views:

314

answers:

5

I have a website that uses AjaxControlToolkit.dll and Log4Net.dll; When I try to run the performance profiling tool in VS 2010 on it it gives me the following warnings "AjaxControlToolkit.dll is signed and instrumenting it will invalidate its signature. If you proceed without a post-instrument event to re-sign the binary it may not load correctly". Now, if I choose the option to continue without re-signing the profiling starts but the assembly doesn't load and gives an ASP.NET exception.

A: 

The profiler probably changes the assembly and because it was previously signed. Apparently you need to add a post-instrument action that re-signs the assembly.

This could be a problem because you do not have the sn file that was used to sign the 3rd party assemblies.

Dror Helper
+1  A: 

The answer is described here. You have to use a post-instrument event on each signed assembly.

I could not manage to make it work "as is" with my installation of VS 2010. I had to call this command line as a post-build event on each dll :

"C:\Program Files\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"   & sn -Ra [pathOfDll] [pathOfSNK]

Note that [pathOfDll] is located in the directory bin\obj associated to the project.

ghusse
+1  A: 

Or call directly:

"C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\sn.exe" -R [pathOfDll] [pathOfSNK]
Vince
A: 

Note that the [PathofDLL] (per Vince & ghusse answers) will be located in the obj project folder, not the bin folder.

Mark
A: 

If you're doing this on a development machine, you can disable strong name verification altogether with sn -Vr *. If you do this, you don't have to resign anything. This approach can be a security risk, but if you are comfortable with it, it's easier than resigning.

Specifically, from MSDN, it says:

Registers assembly for verification skipping. Optionally, you can specify a comma-separated list of user names. If you specify infile, verification remains enabled, but the public key in infile is used in verification operations. Assembly can be specified in the form *, strongname to register all assemblies with the specified strong name. Strongname should be specified as the string of hexadecimal digits representing the tokenized form of the public key. See the -t and -T options to display the public key token.

And the security risk:

Caution: Use this option only during development. Adding an assembly to the skip verification list creates a security vulnerability. A malicious assembly could use the fully specified assembly name (assembly name, version, culture, and public key token) of the assembly added to the skip verification list to fake its identity. This would allow the malicious assembly to also skip verification.

Chris Schmich