Skipping .NET assembly strong name validation
This is something I did not know ... you can disable strong name valildation on an assembly using the Strong Name tool.
An assembly that fails strong name validation will not load unless you disable signature verification for the assembly using the Strong Name command-line tool (sn.exe) that ships with the .NET Framework. To disable verification of an assembly, type the following at the command line:
SN -Vr SomeAssemblyName
This permits the assembly named SomeAssemblyName to skip strong name validation. After an assembly is registered in this manner, the common language runtime will not attempt to verify the signature.
Note: Disabling verification of an assembly creates a security vulnerability.
To re-enable verification of the assembly, type the following at the command line:
SN -Vu SomeAssemblyName
Comments
Anonymous
February 06, 2008
Can you please explain how does skipping strong names introduces security vulnerability?Anonymous
February 07, 2008
Prashant, simply because you might end up loading in your process an assembly that has been altered, an assembly that is not guaranteed to be the expected one.Anonymous
October 28, 2009
The comment has been removedAnonymous
February 07, 2013
See it work only on where sn.exe is available and for that we have installed Microsoft SDK but if client uses are application and only .net framework 4.0 installed on client PC then what will do to bypass strong assembly verification rather than install Microsoft SDK because its around 150 MB data and some client won't allowed this to install large data... please suggest me some solution.