Support Corner: Protecting .NET Applications That Use Custom Attributes
Published on September 22, 2022 by John Brawner
Attributes are used for many different things in .NET: unit testing, serialization, language interoperability, etc.
.NET also provides the ability to create custom attributes. This can be used for building our own object mapping (ORM), custom serialization mechanisms, or other distinguishing objects for a specific purpose.
Protecting .NET applications that use custom attributes is a seamless process with Dotfuscator. Dotfuscator cloaks attribute definitions and automatically updates references throughout the application, so the name remains hidden. If the attribute is defined in an external library (not included in obfuscation), Dotfuscator automatically preserves the attribute usage within its inputs.
This default behavior handles most scenarios involving attributes. But there are times when a custom configuration is necessary. Fortunately, Dotfuscator’s rules engine gives us the flexibility to handle any unique scenario involving custom attributes.
Please consider the following example app:
A custom PermissionRequiredAttribute has been created to distinguish features requiring special permission:
After protecting with Dotfuscator, the PermissionRequiredAttribute, along with all references, are hidden:
Equally as important, the app runtime behavior works properly after protection:
The above scenario works great. But other times, Dotfuscator configuration is required. For example, if PermissionRequiredAttribute is loaded by an external reference not included in obfuscation, we would need a rule to preserve PermissionRequiredAttribute from Renaming.
In another example, types decorated by PermissionRequiredAttribute are serialized, but the deserialization mechanism is not obfuscated. In this case, rather than excluding the custom attribute itself, we would create a rule to exclude any type (or member) decorated by PermissionsRequiredAttribute:
Custom attributes are yet another powerful component of the .NET platform and, when used effectively, save time and lines of code. Protecting apps that use custom attributes is simple when we take note of the guidelines above.
You can download the complete sample code here.
If you have feedback on this topic or other topics you would like us to discuss in the Support Corner, please feel free to contact our Support Department.