Guide to getting a WCF service host application obfuscated?

[phaedrus30]

Hi, I'm trialling SmartAssembly 6.7 at the moment.

We have an application that is split into two major deployable components, set of Silverlight XAP files and a Windows service that runs as a .NET 4.5 EXE.

I'm currently working on just the Windows service EXE, which is the application server. It references one main application DLL (call it the framework DLL) and several 3rd-party DLLS. It's basically a WCF service host.

I've been able to run most protection options on the framework DLL by itself (everything except resource compression and pruning), and it runs fine when used by the service host EXE, but when I try to merge the framework DLL into the service host EXE using the same settings, the service won't start due to several problems:

1) Service names are obfuscated, so I have to exclude all service implementations from being obfuscated, this then brings me to:

2) Data contracts can't be initialized because they can't be serialized.

I could exclude all data contracts from being obfuscated, but this includes all our models so the benefit of obfuscation is reducing very quickly.

Who knows how many other problems would come after this one.

I also wasn't able to embed any of the reference 3rd-party assemblies

Basically, is there any guidance on how to use SmartAssembly for a WCF service host application? I'm really in the dark as to how this works.

Any information welcome!

Thanks

[Brian Donahue]

The only thing I know to do with regards to WCF is to exclude anything with the ServiceContract attribute from obfuscation and pruning. Then, as you mention, you will probably need to put any logic you want to protect in a private member, so it will be obfuscated by SmartAssembly.

The rest of your problems are probably specific to your application.

If something doesn't merge or embed, it may be a microsoft assembly. SmartAssembly will not automatically merge or embed something if it thinks it's part of the .NET Framework.
_________________
Brian Donahue
Technical Support
Red Gate Software Ltd.
44 (0)870 160 0037 ext 8521
US and CAN 1-866-RED GATE ext 8521

[phaedrus30]

I've already tried excluding the service contracts and implementations - that resolved the first error, but then I got an error that data contracts could not be serialized.

Excluding or re-writing all data contracts wasn't feasible.

However, I have managed to get a solution that is acceptable for our server-side application - the service host itself does not really need obfuscation as it is really just a thin wrapper for WCF hosting and doesn't contain any business logic.

I obfuscated the application DLLs separately in their own projects, and this seems to work fine - dependency merging / embedding doesn't work but we don't really need it.