Why is it possible to load types in an unsigned assembly from a signed assembly using reflection?

About

Asked 2/12, 2010 at 13:1 Answered 22/3, 2011 at 6:18

Solved .net reflection assemblies strongname

I have two assemblies A and B. A is strong named and B is not.

According to MSDN I cannot reference B from A because a strong named assembly can only reference another strong named assembly.

But then why is it possible to load assembly B, instantiate its class and call their methods from assembly A using reflection?

// Inside assembly A
Assembly b = Assembly.LoadFrom("B");
obj myObj = b.CreateInstance("MyClass");

Doesn't this defeat the very purpose of not allowing to reference unsigned assemblies in a signed one?

Hutner answered 2/12, 2010 at 13:1 Comment(0)

Well, you have to understand that strong-named assemblies are designed to circumvent "DLL Hell" and allow "side-by-side versioning". AFAIK it is not designed for security.

Therefore, you're allowed to use reflection in a strong-named assembly to call methods and instantiate classes in unsigned assemblies. The framework assumes you know what you're doing because you're explicitly loading a file -- and you therefore should know which file you really want. In other words, you are telling the framework: "For this assembly, I want to manage my own versioning."

Mashhad answered 22/3, 2011 at 6:18 Comment(1)

There definitely is a security component to a Strong-named assembly see What's the Difference, Part Five: certificate signing vs strong naming. Basically it allows you to confirm the identity of an assembly. Without that malware could easily replace a trusted assembly. Also the OP must use a fully trusted assembly not just a strongly named one to create instances using reflection. – Ariella 7/8, 2012 at 17:54

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags