Is there any way to secure your assembly down to the class/property & class/method level to prevent the using/calling of them from another assembly that isn’t signed by our company?
I would like to do this without any requirements on strong naming (like using StrongNameIdentityPermission) and stick with how an assembly is signed. I really do not want to resort to using the InternalsVisibleTo attribute as that is not maintainable in a ever changing software ecosystem.
For example:
Scenario One
Foo.dll is signed by my company and Bar.dll is not signed at all.
Foo has Class A
Bar has Class B
Class A has public method GetSomething()
Class B tries to call Foo.A.GetSomething() and is rejected
Rejected can be an exception or being ignored in someway
Scenario Two
Foo.dll is signed by my company and Moo.dll is also signed by my company.
Foo has Class A
Moo has Class C
Class A has public method GetSomething()
Class C tries to call Foo.A.GetSomething() and is not rejected
If you are wanting to limit the callers to only code that has been authenticode signed by a specific certificate, you can still use CAS (just not StrongNameIdentityPermission).
Use PublisherIdentityPermission just like you would have used any CAS permissions. Or if you want to do it declaratively, use an attribute.