tags:

views:

190

answers:

3
Q: 

What to consider when strong name signing a managed application?

I want to strong name a managed application which references many managed assemblies and ActiveX and COM components (written in C++) via interop. And because a strongly named assembly cannot reference weakly named assemblies, could you please tell me what problems that I should be prepared for, what you have run into, especially when dealing with those ActiveX and COM interops?

The solution for this application is big. It's composed of 50+ projects of managed C#, Vb.net, native C++, and managed C++/CLI. Therefore, the more information, real life stories you give, the better I can prepare and save myself from headache.

Thanks.

+1  A: 

I don't have real experience with this kind of visual studio solution yet. But I hope the information here and here can give you some ideas for your interop components.

 2009-11-19 08:03:45
+1  A: 

There's really nothing problematic except reliably storing the .snk file.

Remember that every third party assembly that will use your assemblies will have the key from your assmeblies mentioned inside the dependencies and each time it will load your assembly it will check whether the loaded assembly is still signed with that key. This is done to prevent misplacing your assembly by some malicious code.

This means that unless you reliably store the .snk file used to signed the earlies version of your assembly you will be unable to ship new versions without enforcing the users to re-add the references. So store the .snk file and use the very same file for each version of any given assembly. Whether you use different .snk files for different assemblies or one for all doesn't really matter, so one .snk per company is enough.

See this question and this perfect answer for details on the above.

sharptooth  2009-11-19 08:09:01
That's the reason I want to strong name the application. However, I'd like to be aware of hidden complications with the application's architecture and the structure of our big VS solution. Thanks.
mqbt  2009-11-19 08:15:05
+1  A: 

I have not experienced any issues related to strong names so far (also using COM interop assemblies). If you get a 3rd-party assembly which has no strong name, you can post-sign it yourself, allowing you to make all assemblies strong named.

Of course, making the interop assembly strong named doesn't protect the underlying COM DLLs to be modified or replaced, so that the "protection" from the strong name doesn't really extend itself onto COM components, even if the interop assembly is strongly named.

Lucero  2009-11-19 08:42:18
Did you use the tlbimp.exe or aximp.exe to sign the interop assemblies and reference those? The reason I ask is because one of our the projects reference the COM component using VS and get the interop assembly generated for free. Thanks.
mqbt  2009-11-19 09:06:23
I have used TlbImp and also post-signed assemblies with ILMerge in the past. I'm not a fan of the automatic SNK handling done by VS, as it requires the key file to be present physically on the computer. In our environment, we have the keys stored in a key container, therefore not requiring anyone to have multiple copies of the key lying around.
Lucero  2009-11-19 10:14:06

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?