assemblies and the gac chapter 1, lessons 4-7 & lab
TRANSCRIPT
CertSIG 2
.NET ASSEMBLIES
. Net assembly
Fundamental unit for app development and deployment
Contains types and resources that app requires
type
type
resources
Resources
•Strings
•Images (PNG, GIF,JPEG,BMP,TIFF)
•Icons
•Audio
•Files
•Other
CertSIG 3
Shared Assemblies
Assembly
Application Application
Global Assembly
Cache (GAC)
(machine-wide)
CertSIG 4
Inside an Assembly
MSIL
Code
Type
Metadata
Assembly
Manifest
CLRRuns
code
CLR uses metadata to
run code
Assembly
Metadata
contains
•Version
•Security Identity
•Resources required
•Scope
Must be present before
assembly can run
CertSIG 5
Assembly Manifest Version Information
• Defines version of an app– Smallest unit of a version of an app
• Establishes version of types within assembly
• Multiple versions of an assembly can execute– Side by side execution– Avoids “DLL Hell” of COM Applications
CertSIG 6
Assemblies - Permissions
• Assembly is smallest unit granted permission by Framework
• Provide security boundaries• You specify permission required when
building assembly• When assembly is loaded:
1. Assembly sends request to runtime to grant permission
2. Runtime checks the security policy files• Files are on system running app• Sys admin configures these files using tools
described in Lesson 7.
CertSIG 7
What are the boundaries of a type?
• Assemblies provide boundaries for types
• Type identity = type name + name of assembly in which it resides
Assemby 1
Type “A”
Assemby 2
Type “A”
OK
Assembly
Namespace 1
Type “A”
Namespace 2
Type “A”OK, also
CertSIG 8
.Net Framework Class Library Namespaces
• Library is made up of reusable classes• Classes organized into hierarchical
namespaces– Logically and functionally related classes– Divides assembly into logical grouping of types– Ex:
• System– System.Data – DB apps– System.I/O – all I/O operations
• A given namespace may appear in multiple assemblies
CertSIG 9
Static and Dynamic Assemblies
.net language
compiler
static assembly
(.exe or .dll)
produces
harddisk
Your App
( at runtime)
Requires a type from an existing assembly
Reflection
APIs
Creates
Portable Execution
file
harddisk
CertSIG 11
Multiple File Assembly
Can be used when different modules are written in different languages.
More efficient downloading: store seldom-used together, download only when necessary
Use Assembly Linker (AL.EXE) to link multiple modules into single assembly (Lesson 7).
CertSIG 12
Private vs Shared Assemblies
• Private:– Stored in installation directory of app– Accessible to app only
• Shared:– Accessed by multiple apps– Has strong name
• Assembly name• Version• Culture information• Digital signature• Public key information
– Stored in GAC
CertSIG 13
Assembly IdentityEstablished by info in the Assembly ManifestAssembly Manifest
Contents
String
<ver maj>.<ver min>.<revision>.<build>
Culture, Language supported
Public Key info
Identifies files that contain type declaration & implementation
Assembly name, assembly metadata, public key (if SN)
CertSIG 15
XCopy Deployment
• Use XCopy to deploy– Make sure all files in assembly are in
same application directory– Framework searches for referenced
assemblies in application folder– Assemblies in one app folder are not
accessible by another app in another directory
• (Above) Private Assemblies
CertSIG 16
Shared Assemblies
• Installed in GAC• Assign strong name to assembly (required)
– Assembly indentity, public key, digital signature• SN.EXE – verification, key pair/signature sn –k MyKey.dat key pair in MyKey.DAT
– Use this file name in attribute to assign the assembly a strong name
Imports System.Reflection <Assembly: AssemblyKeyFile("MyKey.dat")>
Use GACUTIL.exe to install in GACgacutil /u <assembly>
GAC in %WINDOWS%\assembly folder
CertSIG 18
Configuration and Security Policy Files
Configuration files
Security Policy files
Computer
Application
.NET Framework
uses control behavior
.NET
Tools
Modify
settings
CertSIG 19
Application Configuration.NET
Framework
Application Code
controls
What resources can this code
access?
Depends on:
Origin of code
Who is running the code
To control execution
You must configure one or more Configuration files
CertSIG 20
Configuration FileConfiguration file is an XML document
It contains predefined elements
element
Note Start and End Tags
shows location of assembly
CertSIG 21
Configuration Files
Machine configuration (machine.config)
Application configuration files
Security Configuration Files
Note: configuration file code is case-sensitive!
CertSIG 22
Machine.config fileLocated in %runtime installation path%\config
%runtime installation path% is an ENVIRONMENT VARIABLE to set up an environment variable: My Computer | Properties | Advanced | Environment variables enter the name and value under System Variables
Note “appSettings” section (can be modified by you)
When you run an app, framework checks for changes in:
1. Machine.config
2. Application configuration file
CertSIG 23
Application Configuration files
(above) Using an app.config file to save connection strings
Could be used to take a server offline without recompiling:
change the value of the element and restart the app
app can use the config file to read the value of the ServerButton.Text key
CertSIG 24
Where are app.config files located
Depends on run-time host:
Executable-hosted apps: <appname>.exe.config file created in same directory as executable.
ASP.NET-hosted apps: Named Web.config
Located in web application folder
Given URL: www.microsoft.com/app1/app2
App1 config file in www.microsoft.com/app1
App2 config file in www.microsoft.com/app2
App2 is affected by both config files
CertSIG 25
Security Configuration FilesContain security permissions for hierarchies of code groups.
Code groups: logical groups of code
enterprise – permissions granted affect code on all machines in organization
machine – affect code on a particular computer
user levels – affect code when a particular user executes an application
An executing app only gets permissions granted at intersection of enterprise, machine, and user levels
Security config files located at (entprs,mach)%runtime install path%\Config\Security.config
(user)C:\Documents and Settings\Tom Perkins\Application Data\Microsoft\CLR Security Config
Framework Tools to configure security files:
.NET Configuration Tool (MSCORCFG.MSC)
Core Access Security Policy Tool (CASPOL.EXE) Lesson 7
CertSIG 27
App Domains
Application Failing
Application!
.NET Framework
Application
Application domains provide a secure, isolated, and fault-tolerant execution environment.
CertSIG 28
Processes
• A process is the execution boundary within which an application runs.
• When process starts, run-time assigns an address space to it.
• Memory addresses within the process are assigned relative to process – Address space useless to other processes– Other apps cannot address this app’s data
• App is isolated; if it fails it leaves other apps unaffected
process
CertSIG 29
JIT Compilation
• JIT compiler makes sure code references valid objects
• Makes sure only valid operations are performed on objects– “Type-safe” validation
• Validated code loaded into application domain
process
portable
executable
JITcompiler
CertSIG 30
Application Domains
• Application domain: boundary in which an application operates
• Process can contain several application domains
• Can’t access another app domain’s code directly
• Proxy enables inter-domain communication
• Failure in one app doesn’t affect execution of app in another app domain
• You can start and stop an app in an app domain without affecting others in process
Application
Domain
Application
Domain
process
proxy
CertSIG 31
Multi-Assembly Apps• App may need functionality from more than one
assembly• Both assemblies must be loaded into app domain
before execution can start• Shared assemblies can share code between two app
domains• Data is not shared between domains using a shared
assembly• Assembly shared between app domains said to be
domain neutral• Domain neutral assemblies may be more efficient,
but also slower• You can control whether assembly is loaded as
domain neutral
MyApp.exe MyUtil.dll
assembly
Class lib
assembly
App
domain
App
domain
CertSIG 32
Run-Time Hosts• When app is invoked, run-time (CLR) is not
running in a process• Run-time host loads CLR into process • Run-time hosts for:
– ASP.NET– Shell executables– Internet Explorer components
• Run-time loads and initializes the CLR inside the process
• During load process, you can set whether or not runtime will host domain-neutral assemblies
CLR
App.exeRun-time
Host
Process
CertSIG 34
.NET FRAMEWORK TOOLS
• ASSEMBLY LINKER• IL ASSEMBLER• IL DISASSEMBLER• CODE ACCESS SECURITY POLICY
TOOL• .NET FRAMEWORK CONFIGURATION
TOOL
CertSIG 35
ASSEMBLY LINKER
C# msil
.net module
VB msil
.net moduledll
resource
file
AL.EXE
Assembly
with
manifest
output from C# compiler
output from VB compiler
al [sources] [options]
al /t:exe /out:MyApp.exe /main:MyClass.Main MyModule.netmodule MyUtil.dll
input modules may not have an assembly manifest; output does
CertSIG 36
ILASM -- MSIL ASSEMBLER
C# msil
.net module
VB msil
.net moduledll
resource
file
ILASM.EXE
Executable
(PE) File
output from C# compiler
output from VB compiler
Output in native code
CertSIG 37
ILDASM – MISL DisassemblerPortable executable
File containing
MSIL code
ILDASM
MSIL (text) ILASM
May not contain
metadata
Use default GUI to view; use File|Dump option to save text file
CertSIG 38
CASPOL – Code Access Security Policy Tool
• Allows users and administrators to grant and modify permissions for code groups at the user, machine, and enterprise policy levels