0

I am facing a hilarious situation. I have an app FW 4.5 that can not be upgraded to FW 4.6 because in our servers we don`t have that Fw installed.

I need to use some functionality that is only shipped in the library Fw 4.6. System.Security.dll has been improved and has an extension method I need to use: RSACertificateExtensions.GetRSAPrivateKey(this X509Certificate2 certificate);

Well, I tried to load the concrete assembly , by reflection, putting it inside a concrete path. I have read and checked that if the assembly is signed, I allways will get the GAC version, so in servers where FW 4.6 is not installed it will never work, as it will go to GAC and retrieve 4.5 version. What can I do?

  1. Is it possible to generate a custom library version of System.Security? I tried it with the sources code of microsofot but without success.
  2. Is it possible to load the specific assembly ? Both assemblies are version 4.0.0.0 so I can not use Specific version, since from outside are the same version.
  3. Anyone know if the method RSACertificateExtensions.GetRSAPrivateKey(this X509Certificate2 certificate); has been developed in a third party library?
X.Otano
  • 2,079
  • 1
  • 22
  • 40
  • Apart from possible licence conflicts, you could try to ship the desired assembly as binary and load it using the "Assembly.Load(byte[])" overload. Maybe this is worth a test. – thehennyy Jan 24 '18 at 07:39
  • I would try very hard to avoid mixing and matching versions like this. Even if you *could* get it to work, I'd be worried about it. I suggest you push hard to get the framework updated on your servers. Apart from anything else, if they haven't been updated to 4.6 (released in 2014!) it's likely that they're missing a lot of security updates. – Jon Skeet Jan 24 '18 at 07:39
  • I tried the load from bytes , but it does not care=> it goes to GAC – X.Otano Jan 24 '18 at 07:41
  • @JonSkeet that possibility isn`t an option. The servers are updated very slow.....You know osme approach?? – X.Otano Jan 24 '18 at 07:43
  • No, I don't. You say it's not an option, and I understand that it can be very hard to drive this sort of change, but that's what I would push for. Leaving servers unupdated for over 3 years is a recipe for disaster in general. – Jon Skeet Jan 24 '18 at 07:44
  • Aggg, that is the anser I didn't want to read hehe. The creation of a System.Security custom library (with different name ) will be an approach? @JonSkeet – X.Otano Jan 24 '18 at 07:47
  • Not an approach I'd countenance, no. Do you really want to take risks with security? – Jon Skeet Jan 24 '18 at 07:48
  • @JonSkeet No...I would like to use that extension method, and I don't know how. It seems to be a mathematics algoritm , but I can not get any third party library thats does it for me – X.Otano Jan 24 '18 at 07:52

0 Answers0