DeployLX Software Protection System

Trusting an Assembly

When an assembly has been protected with Code Encryption or uses Whole Project Bundling and Encryption the assembly needs to be granted Full Trust on the client machine.

There are two ways to grant Full Trust to a single assembly

Add the Assembly to the GAC

The easiest way to trust an assembly is to install it into the Global Assembly Cache.

To add an assmbly to the GAC

  1. Copy the assembly to the desired machine.
  2. Run gacutil specifying the assembly name.

Examples

The following command install and uninstall a protected assembly into the Global Assembly Cache for a website named "Customer001".

gacutil /if /r DeployLX.Licensing.v3.dll OPAQUE "Customer001" "Installed on behalf of Customer001 on Feb 02, 07"

gacutil /u /r DeployLX.Licensing.v3.dll OPAQUE "Customer001" "Installed on behalf of Customer001 on Feb 02, 07"

Configure Full Trust for Signed Assemblies deployed to IIS

Some providers may not be comfortable installing assemblies in the GAC since they can introduce management problems. Each time the assembly is updated the GAC must be updated and all sites on the machine share the same assembly. Instead of installing assemblies in the GAC the host can explicitly grant trust to assemblies singed with your strong name keys.

To grant Full Trust to Signed Assemblies

  1. Obtain the complete public key (not the token) from your assembly.
    sn -Tp <path to assembly>
  2. Modify the custom_mediumtrust.config policy file to use your public key.
    <!-- BEGIN XHEO CUSTOMIZATION -->
    <CodeGroup class="UnionCodeGroup" 
               version="1" 
               PermissionSetName="FullTrust">
        <IMembershipCondition 
                version="1" 
                class="StrongNameMembershipCondition"
                PublicKeyBlob="..."
                /> 
    </CodeGroup>
    <!-- END XHEO CUSTOMIZATION -->
  3. Install your custom config file on the host machine in the %FrameworkDir%\v2.0.50727\CONFIG folder.
  4. Modify the system Web.config file in %FrameworkDir%\v2.0.50727\CONFIG folder to create a new trust level by adding the following to the <securityPolicy> node.
    <trustLevel name="XHEO_Medium" 
                policyFile="custom_mediumtrust.config" />
  5. Configure your application's .config to use the new trust settings.
    <location path="Name of website in IIS">
        <system.web>
            <trust level="XHEO_Medium" originUrl="" />
        </system.web>
    </location>

See Also