Solved

Strongly Named Assemblies

Posted on 2004-10-04
2
849 Views
Last Modified: 2008-03-10
According to Microsoft, Assemblies that reference strongly named assemblies must themselves by strong named, otherwise it would compromise the security pof the strong named assembly.

Ok. If that is true, then how come an assembly I created, which references strong named Crystal reports assemblies, and strong named Custom controls assemblies, works, and my assembly is not signed with a strong name?

I want to sign my assemblies now with a strong name. Will that break backwards compatibility with other assemblies that reference my assemblies, if those assemblies do not have a strong name? (my assemblies are not stored in the GAC)
0
Comment
Question by:gregasm
2 Comments
 
LVL 6

Expert Comment

by:mogun
ID: 12224251
1. It is just a recommendation that assemblies referencing strong named assemblies should themselves be strong named. It is not a required crieteria.. That's why you are able to reference a strong named assembly in a simple assembly..

2. It won't.. you can sign your assemblies now with a strong name. It will not break backwards compatibility with other assemblies that reference your strong named assemblies that do not  have a strong name..This is possible because of point number 1.

Cheers
Mohan
0
 
LVL 3

Accepted Solution

by:
skpatra earned 500 total points
ID: 12225010
Hi gregasm,
The correct Rule is just the opposite, i.e. if an assembly is strong named, ALL ASSEMBLIES REFERENCED BY THIS ASSEMBLY SHOULD ALSO BE STRONG NAMED.
Think of it this way, if your statement is true then we can never create assemblies without strong name using the .net framework assemblies (like System.dll) as all framework assemblies are strong named.
Let me try to understand your second question. I assume that you have an assembly A which you want to strong name. There are assemblies X,Y and Z referring to this assembly A. If this is the scenario, then you will need to RECOMPILE the assemblies X/Y/Z to be able to use the newer version of A. To understand this, you will need to understand the use of strong naming the assembly:
1. Strong naming an assembly involves assigning a public-private key pair to it.
2. When an assembly is strong named, a hash is created from the assembly content and then it is encrypted using the private key used for strong naming.
3. At runtime, when a strong named assembly (say the crystal reports assembly) is to be loaded, the CLR will calculate the hash of the assembly again. The CLR will then decrypt the encrypted hash generated earlier using the public key. The CLR compares the decrypted hash to the hash calculated. If the they are the same, then the CLR assumes that the crystal assembly is a valid assembly. But if it is not same (because for some reason some one tampered with the contents of the crystal assembly dll) the CLR will not allow the loading of the assembly.

In your case if you do not recompile X/Y/Z and just replace the older version of A with the strong named version, you will get an error like "Comparing the assembly name resulted in the mismatch: PUBLIC KEY TOKEN".

Hope this helps...
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question