Udostępnij za pośrednictwem


Strong Name Scenario

The following scenario outlines the process of signing an assembly with a strong name and later referencing it by that name.

  1. Assembly A is created with a strong name using one of the following methods:

    • Using a development environment that supports creating strong names, such as Visual Studio 2005.

    • Creating a cryptographic key pair using the Strong Name tool (Sn.exe) and assigning that key pair to the assembly using either a command-line compiler or the Assembly Linker (Al.exe). The Windows Software Development Kit (SDK) provides both Sn.exe and Al.exe.

  2. The development environment or tool signs the hash of the file containing the assembly's manifest with the developer's private key. This digital signature is stored in the portable executable (PE) file that contains Assembly A's manifest.

  3. Assembly B is a consumer of Assembly A. The reference section of Assembly B's manifest includes a token that represents Assembly A's public key. A token is a portion of the full public key and is used rather than the key itself to save space.

  4. The common language runtime verifies the strong name signature when the assembly is placed in the global assembly cache. When binding by strong name at run time, the common language runtime compares the key stored in Assembly B's manifest with the key used to generate the strong name for Assembly A. If the .NET Framework security checks pass and the bind succeeds, Assembly B has a guarantee that Assembly A's bits have not been tampered with and that these bits actually come from the developers of Assembly A.

Note

This scenario does not address trust issues. Assemblies can carry full Microsoft Authenticode signatures in addition to a strong name. Authenticode signatures include a certificate that establishes trust. It is important to note that strong names do not require code to be signed in this way. In fact, the keys used to generate the strong name signature do not have to be the same keys used to generate an Authenticode signature.

Bypassing Signature Verification of Trusted Assemblies

Starting with the .NET Framework version 3.5 Service Pack 1, strong-name signatures are not validated when an assembly is loaded into a full-trust application domain, such as the default application domain for the MyComputer zone. This is referred to as the strong-name bypass feature. In a full-trust environment, demands for StrongNameIdentityPermission always succeed for signed, full-trust assemblies, regardless of their signature. The strong-name bypass feature avoids the unnecessary overhead of strong-name signature verification of full-trust assemblies in this situation, allowing the assemblies to load faster.

The bypass feature applies to any assembly that is signed with a strong name and that has the following characteristics:

  • Fully trusted without StrongName evidence (for example, has MyComputer zone evidence).

  • Loaded into a fully trusted AppDomain.

  • Loaded from a location under the ApplicationBase property of that AppDomain.

  • Not delay-signed.

This feature can be disabled for individual applications or for a computer. See How to: Disable the Strong-Name Bypass Feature.

See Also

Reference

Strong Name Tool (Sn.exe)

Assembly Linker (Al.exe)

Other Resources

Creating and Using Strong-Named Assemblies