its private key and only use it during the packaging process. A delayed signed assembly can still be used like a signed assembly; you just can’t package and ship it.
Global Assembly Catch (GAC)
Shared assemblies must have globally unique names derived from their strong names (public keys generated to distinguish assemblies from other assemblies that may have the same names) which are Microsoft’s solution to DLL hell.
The GAC, not the registry, is the store for this information. When an application loads the GAC is examined by the Common Language Runtime to determine if the version of a shared component exists that is compatible with the one referenced by the application.
The gacutil.exe that ships with .NET can be used to add or remove a shared assembly from the GAC.
à To add a shared assembly, from the command line enter:
gacutil.exe /i myassembly.dll
à To remove a shared assembly, from the command line enter:
gacutil.exe /u myassembly.dll
When viewing the GAC in Windows Explorer shfusion.dll is used to provide the user interface. You can locate and rename this DLL to view the GAC like any other folder.