1

I need verify that the calling code to my wcf service has been not tampered. The calling code is located in one dll file on client pc. I get the calling code by Assembly.GetExecutingAssembly().

To do some tests, I have created in my wcf service a method named GetChecksum to verify the integrity of the calling code by his checksum. But do this work well done I need send to my wcf service the executing assembly when the calling is done.

The shortened code on server is like this:

[ServiceContract]
[ServiceKnownType(typeof(System.Reflection.Assembly))]
public interface IContrato
{
    [OperationContract]
    Byte[] GetChecksum( Object obj, out String debugging);
}


[ServiceKnownType(typeof(System.Reflection.Assembly))]
public class RegisterIndiNT : IContrato
{
    Boolean GetChecksum( Object o, out String debugging )
    {
        // code to cast Object to Assembly and to compute the checksum.
    }
}

The shortened calling code would be like this:

Uri uri = new Uri(@"http://mywebserver.com/RegisterIndiNT.svc");
WCFOnlyContract.IContrato proxy = ChannelFactory<WCFOnlyContract.IContrato>.CreateChannel(
                new BasicHttpBinding(), new EndpointAddress(uri));

(proxy as ICommunicationObject).Open();

String debugging = String.Empty;
result = proxy.GetChecksum( Assembly.GetExecutingAssembly(), out debugging);

(proxy as ICommunicationObject).Close();

The error occurs in the call, before enter inside of Checksum method. Looks like if the System.Reflection.Assembly type cannot be serialized. I have added this type to the knowntypes attribute (interface and class) but doesn't work. I get the next exception:

Exception.Message=Error al intentar serializar el parámetro http://tempuri.org/: obj. El mensaje de InnerException fue 'No se espera el tipo 'System.Reflection.RuntimeAssembly' con el nombre de contrato de datos 'RuntimeAssembly:http://schemas.datacontract.org/2004/07/System.Reflection'. Si está usando DataContractSerializer, intente usar DataContractResolver o agregar tipos no conocidos estáticamente a la lista de tipos conocidos (por ejemplo, usando el atributo KnownTypeAttribute o agregándolos a la lista de tipos conocidos que se pasa a DataContractSerializer).'. Consulte InnerException para obtener más información.

I need that serialization of the assembly happens out of the client code. Serialize the assembly on the client to after send it to the wcf is not solution.

Any help would be very apreciatted. Thanks in advance.

cls71
  • 177
  • 2
  • 8

1 Answers1

2

You are correct in that it's not serialized as you expect.

class Assembly implements ISerializable

and GetObjectData is implemented like this:

public override void GetObjectData(SerializationInfo info, StreamingContext context)
{
  if (info==null)
    throw new ArgumentNullException("info");

  Contract.EndContractBlock();

  UnitySerializationHolder.GetUnitySerializationInfo(info,   UnitySerializationHolder.AssemblyUnity, 
  this.FullName, 
  this);
}

internal static void GetUnitySerializationInfo(
            SerializationInfo info, int unityType, String data, RuntimeAssembly assembly)
{
  info.SetType(typeof(UnitySerializationHolder));
  info.AddValue("Data", data, typeof(String));
  info.AddValue("UnityType", unityType);

  String assemName;

  if (assembly == null) 
     assemName = String.Empty;
  else 
     assemName = assembly.FullName;

  info.AddValue("AssemblyName", assemName);
}

So only the assembly's name is serialized and not the code etc.

http://referencesource.microsoft.com/#mscorlib/system/reflection/assembly.cs,73b5be5e9c2474b2

Serve Laurijssen
  • 9,266
  • 5
  • 45
  • 98
  • Thanks @Servé. Then the issue looks like that has not solution. (strong-named assemblies is not an option because the project has other 3rd party assemblies which are not signed). – cls71 Mar 08 '16 at 19:26