Is using a strong named assembly for Plug In secure?

Question

I was searching on way to prevent an unknown party from attaching their own Plug In containing malicious code into my application. And I ran across this post

.NET Assemb

Answer 1

It's an interesting comment. From what I understand a signed assembly indicates 1) it has been signed with a certain key and 2) is could not have been modified after signing

On point 1, the security of the key is important as anyone with the key could modify and re-sign the assembly.

On point 2, I have seem an example online of a successful modification of an assembly while still passing the strong name verification. It was not trivial.

So technically correct, you can use this to verify identity but not necessarily security - or rather the difference between Authentication (the plugin was signed and not tampered with) versus Authorization (the code itself is authorized to do a certain action).

Authentication versus Authorization