What is an assembly?
* An Assembly is a logical unit of code
* Assembly physically exist as DLLs or EXEs
* One assembly can contain one or more files
* The constituent files can include any file types like image files, text files etc. along with DLLs or EXEs
* When you compile your source code by default the exe/dll generated is actually an assembly
* Unless your code is bundled as assembly it can not be used in any other application
* When you talk about version of a component you are actually talking about version of the assembly to which the component belongs.
* Every assembly file contains information about itself. This information is called as Assembly Manifest.
What is assembly manifest?
* Assembly manifest is a data structure which stores information about an assembly
* This information is stored within the assembly file(DLL/EXE) itself
* The information includes version information, list of constituent files etc.
What is private and shared assembly?
The assembly which is used only by a single application is called as private assembly. Suppose you created a DLL which encapsulates your business logic. This DLL will be used by your client application only and not by any other application. In order to run the application properly your DLL must reside in the same folder in which the client application is installed. Thus the assembly is private to your application.
Suppose that you are creating a general purpose DLL which provides functionality which will be used by variety of applications. Now, instead of each client application having its own copy of DLL you can place the DLL in 'global assembly cache'. Such assemblies are called as shared assemblies.
What is Global Assembly Cache?
Global assembly cache is nothing but a special disk folder where all the shared assemblies will be kept. It is located under:\WinNT\Assembly folder.
How assemblies avoid DLL Hell?
As stated earlier most of the assemblies are private. Hence each client application refers assemblies from its own installation folder. So, even though there are multiple versions of same assembly they will not conflict with each other. Consider following example :
* You created assembly Assembly1
* You also created a client application which uses Assembly1 say Client1
* You installed the client in C:\MyApp1 and also placed Assembly1 in this folder
* After some days you changed Assembly1
* You now created another application Client2 which uses this changed Assembly1
* You installed Client2 in C:\MyApp2 and also placed changed Assembly1 in this folder
* Since both the clients are referring to their own versions of Assembly1 everything goes on smoothly
Now consider the case when you develop assembly that is shared one. In this case it is important to know how assemblies are versioned. All assemblies has a version number in the form:
major.minor.build.revision
If you change the original assembly the changed version will be considered compatible with existing one if the major and minor versions of both the assemblies match.
When the client application requests assembly the requested version number is matched against available versions and the version matching major and minor version numbers and having most latest build and revision number are supplied.
How do I create shared assemblies?
Following steps are involved in creating shared assemblies :
* Create your DLL/EXE source code
* Generate unique assembly name using SN utility
* Sign your DLL/EXE with the private key by modifying AssemblyInfo file
* Compile your DLL/EXE
* Place the resultant DLL/EXE in global assembly cache using AL utility
How do I create unique assembly name?
Microsoft now uses a public-private key pair to uniquely identify an assembly. These keys are generated using a utility called SN.exe (SN stands for shared name). The most common syntax of is :
sn -k mykeyfile.key
Where k represents that we want to generate a key and the file name followed is the file in which the keys will be stored.
How do I sign my DLL/EXE?
Before placing the assembly into shared cache you need to sign it using the keys we just generated. You mention the signing information in a special file called AssemblyInfo. Open the file from VS.NET solution explorer and change it to include following lines :
[assembly:AssemblyKeyFile("file_path")]
Now recompile the project and the assembly will be signed for you.
Note : You can also supply the key file information during command line compilation via /a.keyfile switch.
What makes an assembly unique?
filename + assembly version + culture + public key token
Why publicKeytoken is hash code instead of unique identifier as like GUID, URL?
conserve storage
Is it possible to have reference of unsigned assembly in strongly signed assembly?
No, It will give you compile time error.
How signing make an assembly secure?
Signing has followign steps:
1) When we compile the code compiler will create hash code of IL and every other resource in assembly.
2) Then we sign the assembly. In this this step private Key will encode the has code with some algorithm and will create some kind of identifier and place it in assembly itself.
3) During 2nd step public key corresponding to private key is also placed in assembly.
4) Now when CLR tries to load this assembly, it will again create hash code of assembly and will decode the identifier(placed in 2nd step) with public Key, and will see if both hash codes are same.
If hash codes are different then it means assembly is been tempered and CLR won't load it else it will load it.
What is Satellite assembly?
Satellite assembly is region/location specific resource file. When we want to have our code location specific we can have our data in some resource file. This resource file can be deployed in form of assembly which is nothing but satellite assembly.
Is it possible to have satellite assembly in form of exe not dll?
No, Satellite assembly doesn't contain any code in it, it only contains resources. Thus we can't have Satellite EXE.
What is delay signing?
Delay signing is feature provided by .NET. It is used when we don't want to provide private/public key pair to developer. We want to get it signed in the end i.e. after every kind of testing is done.
There are attributes available which you will need to add in your class:
AssemblyKeyFileAttribute - passes the name of the file containing public key info.
AssemblyDelaySignAttribute - indicates delay sign is used in this assembly.
There are few steps by which we give strong name to assembly so that it can be GACed, and skip validation of our assembly. In this step, assembly only have information about public key.It has strong name but it not validated, thus can be GACed and used.
What is difference between signing an assembly and giving it a strong name?
After signing we get assembly which is completely secure i.e. while loading these assembly CLR will check if it is original one or tempered. But signing is only required to GAC the dll. It is possible to have assembly which has strong name but not signed(delay sign).
* An Assembly is a logical unit of code
* Assembly physically exist as DLLs or EXEs
* One assembly can contain one or more files
* The constituent files can include any file types like image files, text files etc. along with DLLs or EXEs
* When you compile your source code by default the exe/dll generated is actually an assembly
* Unless your code is bundled as assembly it can not be used in any other application
* When you talk about version of a component you are actually talking about version of the assembly to which the component belongs.
* Every assembly file contains information about itself. This information is called as Assembly Manifest.
What is assembly manifest?
* Assembly manifest is a data structure which stores information about an assembly
* This information is stored within the assembly file(DLL/EXE) itself
* The information includes version information, list of constituent files etc.
What is private and shared assembly?
The assembly which is used only by a single application is called as private assembly. Suppose you created a DLL which encapsulates your business logic. This DLL will be used by your client application only and not by any other application. In order to run the application properly your DLL must reside in the same folder in which the client application is installed. Thus the assembly is private to your application.
Suppose that you are creating a general purpose DLL which provides functionality which will be used by variety of applications. Now, instead of each client application having its own copy of DLL you can place the DLL in 'global assembly cache'. Such assemblies are called as shared assemblies.
What is Global Assembly Cache?
Global assembly cache is nothing but a special disk folder where all the shared assemblies will be kept. It is located under
How assemblies avoid DLL Hell?
As stated earlier most of the assemblies are private. Hence each client application refers assemblies from its own installation folder. So, even though there are multiple versions of same assembly they will not conflict with each other. Consider following example :
* You created assembly Assembly1
* You also created a client application which uses Assembly1 say Client1
* You installed the client in C:\MyApp1 and also placed Assembly1 in this folder
* After some days you changed Assembly1
* You now created another application Client2 which uses this changed Assembly1
* You installed Client2 in C:\MyApp2 and also placed changed Assembly1 in this folder
* Since both the clients are referring to their own versions of Assembly1 everything goes on smoothly
Now consider the case when you develop assembly that is shared one. In this case it is important to know how assemblies are versioned. All assemblies has a version number in the form:
major.minor.build.revision
If you change the original assembly the changed version will be considered compatible with existing one if the major and minor versions of both the assemblies match.
When the client application requests assembly the requested version number is matched against available versions and the version matching major and minor version numbers and having most latest build and revision number are supplied.
How do I create shared assemblies?
Following steps are involved in creating shared assemblies :
* Create your DLL/EXE source code
* Generate unique assembly name using SN utility
* Sign your DLL/EXE with the private key by modifying AssemblyInfo file
* Compile your DLL/EXE
* Place the resultant DLL/EXE in global assembly cache using AL utility
How do I create unique assembly name?
Microsoft now uses a public-private key pair to uniquely identify an assembly. These keys are generated using a utility called SN.exe (SN stands for shared name). The most common syntax of is :
sn -k mykeyfile.key
Where k represents that we want to generate a key and the file name followed is the file in which the keys will be stored.
How do I sign my DLL/EXE?
Before placing the assembly into shared cache you need to sign it using the keys we just generated. You mention the signing information in a special file called AssemblyInfo. Open the file from VS.NET solution explorer and change it to include following lines :
[assembly:AssemblyKeyFile("file_path")]
Now recompile the project and the assembly will be signed for you.
Note : You can also supply the key file information during command line compilation via /a.keyfile switch.
What makes an assembly unique?
filename + assembly version + culture + public key token
Why publicKeytoken is hash code instead of unique identifier as like GUID, URL?
conserve storage
Is it possible to have reference of unsigned assembly in strongly signed assembly?
No, It will give you compile time error.
How signing make an assembly secure?
Signing has followign steps:
1) When we compile the code compiler will create hash code of IL and every other resource in assembly.
2) Then we sign the assembly. In this this step private Key will encode the has code with some algorithm and will create some kind of identifier and place it in assembly itself.
3) During 2nd step public key corresponding to private key is also placed in assembly.
4) Now when CLR tries to load this assembly, it will again create hash code of assembly and will decode the identifier(placed in 2nd step) with public Key, and will see if both hash codes are same.
If hash codes are different then it means assembly is been tempered and CLR won't load it else it will load it.
What is Satellite assembly?
Satellite assembly is region/location specific resource file. When we want to have our code location specific we can have our data in some resource file. This resource file can be deployed in form of assembly which is nothing but satellite assembly.
Is it possible to have satellite assembly in form of exe not dll?
No, Satellite assembly doesn't contain any code in it, it only contains resources. Thus we can't have Satellite EXE.
What is delay signing?
Delay signing is feature provided by .NET. It is used when we don't want to provide private/public key pair to developer. We want to get it signed in the end i.e. after every kind of testing is done.
There are attributes available which you will need to add in your class:
AssemblyKeyFileAttribute - passes the name of the file containing public key info.
AssemblyDelaySignAttribute - indicates delay sign is used in this assembly.
There are few steps by which we give strong name to assembly so that it can be GACed, and skip validation of our assembly. In this step, assembly only have information about public key.It has strong name but it not validated, thus can be GACed and used.
What is difference between signing an assembly and giving it a strong name?
No comments:
Post a Comment