How to ensure that Unity selects only my assemblies?

Mar 1, 2011 at 8:14 PM

As a security measure, is there a way to direct Unity to allow only assemblies signed with my company's key to be used for resolving types, intercepting calls, etc.?

I realize that one can use ACLs to lock down a deployment (the app.config in particular), but a baked-in requirement that injected assemblies must have a certain key would present one more barrier that a hacker would have to scale.  If it's easy to do, I might as well add it.

Mar 1, 2011 at 11:49 PM

I believe Unity doesn't have the feature you're looking for as it doesn't actually do the assembly loading, it still relies on the .NET CLR to do that task.  

 

Sarah Urmeneta
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com

Mar 2, 2011 at 1:36 AM

You can add this capability by implementing your own UnityContainerExtension and capturing the Registering and RegisteringInstance events to ensure all mapping arguments correspond to your requirements.

There is also a CreatedChildContainer event where you can add the container extension automatically to any spawned child containers...

Be careful as Unity will also register various artifacts to any container ( like map IUnityContainer to itself )

Cheers...

Robert