Using Password Protected Signing Keys in TeamBuild

As you might already know, a managed component can be uniquely identified by assembly signing. Refer here to learn details on this subject. This can be executed in TeamBuild process as well.

Yesterday, I’ve answered a query on how to use password protected signing keys in TeamBuild. Thought it would be useful for all TeamBuild users, so here are the details:

Password protected signing keys may result in the following exception:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Common.targets(1718,7): error MSB4018: The "ResolveKeySource" task failed unexpectedly.
System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
at Microsoft.Build.Shared.ExceptionHandling.RethrowUnlessFileIO(Exception e)
at Microsoft.Build.Tasks.ResolveKeySource.ResolveAssemblyKey()
at Microsoft.Build.Tasks.ResolveKeySource.Execute()
at Microsoft.Build.BuildEngine.TaskEngine.ExecuteTask(ExecutionMode howToExecuteTask, Hashtable projectItemsAvailableToTask, BuildPropertyGroup projectPropertiesAvailableToTask, Boolean& taskClassWasFound)

It is because the build tries to open a dialog to accept password information and fails since TeamBuild process runs under a service where GUI cannot be invoked.

For this to work without prompting, the key needs to be exported into a key container crypto store on the build machine under the account that performs the build. Once exported, the build will not ask for a password anymore. The crypto store will do the signing and take care to keep private key safe.

One of the quicker ways to do this:

-          Logon to the build machine using the build service account

-          Run msbuild on any project that uses this signing key. It will prompt for the password and will export the key.

-          Now start the TeamBuild full build.