Index
- Introduction
- What is an assembly
- Signing
- GAC
- Versioning
- WinMD
- References
Introduction
This post is part of a series of post to help you prepare the MCSD certification, particularly the certification exam 70-483, based on the book:
You will find all the code available in the following GitHub repository. Lets talk a little bit about threads and how they work using a .Net development environment.
What is an assembly
An assembly (.dll / .exe) is used to deploy/distribute your apps to other parties. In the past, shipping dlls produced the following problems:
- dll distributed a new version without fully testing: "DLL hell".
- the installation proces left traces everywhere: directories, regitry
- security: third components performed a security issue
Assemblies are:
- self contained (not need to write to the registry or other location).
- language-neutral (VB, c#,...)
- versoined
- easy deployable (by copying)
Signing
Types of assemblies:
- strong-named: these are signed with a public/private key pair. Benefits:
- Uniqueness
- Versioning lineage: you have the private key and you are the only one who can distribute updates so your third parties are safe.
- Strong integrity check
- Security: these types can only reference other strong named assemblies
- Remember: All of this only proves that the person who signed the assembly has access to the private key. To allow users to verify you as publisher you need to use Authenticode: technology that uses digital certificates to identify the publisher of an application.
- regular
How to view the public key in a signed assembly:
- cd C:\Program Files\Microsoft SDKs\Windows\v7.1\Binsn -Tp
- "C:\Windows\Microsoft.Net\Framework\v4.0.30319\System.Data.dll"
Output:
Microsoft (R) .NET Framework Strong Name Utility Version 3.5.30729.1
Copyright (c) Microsoft Corporation. All rights reserved.
Public key is
00000000000000000400000000000000
Public key token is b77a5c561934e089
Within an organization you need to secure your private key. If any employee have access to it someone might steal it. To avoid this use Delayed or Partial signing. This procedure uses the public key to sign an assembly and you delay using the private key until the project is ready for deployment. You will need to annotate the source code for the assembly with two custom attributes from System.Reflection:
- AssemblyKeyFileAttribute: file containing the public key.
- AssemblyDelaySignAttribute: enables delay signing.
GAC
Global assembly cache (GAC) helps you to share assemblies by multiple apps enhancing security. Deployment can be done in two ways:
- In production using Windows Installer 2.0
- In development with Gacutil.exe
Versioning
Each assembly has a version number using this pattern: {Major version}.{Minor Version}.{Build Number}.{Revision}:
- Major: breaking changes
- Minor: small changes in existing features
- Build number: auto incremented
- Revision: patches
All this is saved in the AssemblyInfo.cs with a pair of numbers:
- AssemblyVersion: incremented manually when you deploy to production.
- AssemblyFileVersion: incremented with every build by your build server.
After a deployment you end up with multiple versions of your assemblies within the GAC (side-by-side hosting). To match the right assembly you can use:
- Application configuration files: you can define extra location to find your assemblies. If the location are out of the scope of your app, the assemblies would need to be strongly named.
- Publisher policies: that are deployed to the GAC so the CLR knows what to bind.
- Machine configuration
WinMD
With Win8, a new WinRT (runtime) was introduced written in C++, without managed environment, no CLR, no JIT compiler. There was no metadata which is necessary to create mapping between native components and other languages. To make this work Microsoft came up with a new file type called Windows Metadata (WinMD). These files (called Windows Runtime component in VS or .winmd) help you to create pieces of code that can be called from different languages such as Javascript or C#. You only need to follow these restrictions:- Fields, parameters and return values of all the public types and members must be Windows Runtime types
- A public class or interface cannot do
- be generic
- implement an interface that is not a Windows Runtime interface
- Derive from types that are not inside the Windows Runtime
- Public classes must be sealed
- Public structures can have only public fields which must be value types or strings
- All public types must have a root namespace that matches the assembly name and does not start with Windows.
0 comments:
Post a Comment