Application Security Testing: An Integral Part of DevOps
If and when you start working with .NET, you will find that the applications you create are not quite the same as the ones you created previously. While you can still create a file with a DLL or EXE, the resulting files are not the same as previous DLLs and EXEs. In simple terms, any application you create -- be it a forms application, class library, a service, or something else - will be built into an assembly.
When you compile a program in .NET, the result is a file called an assembly. An assembly is a collection of the resources that your application uses along with the types. These assemblies will contain information specific to your program along with a lot of additional information that the .NET Framework will be able to use. The information in the assembly will be used for a variety of purposes including type identification, versioning, deploying, referencing scope, and security.
- The name of the assembly
- The version of the assembly (so it can tell this assembly from future versions)
- A list of files in the assembly
- Information an any exported types in the assembly
- Information on any other assemblies referenced by this one
A manifest may also contain other information such as the culture or language the assembly supports as well as a public key if there is a need for strong names to be assigned to the assembly.
An assembly will also have a set of values that can be accessed and/or set. For example, you can store copyright information within your assembly by setting the value of an attribute called AssemblyCopyright. You can set this attribute within the source code of your program. Using a concept called reflection, you can determine and use this value in your executing program. There are a number of preset attributes you can use. These include AssemblyCompany, AssemblyCopyright, AsemblyCulture, AssemblyDelaySign, AsemblyDescription, AssemblyFileVersion, AssemblyInformationalVersion, AssemblyKeyFile, AssemblyKeyName, AssebmlyProduct, AssemblyTitle, AssemblyTradmark, and AssemblyVersion.
If these attributes don't fit your needs, you can also create your own attributes. For example, you can create an attribute that indicates if the assembly is a final version or a testing version. You could also create attributes to indicate the programmer responsible for the program. You could also use attributes to extend the current programming language you are using. The use of attributes is limitless.
For more on attributes, check out the Attributes category of the CodeGuru C# Basic Syntax section (http://www.codeguru.com/cs_syntax/index.shtml).
The programs you create in .NET are called assemblies. The assembly manifests is a list of the contents of the assembly. You can add your own values to an assembly by using attributes. With reflection -- not covered here -- you can then access those values from your own programs.