Is it possible to prevent a DLL from being modified?

Question

Is it possible to sign or otherwise protect a managed (.NET) DLL from being modified? I'm looking for possible solutions that would detect changes to DLLs and prevent them from being loaded by the .NET runtime. I don't mind if someone can load the DLL in Reflector or ILSpy - as long as a modified DLL cannot execute, I'd be fine with that.

I did some searches on this topic, but most articles / discussions recommend obfuscation which is not what I'm looking for. I thought digitally signing the DLL would accomplish this but a chat with my colleagues made me doubt that and I only have superficial knowledge in this area.

Any advice would be appreciated.

Answer 1

Signing a DLL doesn't stop other people from decompiling and then modifying your DLL. What it does prevent is them doing that and then passing the result off as the original. In other words, the modified DLL will execute if the caller decides to trust it, but any code which expects it to have your public key token will reject it.

Answer 2

Signing the library will prevent modification. The downside to that is once you've signed this library, you must sign all child libraries it consumes as well. That can be a pain in the butt if you are using something from the NuGet library.

In theory once the dll is signed a signature is created to ensure it has not been modified. If someone hacked it, then framework won't load it.