PDA

View Full Version : FlexNet API and strong named assemblies



cummins
10-07-2009, 02:22 PM
I want to see if we're attacking our security concerns the right way. One of the applications we are using FLEXnet with is written in C#. We're thinking of three ways we can integrate with the FLEXnet libs:

1. Direct calls using Pinvoke/DLLImport. This looks to be a massive undertaking to generate the DLLImports for the functions we need to call. Also when running preptool on a simple test exe gave the error: "...\FlexNetTest.exe has not been linked against FLEXnet libraries." (this may be caused by stupid developer trick on my part).

2. Wrapper the FLEXnet calls using a managed C++ dll and then using the Strong Name tool to sign the assembly to protect against spoofing. The problem here is FLEXnet recommends against using the dynamic runtime libraries but /clr requires dynamic runtime libraries.

3. Writing our own security layer to check the integrity of a simplified wrapper lib written in C++. This is something I want to avoid if possible. I would do #1 first.

Is there an option 4 that we're not seeing? If that's not the case, which solution is recommended?

Thanks!