How to: Sign Assemblies for Precompiled Web Sites
You can digitally sign the assemblies produced by the ASP.NET Compilation Tool (Aspnet_compiler.exe) to help improve the security of your Web application. Signing an assembly with a strong name makes it more difficult for attackers to introduce malicious code into your application. For more information about the benefits of using signed assemblies, see Strong-Named Assemblies.
Whenever you sign an assembly with either the -keyfile or -keycontainer switch, you must also specify that the AllowPartiallyTrustedCallersAttribute attribute be applied to the assembly by using the -aptca switch. If you do not specify the -aptca switch, your assembly cannot be called by the ASP.NET process, and Aspnet_compiler.exe throws an exception.
The procedure in this topic uses a strong-named key pair and the switches and parameters of Aspnet_compiler.exe. For more information about this tool, see ASP.NET Compilation Tool (Aspnet_compiler.exe). For more information about strong-named keys, see Creating and Using Strong-Named Assemblies.
For more information about precompilation, see How to: Precompile ASP.NET Web Sites.
To sign assemblies for a precompiled Web site
Create a strong-named key pair or key container. For more information about creating a strong-named key, see How to: Create a Public/Private Key Pair.
Open a command window and navigate to the folder containing the .NET Framework.
The .NET Framework is installed in the following location.
%windir%\Microsoft.NET\Framework\version
Run the aspnet_compiler command by typing the following at a command prompt.
aspnet_compiler -v virtualPath targetPath -keyfile keyFile.snk -aptca
The virtualPath parameter indicates the Internet Information Services (IIS) virtual path of your Web site; the targetPath parameter indicates a physical path to the directory for the compiled Web site; and keyFile.snk indicates the name of the key file.
If you are using a key container, type the following at a command prompt.
aspnet_compiler -v virtualPath targetPath -keycontainer keyContainer.snk -atpca
If your Web site is not an IIS application, and therefore has no entry in the IIS metabase, type the following at a command prompt.
aspnet_compiler -p physicalOrRelativePath -v / targetPath -keyfile keyFile.snk -aptca
In this case, the physicalOrRelativePath parameter refers to the fully qualified directory path in which the Web site files are located, or a path relative to the current directory. The period (.) operator is allowed in the physicalOrRelativePath parameter. The -v switch specifies a root that the compiler will use to resolve application-root references (for example, with the tilde (~) operator). When you specify the value of / for the -v switch, the compiler will resolve the paths using the physical path as the root.
If you are using a key container, type the following at a command prompt.
aspnet_compiler -p physicalOrRelativePath -v / targetPath -keycontainer keyContainer.snk -aptca
The targetPath parameter is a physical path to the destination directory.
See Also
Tasks
How to: Precompile ASP.NET Web Sites