G.Mich
G.Mich

Reputation: 1666

Add a new assembly with the same name

I found this question to an c# exam

You have two assemblies named Assembly1 and Assembly2 that are written in C#. Assembly1 loads Assembly2 by executing the following code.

Assembly myDLL = Assembly.Load(
         "Assembly2,Version=1.0.2.4,Culture=neutral,PublicKeyToken=..."
);

You create a new project in Microsoft Visual Studio to build a new assembly that will replace Assembly2.

The new assembly has the same name and version as the original Assembly2 assembly.

When you execute the code, Assembly1 cannot load Assembly2.

What should you do to ensure that Assembly1 can load Assembly2?

A. Run the sn.exe command to create a new key file. Run the al.exe command to sign Assembly2 by using the generated key file.

B. Use the sn.exe command to create a new key file. Set the assembly:AssemblyKeyFileAttribute attribute to the new key file.

C. Modify the project properties. Click Sign the assembly and select a new key file.

D. Run the al.exe command to sign Assembly2. Use the same key file used for the original Assembly2 assembly.

I believe the correct answer is A or B , I can not figure out what answer is right.

Upvotes: 1

Views: 914

Answers (1)

Thomas Weller
Thomas Weller

Reputation: 59208

None of the answers allows Assembly1 to be changed, so Assembly2 must have the same identity as before. The same identity is only achieved by having the same name, same version and same public key.

The same public key can (hopefully) only be achieved by using the same private key. Hash collisions might work as well, but that's by accident and cannot be done by sn.exe on purpose.

So, the correct answer is D:

Run the al.exe command to sign Assembly2. Use the same key file used for the original Assembly2 assembly.

Maybe the exam book 70-483 is not much different from its old .NET 2 version. I found that book quite bad regarding correctness. I submitted a dozen of errata at that time.

Basically it's a bad idea to create a new assembly and give it the same name, same version and same key, as stated in MSDN

Assemblies that have the same strong name should be identical.

So, there's no real world use case behind it - except hacking. I think the book wants you to learn that you cannot hack a strong named assembly without having the key.

Unfortunately, that's not true, because

a) MSDN says:

Do not rely on strong names for security. They provide a unique identity only.

Use code signing (Authenticode) for that.

b) there are tools to remove the strong names and usually it works well if you remove the strong names of all DLLs and EXEs.

Upvotes: 4

Related Questions