'How do I securely load external DLL from C# code?
I have a C# application which went through cyber security testing, and one of the feedback was: Possible DLL injection
I am using an external DLL in my code and have it as a reference in my project in Visual Studio (also listed in packages.config), I'm having the DLL located at the same place as the .exe, but as per the CyberSecurity team:
It is recommended to:
Use an absolute path for application executables when looking for DLLs. These DLLs should be placed in a protected folder (e.g. SYSTEM) and checked prior to being loaded.
Ensure that all DLLs are signed and checked for valid signature before loading them.
Anyone has a sample C# code how to achieve loading .dll from static path and check its signature/hash before loading it?
I believe Assembly.LoadFrom might be able to somehow tackle this issue, but I was not able to make it work for me and also it seems like calling functions form the dll would not be as straightforward as it is now when I can just use "using library_name" directive and freely call any function from within the dll.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|