Strong name validation failure on Import-Module

Question

I'm unable to import an assembly, supposedly because strong name validation is failing, though this occurs even when I register the assembly to not be checked. Can somebody spot what I'm doing wrong here?

Below is a transcript. For reference, the switches to sn.exe are:

• -v: Verify signature.

• -Vr: Register assembly for verification skipping.

  PS C:\temp> .\sn.exe -v .\my.dll

  Microsoft (R) .NET Framework Strong Name Utility Version 3.5.30729.1 Copyright (c) Microsoft Corporation. All rights reserved.

  Assembly '.\my.dll' is valid

  PS C:\temp\Cmdlets> Import-Module .\my.dll Import-Module : Could not load file or assembly 'my, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A) At line:1 char:14

  • Import-Module <<<< .\Microsoft.Rtc.Management.Core.dll
    • CategoryInfo : NotSpecified: (:) [Import-Module], FileLoadExcep tion
    • FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell .Commands.ImportModuleCommand

  PS C:\temp\Cmdlets> .\sn.exe -Vr *

  Microsoft (R) .NET Framework Strong Name Utility Version 3.5.30729.1 Copyright (c) Microsoft Corporation. All rights reserved.

  Verification entry added for assembly ','

  PS C:\temp\Cmdlets> Import-Module .\my.dll Import-Module : Could not load file or assembly 'my, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A) At line:1 char:14

  • Import-Module <<<< .\Microsoft.Rtc.Management.Core.dll
    • CategoryInfo : NotSpecified: (:) [Import-Module], FileLoadExcep tion
    • FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell .Commands.ImportModuleCommand

I should mention that I've verified via Reflector that all required dependent assemblies are present in the same directory.

Answer 1

Your assembly is probably either delay signed or test key signed, and it looks like PowerShell only allows fully-signed assemblies to be loaded (i.e. it ignores the skip verification setting). This would explain why sn.exe says the assembly has a valid strong name signature when it technically doesn't. (You can find out if the assembly actually has a valid signature, even if it's registered for verification skipping, by running sn -vf instead of sn -v).

I think the major source of your confusion stems from a mistaken assumption about how verification skipping works. Registering an assembly for verification skipping is not a guarantee that the assembly's strong name signature will never be verified. Verification skipping is specifically intended to allow delay signed and test key signed assemblies to work seamlessly in situations like these, but nothing is stopping someone (like PowerShell) from overriding it and forcing verification anyway.