Breaking strong name in .net library assemblies.

Recently I was digging in Strong naming and signing in .net. I have found an interesting article on code project Building Security Awareness in .NET Assemblies which describe how the strong name can be easily removed and beaked from an executing assembly. I would like to present the approach that can be used with library assemblies in .net. What is a strong name (also called st…

By Mirek on (tags: Assembly signing, .net, Strong name, categories: code, security)

WCF Data Services performance

The main benefit of using WCF Data Services (formerly ADO.NET Data Services, codename "Astoria) is that this is interoperable, which means it can be accessed from clients created in different technologies. Moreover standard WCF services offers the only exposed set of methods. Data Services, as implementation of OData protocol, offers the Resource to be queried and altered …

By Mirek on (tags: Data Services, OData, WCF, categories: architecture, code)

Software licensing

In this post I would like to briefly describe the topic of software licensing and present few solutions I found on the internet. Licensing topic is highly connected with application security and piracyproof so to speak. We generally provide licensing mechanism when we want to assure that nobody who did not paid for the application can not access this application. We want to protect our intellectual property and give the access to the application only those people who paid us for that.

How this all looks in practice ?

By Mirek on (tags: activation, copyright protection, licensing, product key, serial key, categories: licensing, security)

Taming TFS - Digitally signing assemblies

Signing is a bit more tricky than strong naming. I didn’t want to use delay signing, because that requires additional configuration on development stations, so just like with strong naming – plain old simple build on the development machine and the fancy stuff on the build server.

By eidias on (tags: tfs, categories: infrastructure)

Registering a certificate in the certificate store

This is another bit that will be helpful with our next tfs build script modification.

To use a certificate for either strong naming or signing code, you need to place it in the certificate store of the user asking for it (e.g. if you’re executing an automated build, the user in whose context the build is executed)

By eidias on (tags: certificate, categories: infrastructure)

Creating a certificate signing request (csr) on windows

This bit will be useful for the next tfs build script modifications that I will describe in a later post.

Apparently there are a couple of ways to create a csr - openssl, online services, dedicated tools

But there are also ways to create a csr without installing any software. There's the easy way (for those who have IIS installed) and the bit more complicated way (for those who like command line tools – that would be me)

By eidias on (tags: certificate, categories: infrastructure)