Why is it possible to load types in an unsigned assembly from a signed assembly using reflection?

I have two assemblies A and B. A is strong named and B is not.

According to MSDN I cannot reference B from A because a strong named assembly can only reference another strong named assembly.

But then why is it possible to load assembly B, instantiate its class and call their methods from assembly A using reflection?

// Inside assembly A
Assembly b = Assembly.LoadFrom("B");
obj开发者_如何转开发 myObj = b.CreateInstance("MyClass");

Doesn't this defeat the very purpose of not allowing to reference unsigned assemblies in a signed one?

Well, you have to understand that strong-named assemblies are designed to circumvent "DLL Hell" and allow "side-by-side versioning". AFAIK it is not designed for security.

Therefore, you're allowed to use reflection in a strong-named assembly to call methods and instantiate classes in unsigned assemblies. The framework assumes you know what you're doing because you're explicitly loading a file -- and you therefore should know which file you really want. In other words, you are telling the framework: "For this assembly, I want to manage my own versioning."