This repository has been archived by the owner on Jun 30, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 214
Strong Naming
Bogdan Gavril edited this page Aug 30, 2018
·
2 revisions
- Strong naming is NOT a security feature
- Signing and strong naming are orthogonal. Signing (e.g. with Authenticode) is a security feature.
- Changing the strong naming key on a library is discouraged because the public key becomes part of the name of the assembly. The name of an assembly is used in many configuration blocks, for example asesmbly binding and assembly redirects.
- When strong naming an assembly, it can be done in 2 ways:
- use an snk file that has both a public and a private key (MSAL)
- use an snk file that has a public key only (ADAL) - in this case a technique called delay signing is used
When publishing to Open Source, it is recommended to publish in the repo both public and private keys, so that other developers can fork the repo and build their own version.
For historical reasons, ADAL is signed with a public only MS key.
MSAL however is now signed with using an .snk file containing both public and private keys.
- Home
- Why use ADAL.NET?
- Register your app with AAD
- AuthenticationContext
- Acquiring Tokens
- Calling a protected API
- Acquiring a token interactively
- Acquiring tokens silently
- Using Device Code Flow
- Using Embedded Webview and System Browser in ADAL.NET and MSAL.NET
- With no user
- In the name of a user
- on behalf of (Service to service calls)
- by authorization code (Web Apps)
- Use async controller actions
- Exception types
- using Broker on iOS and Android
- Logging
- Token Cache serialization
- User management
- Using ADAL with a proxy
- Authentication context in multi-tenant scenarios
- Troubleshooting MFA in a WebApp or Web API
- Provide your own HttpClient
- iOS Keychain Access