Strong Naming the Enterprise Library Assemblies

Microsoft Enterprise Library 5.0

DropDown image DropDownHover image Collapse image Expand image CollapseAll image ExpandAll image Copy image CopyHover image

If you build Enterprise Library from the source code, you may decide to apply strong naming to the assemblies. A strong name consists of the assembly's identity—the simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. The strong name is generated from an assembly file (the file that contains the assembly manifest, which in turn contains the names and hashes of all the files that make up the assembly), using the corresponding private key. Signing an assembly with a strong name ensures that its name is globally unique. Assemblies with the same strong name are expected to be identical.

For example, if you intend to share the Enterprise Library assemblies among several applications, you can install them into the global assembly cache. Each assembly in the GAC must have a globally unique name. You can use a strong name to ensure this. Even if you use the assemblies within only a single application, you can strong name them to ensure that your application uses their correct versions.

Strong names satisfy the following requirements:

  • Strong names guarantee name uniqueness by relying on unique key pairs. No one can generate the same assembly name that you can because an assembly generated with one private key has a different name than an assembly generated with another private key.
  • Strong names protect the version lineage of an assembly. A strong name can ensure that no one can produce a subsequent version of your assembly. Users can be sure that a version of the assembly they are loading comes from the same publisher that created the version originally provided with the application.
  • Strong names provide a strong integrity check. Passing the .NET Framework security checks guarantees that the contents of the assembly have not been changed since it was built. However, note that strong names alone do not imply a level of trust such as that provided by, for example, a digital signature and supporting certificate.

For information about deploying assemblies into the global assembly cache, see Working with Assemblies and the Global Assembly Cache.

Using Visual Studio to Strong Name Enterprise Library Assemblies

You can strong-name the Enterprise Library assemblies with Visual Studio. To sign an assembly with a strong name, you must have a public/private key pair. This public and private cryptographic key pair is used during compilation to create a strong-named assembly. If many developers are using the Enterprise Library, they should all use the same strong-named assembly. This means that everyone should use a single key pair to sign the assemblies.

The first procedure describes how to create a key pair. (You can also use an existing key pair. If you have an existing key pair, you can skip this procedure.) The second procedure describes how to assign the public key to an assembly.

To create a key pair

  1. At the Visual Studio command prompt, go to the directory that will hold the key pair.
  2. To create a key pair, type sn –k keyfile.snk.

You can also use the CreateStrongName dialog box in Visual Studio to create a key pair. To access this dialog box, select a project node in Solution Explorer. On the Project menu, click Properties. When the Project Designer appears, click the Signing tab. On the Signing page, select Sign the assembly, and then click New in the Choose a strong name key file drop-down list box.

The next procedure describes how to assign the key to the Enterprise Library assemblies. Open the EnterpriseLibrary.sln solution file and add any of the optional projects you require such as the Security.Azman project. Follow these steps for each project, including the design projects. You may consider using a batch editor, such as that in Visual Studio, to update each project as they are defined in XML files.

To assign the public key to a project assembly

  1. In Visual Studio, select the node in Solution Explorer for the project that creates the assembly you want to strong name. On the Project menu, click Properties (or right-click the project node in Solution Explorer, and then click Properties).
  2. In the Project Designer, click the Signing tab.
  3. Select the Sign the assembly check box.
  4. In the Choose a strong name key file drop-down list box, click Browse.
  5. In the Select File dialog box, navigate to the key file you created or enter its path in the File name box. Click Open to select it.
  6. Close the Properties window and save the changes.