NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Assemblies and the Cache

Each machine on which the NGWS runtime is installed has a machine-wide code cache. This cache is divided into two components, a download cache and a global assembly cache.

The download cache stores code downloaded on behalf of an application. Once downloaded, the assembly is "private" and is only visible to that application; it has no effect on other applications on the machine. The download cache gets scavenged based on LRU policies.

The global assembly cache is used to store assemblies meant to be used by several applications on the machine. The only way to deploy an assembly into the global assembly cache is by using an installer or a tool in the SDK such as alink.exe. The global assembly cache is never scavenged.

The Global Assembly Cache and Shared Named Assemblies

The global assembly cache is a repository for assemblies with shared names that strongly identify their contents. Assemblies with shared names avoid the compatibility risk of replacing a DLL shared by multiple apps or registering a new implementation for a COM class. With a DLL, there is also risk of name collision, either directly or through the search path. In a shared name, the version metadata can be overridden per application by bind policy specified in the admin.cfg file managed by the system administrator or in the application's configuration file. This factoring is more flexible than static linking or embedding the version number in the name reference, e.g. mfc42.dll. These latter approaches make it difficult to upgrade to newer components after they have been tested for compatibility. The robustness of the application and the managability of multiple versions should be the determining factors when deploying shared assemblies into the global assembly cache.

For more information on shared names, see What is a shared name?.

Cache Security

For downloading components that have not been trusted by the user, the assembly cache supplies a randomly generated subdirectory name to prevent a hacker from accessing the assembly via a file reference. When an assembly is added to the assembly cache, integrity checks are performed on the data streams. The assembly manifest specifies a hash value and hash algorithm for all of the other streams. The stream that is or contains the manifest is independently signed and verified.

Since the assemblies can be accessed directly from the file system, the assembly cache performs some level of integrity checking to ensure that an assembly has not been tampered with (e.g. a file changed but the manifest version stayed the same). Only users with "administrator" privileges can perform management tasks on the global assembly cache.