Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Strongly Named Assemblies

Posted on 2004-10-04
2
Medium Priority
?
856 Views
Last Modified: 2008-03-10
According to Microsoft, Assemblies that reference strongly named assemblies must themselves by strong named, otherwise it would compromise the security pof the strong named assembly.

Ok. If that is true, then how come an assembly I created, which references strong named Crystal reports assemblies, and strong named Custom controls assemblies, works, and my assembly is not signed with a strong name?

I want to sign my assemblies now with a strong name. Will that break backwards compatibility with other assemblies that reference my assemblies, if those assemblies do not have a strong name? (my assemblies are not stored in the GAC)
0
Comment
Question by:gregasm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:mogun
ID: 12224251
1. It is just a recommendation that assemblies referencing strong named assemblies should themselves be strong named. It is not a required crieteria.. That's why you are able to reference a strong named assembly in a simple assembly..

2. It won't.. you can sign your assemblies now with a strong name. It will not break backwards compatibility with other assemblies that reference your strong named assemblies that do not  have a strong name..This is possible because of point number 1.

Cheers
Mohan
0
 
LVL 3

Accepted Solution

by:
skpatra earned 2000 total points
ID: 12225010
Hi gregasm,
The correct Rule is just the opposite, i.e. if an assembly is strong named, ALL ASSEMBLIES REFERENCED BY THIS ASSEMBLY SHOULD ALSO BE STRONG NAMED.
Think of it this way, if your statement is true then we can never create assemblies without strong name using the .net framework assemblies (like System.dll) as all framework assemblies are strong named.
Let me try to understand your second question. I assume that you have an assembly A which you want to strong name. There are assemblies X,Y and Z referring to this assembly A. If this is the scenario, then you will need to RECOMPILE the assemblies X/Y/Z to be able to use the newer version of A. To understand this, you will need to understand the use of strong naming the assembly:
1. Strong naming an assembly involves assigning a public-private key pair to it.
2. When an assembly is strong named, a hash is created from the assembly content and then it is encrypted using the private key used for strong naming.
3. At runtime, when a strong named assembly (say the crystal reports assembly) is to be loaded, the CLR will calculate the hash of the assembly again. The CLR will then decrypt the encrypted hash generated earlier using the public key. The CLR compares the decrypted hash to the hash calculated. If the they are the same, then the CLR assumes that the crystal assembly is a valid assembly. But if it is not same (because for some reason some one tampered with the contents of the crystal assembly dll) the CLR will not allow the loading of the assembly.

In your case if you do not recompile X/Y/Z and just replace the older version of A with the strong named version, you will get an error like "Comparing the assembly name resulted in the mismatch: PUBLIC KEY TOKEN".

Hope this helps...
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question