NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Defining a Dynamic Assembly

The Reflection Emit APIs provide many ways of creating dynamic assemblies. Dynamic assemblies are created using the various System.AppDomain.DefineDynamicAssembly methods. DefineDynamicAssembly returns an AssemblyBuilder object. DefineDynamicAssembly requires the caller to specify the AssemblyBuilderAccess enum. The enum defines whether the dynamic assembly will be run only, saved only, or run and/or saved. Some of the methods require the caller to supply evidence. evidence is the set of information that constitutes input to security policy decisions, such as what permissions can be granted to code. Other methods require the caller to supply permission requests. The permission requests come in three flavors: required, optional, and refused.

A persistable dynamic assembly is saved using the method AssemblyBuilder.Save. Save specifies the name of the file to which the assembly should be written.

Strongly Named Assemblies

A dynamic assembly can be partially signed or fully signed.

For partial signing, the Originator must be specified in the AssemblyName argument passed to DefineDynamicAssembly. The runtime allocates the space within the PE for a strong name signature blob, but does not actually sign the assembly. The resulting assembly can be fully signed in a post-processing step using LM, ALINK, or SN.

For full signing, in addition to the Originator, a public/private key pair must be provided. These entities are usually stored in a file or disk or in a key container owned by a Crypto API CSP (Cryptographic Service Provider). Low security keys are often generated by software based CSP's and exported to a file so they can be checked into source code management systems during project development. High security keys are often generated by hardware that usually prevents export of the keys for security reasons. Such key pairs can only be accessed indirectly through a key container. The strong name key pair is specified using the System.Reflection.StrongNameKeyPair class.

For example,

FileStream fs = FileStream.Open(“SomeKeyPair.snk”);
StrongNameKeyPair kp = new StrongNameKeyPair(fs);
fs.Close();
AssemblyName an = new AssemblyName();
an.KeyPair = kp;
AppDomain appDomain = Thread.CurrentThread.GetDomain();
AssemblyBuilder ab = appDomain.DefineDynamicAssembly(an,…);