创建自己的.NET程序集缓存 [英] Create Your Own .NET Assembly Cache

问题描述

在我正在编写的.net应用程序中，我需要从各个位置本地缓存程序集，以便即使原始位置不可用，我的应用程序也可以使用它们.我不能使用GAC(主要是因为我想要可移植性，也因为程序集可能未签名).

In a .net application I am writing, I need to locally cache assemblies from various locations so my application can use them even if the original locations are unavailable. I cannot use the GAC (primarily because I want portability and also because the assemblies might not be signed).

有人知道任何已经支持此功能的.net代码吗?我需要缓存能够告诉我某个特定的程序集是否已经在缓存中，并且还可以处理不同版本的程序集.我可能不得不求助于编写自己的程序集缓存，但是我想问这个问题，因为如果已经完成，我真的不希望重新发明轮子".

Does anyone know of any .net code which supports this functionality already? I need the cache to be able to tell me if a particular assembly is already in the cache and handle different versions of assemblies as well. It is likely that I will have to resort to writing my own assembly cache, but I thought I would ask this question because I don't really want to "re-invent the wheel" if it has already been done.

推荐答案

我最终不得不编写自己的程序集缓存...

I ended up having to write my own assembly cache...

这是工作原理的基础，以便在其他人需要实现自己的程序集缓存时提供帮助:

Here's the basics of how it works, in order to help others if they need to implement their own assembly cache:

• 缓存是应用程序中具有相应包装类的文件夹.
• 在缓存中安装程序集的方法将返回字符串令牌"(安装程序集的名称)，调用者可以将其保存并用于以后检索程序集.
• 检索程序集的方法获取令牌并返回一个对象，该对象封装了缓存的程序集的信息.

在安装程序集时，首先将传入程序集的位与每个已缓存程序集的位进行比较，并确定该程序集是否已安装(如果所有位都相同，则它们显然必须执行相同的操作).如果已经安装了程序集，则返回以前缓存的程序集的名称.如果尚未安装，请通过在缓存文件夹中找到程序集名称的可用变体来安装多个版本(例如，assembly.dll，程序集-(2).dll，程序集-(3).dll等) ，将程序集缓存在文件夹中，然后将其缓存的名称返回给调用方.

When installing an assembly, first compare an incoming assembly's bits to the bits of each of the already cached assemblies and determine if the assembly is already installed (if all the bits are the same, they must obviously do the same thing). If the assembly is already installed, then return the name of the previously cached assembly. If it is not already installed, allow multiple versions to be installed by finding an available variant of the assembly name in the cache folder (e.g assembly.dll, assembly - (2).dll, assembly - (3).dll, etc), cache the assembly in the folder, and return its cached name to the caller.

就安全性和强命名而言，在我的应用程序中进行强名称验证是没有意义的，因为这就是布鲁斯·佩耶特(Bruce Payette)所谓的草坪侏儒缓解措施"(一种安全对策，攻击者只能四处走动).如果攻击者决定毒害某个程序集，则他还可以访问该强名的存储位置，并且可以轻松地将其更改为他的强名.最终，用户有责任仅使用他信任的来源中的程序集.如果用户安装了恶意程序集，那是他的错，而不是我的.尽管如此，为了为用户提供更多保护，默认情况下，我的应用程序中对外部程序集的使用将被禁用.但是，对于其他应用程序，将强名称验证作为额外的安全保护层可能是有意义的.

As far a security and strong naming goes, it does not make sense in my application to do strong name verification, as it would be what Bruce Payette calls "lawn gnome mitigation" (a security countermeasure which an attacker could merely walk around). If an attacker decided to poison an assembly, he would also have access to the location where the strong name would be stored and could easily change it to his strong name. It ends up being the user's responsibility to use assemblies only from sources he trusts. If the user installs a malicious assembly, it is his fault, not mine. Still, to provide a little more protection for the user, the use of external assemblies in my application will disabled by default. For other applications, though, it might make sense to implement strong name verification as an extra layer of security.

这篇关于创建自己的.NET程序集缓存的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！