Is there a preferred way to identify core .net framework assemblies ? i.e. asm which are part of the framework ?
This is for a an application auto updater which
1) takes in an assembly using ASP.NET upload
2) checks it's assembly references
3) ensures they're available for deployment too
4) they're pulled as needed based on auth/authorization etc. etc
Part #3 is where it'd be good to check if they're part of the core framework
Assemblies have attributes that you can examine with reflection:
object[] attribs = assembly.GetCustomAttributes();
You could take a look at the objects returned by that call in the debugger, and see if any are common across the assemblies you want to categorise.
Edit: And - what a surprise! - Jon Skeet has already posted an answer to a similar-but-not-identical question using this technique. Should work for you as well.
You can check the property Assembly.GlobalAssemblyCache to see if it's in the GAC, but I think that's the closest you can get without parsing Microsoft's name from the assembly company.
Here is a list based on the ECMA standard:
http://en.wikipedia.org/wiki/Base_Class_Library
Related
I am using Apache ignite version 2.7.5. and using .net core as server and thin client.
Cache configuration with key as string and value as Model class for example Employee.And this model class having properties including dictionary data type fields.
I am performing get and put record into cache from application which having target platform is .net framework.
In my .net core(v2.2.103) client Load() method returning result but in caller application getting the following exception.
{"No matching type found for object [typeId=596790889,
typeName=System.Collections.Generic.NonRandomizedStringEqualityComparer].
This usually indicates that assembly with specified type is not loaded
on a node. When using Apache.Ignite.exe, make sure to load assemblies
with -assembly parameter. Alternatively, set
IgniteConfiguration.PeerAssemblyLoadingEnabled to true."}
Any one can you give suggestion,how to solve this exception.
I think you have mismatch of .Net versions - one uses NonRandomizedStringEqualityComparer as comparer for its dictionaries, which other one does not have this type.
Please see this related .Net core bug: https://github.com/dotnet/corefx/issues/26033
It is possible that Ignite handles such dictionaries incorrectly on its own, but I'm not sure what are steps to reproduce. Right now the recommendation is to make sure you're using exactly the same verison of .Net runtime everywhere.
Is there a way of applying a default resolution to all ambigious references to a class name in a project?
To set a bit of background, I'm working on a very large project with thousands of files which was built with .NET framework 3.5. The previous coder developed a Tuple type and put it in the Utilities namespace.
However, now we want to change it to use .NET framework 4, which has System.Tuple so I have thousands of errors stating that Tuple is ambigious reference (Utilities.Tuple and System.Tuple)
Rather than having to go through the codebase and change thousands of references to this class, is there a way of saying once for the project: "Whenever Tuple is used, use Utilities.Tuple" ?
I don't think there is a solution wide fix for this, but I can see three options for refactoring:
Refactor all code to use System.Tuple and deprecate Utilities.Tuple
add using Tuple = Utilities.Tuple; in each files using statements
Solution wide search/replace Tuple with Utilites.Tuple
I would like to determine whether or not a file has any dependencies to the .net framework. The catch: I want to do this without the use of any third party application.
I was hoping there was some hidden method in existence that I could use for this.
Thanks for any help,
Evan
Something along these lines:
Assembly a = Assembly.LoadFrom(
pathToAssembly);
AssemblyName [] an =
a.GetReferencedAssemblies();
foreach (AssemblyName name in an)
Console.WriteLine(name.ToString());
... Courtesy of Determining .NET Assembly and Method References
A .NET executable has special fields in its header that you can look for, but even native EXEs can implicitly rely on .NET, say by invoking a COM service that's written in .NET.
By nature, a C# application will most likely link against the standard C# libraries. If you are talking about another library, outside of the standard libraries, I don't know if that is possible. What exactly do you mean by 'third party' in this situation?
I'm new C# and am trying to understand the new security features of .NET-4.
To fill in some details, I'm currently trying to update AutofacContrib.Moq to work with the latest Moq. I had no problems doing this for .NET-3.5 and under. But in .NET-4 the security restrictions result in numerous security exceptions.
Moq has a a single method, GetObjectData, that's marked with the SecurityCritical attribute. AutofacContrib.Moq has the AllowPartiallyTrustedCallers attribute set which is the source of the exceptions. It seems that rather than adding the SecurityRules attribute with a SecurityLevel of 1, I'd be better off removing AllowPartiallyTrustedCallers attribute. I believe this makes the assembly SecurityTransparent by default, which may not be sufficient (though the AutofacContrib.Moq unit tests pass).
My main question at the moment is whether assemblies targeting .NET-4 should ever use the AllowPartiallyTrustedCallers attribute? But, given that I definitely don't understand everything yet, what details should be considered when working with assemblies that are security marked? Do I need to explicitly mark my assembly with security attributes in those places it uses, directly or indirectly, something that's marked SecurityCritical?
You are correct: in .NET 4, leaving the APTCA on there makes the assembly SecurityTransparent, and that may be what's causing you grief.
The MSDN article Migrating an APTCA Assembly to the .NET Framework 4 has a good discussion and explanation of the changes to the AllowPartiallyTrustedCallersAttribute in .NET 4.
Specifically:
The AllowPartiallyTrustedCallers attribute has changed. In v4, it no longer has anything to do with link demands. In fact, the implicit link demand that was present on signed libraries in v2 is gone. Instead, all fully trusted assemblies in v4 are, by default, SecurityCritical.
[snip /]
In v4, the effect of APTCA is to remove the automatic SecurityCritical behavior from the assembly to which it’s applied.
And...
Because the AllowPartiallyTrustedCallers attribute causes the entire assembly to be SecurityTransparent by default, the assembly’s author must specifically mark methods needing to perform privileged operations as SecurityCritical or SecuritySafeCritical.
(It's really a good article that author Mike Rousos did a great job with. I encourage you to read it in its entirety.)
If you're starting a new .NET 4 library, it's probably best to stick with the .NET 4 security model and use the appropriate SecurityCritical, SecuritySafeCritical, and SecurityTransparent attributes where needed. They're far easier to manage and understand than old code access security.
If you're migrating an old library to the new model, there's a good example in the article of how to do that... but basically it amounts to removing old LinkDemands and adding [SecurityCritical] in their place.
In your particular case, the fastest way to get going would be to add the SecurityRules attribute so you get the old behavior, but I'm not sure I'd consider that the right way. The right way would probably be to lose the APTCA and add SecurityCritical on the assembly because the assembly may contain SecurityCritical code, then mark the various types that call SecurityCritical code (e.g., stuff that references GetObjectData) with SecuritySafeCritical so your SecurityTransparent code can call it. Of course, that second approach will be a lot more work, so you'll probably want to run SecAnnotate.exe and get some automated tips.
Looking at the Moq trunk, a search for GetObjectData shows that the method in question is the override for an exception serialization mechanism (ISerializable.GetObjectData on System.Exception), which only SecurityCritical code will be calling anyway, so you may not even run into any trouble if you just lose APTCA and mark the assembly SecurityCritical.
There is an issue filed on Autofac to update it to the latest security model. If you like the idea, go vote/comment on it.
Sorry that wasn't a short answer. Security is, unfortunately, never easy. :S
I have got a dll placed in a shared folder over development server. Is there any way to use that dll without adding reference in my application and without installing the same in GAC.
Thanks in advance.
Assembly asm = Assembly.LoadFrom(path);
See MSDN for late binding, reflection etc.
Small edit: A variable with the keyword "as" is asking for trouble. So "Assembly as" changed to "Assembly asm" should be safer.
You may want to look at the Managed Extensibility Framework or at Assembly.Load... in the base framework.
Why would you want to do this, though? You'd need to call any code within the Assembly via reflection (hence the suggestion that the MEF may be what you're really after).
Yes, it is possible...somehow. Have a look at the Assembly-Class. With it you can load assemblies from a file without knowing what you exactly load.
Using Assembly.LoadFrom would be the only way to have zero references, but you'd still need to share contracts.
What's the problem with adding a reference?
What are you going to do when someone wants to work on a laptop and the WiFi goes down?
Yes,
you can call Assembly.Load() and then make use of Reflection to call into the public interface (lowercase "interface" - what I mean is the methods, fields and properties) exposed by the assembbly.
But in order to do that you need to know what methods to call. It helps if you can be certain that the assembly includes classes that do conform to a known .NET interface.
This idea is the basis for "plug-in" architectures in many tools, where the tool loads any assembly in its "plugin" directory, instantiates classes, casts the result to an ISomething, and then invokes methods via that interface.
I also would read Suzanne Cook's .NET CLR Notes.
http://blogs.msdn.com/suzcook/default.aspx
If this assembly is in a shared folder, you may find that .NET security restrictions stop you working with classes in that assembly in quite the way you'd expect.
Rather than storing on a shared folder, you may want to consider checking in the assembly to your source code repository. (I've seen a "/lib" folder used to good effect for this). Then you can reference the assembly directly.
(There are also repository solutions such as Maven that can more properly control this. However, they don't play well with .NET, unfortunately.)