Strong Naming Enterprise Library Assemblies

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
The latest Enterprise Library information can be found at the Enterprise Library site.

If you build the Enterprise Library, you may want to strong name the assemblies. A strong name consists of the assembly's identity—its simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. It is generated from an assembly file (the file that contains the assembly manifest, which in turn contains the names and hashes of all the files that make up the assembly), using the corresponding private key. Signing an assembly with a strong name ensures that its name is globally unique. Assemblies with the same strong name are expected to be identical.

For example, if you intend to share the Enterprise Library assemblies among several applications, you can install them into the global assembly cache. Each assembly in the global assembly cache must have a globally unique name. You can use a strong name to ensure this. Even if you only use the assemblies within a single application, you can strong name the assemblies to ensure that your application uses the correct version of the assemblies.

Strong names satisfy the following requirements:

• Strong names guarantee name uniqueness by relying on unique key pairs. No one can generate the same assembly name that you can because an assembly generated with one private key has a different name than an assembly generated with another private key.
• Strong names protect the version lineage of an assembly. A strong name can ensure that no one can produce a subsequent version of your assembly. Users can be sure that a version of the assembly they are loading comes from the same publisher that created the version the application was built with.
• Strong names provide a strong integrity check. Passing the .NET Framework security checks guarantees that the contents of the assembly have not been changed since it was built. However, note that strong names in and of themselves do not imply a level of trust such as the level provided—for example, by a digital signature and supporting certificate.

For information about deploying assemblies into the global assembly cache, see Working with Assemblies and the Global Assembly Cache.

Using the Strong-Naming Guidance Package

Because of the large number of projects and the inclusion of the [InternalsVisibleTo] attribute that gives the unit test assemblies access to the application block assemblies' internal types and members, strong-naming the Enterprise Library assemblies can be a difficult and time-consuming task. This release of Enterprise Library includes pre-compiled, strong-named assemblies, but you may still want to strong-name the assemblies yourself if you plan to customize the source code.

This release of Enterprise Library includes a strong-naming guidance package that is integrated with Visual Studio. It automates the process of strong-naming collections of projects, and it also modifies any [InternalsVisibleTo] attributes to include a public key. This guidance package is particularly useful for the Enterprise Library, but it can also be used with other .NET Framework solutions.

The guidance package contains the following two recipes:

• Create a Strong-Name Key Pair File. This recipe creates a public/private key pair. Use this recipe first if you do not already have a key pair file you want to use to sign the assemblies. You can select this recipe from either the solution folder or from a project folder.
• Strong-Name All Projects in This Solution or Solution Folder. This recipe uses a key pair to strong name either the entire solution or a project in the solution. If you select the recipe from the solution root, all the projects in the solution are strong-named. You can also select which project(s) you want to strong name by selecting the particular project(s).

To use the strong-naming guidance package

1. Open Visual Studio.
2. Open the solution that contains the projects you want to strong name.
3. On the Tools menu, click Guidance Package Manager.
4. In the Guidance Package Manager dialog box, click Enable/Disable Packages.
5. In the Enable and Disable Packages dialog box, select the packages you want to enable.
6. Click OK.
7. In the Guidance Package Manager dialog box, click Close.

To create a key pair file

1. Right-click a project folder.
2. Click Create a new strong-name key pair file.
3. In the Create Key Pair for Strong Naming dialog box, enter the name of the key pair file.
4. Click Finish.

After you have the key pair file, you can strong name a project within the solution.

To strong-name a project

1. Right-click on a project.
2. Click Strong-name all projects in this solution or solution folder.
3. In the Strong-Name Projects in Solution dialog box, either enter the name of the key pair file or navigate to it and select it.
4. If you want the guidance package to automatically update the [InternalsVisibleTo] attribute with the public key, select Update InternalsVisibleTo.
5. Click Finish.

Using Visual Studio to Strong Name Enterprise Library Assemblies

If you do not want to use the Strong-Naming Guidance Package, you can strong-name the Enterprise Library assemblies with Visual Studio. To sign an assembly with a strong name, you must have a public/private key pair. This public and private cryptographic key pair is used during compilation to create a strong-named assembly. If many developers are using the Enterprise Library, they should all use the same strong-named assembly. This means that everyone should use a single key pair to sign the assemblies. This key pair should be securely stored.

The first procedure describes how to create a key pair. (You can also use an existing key pair. If you have an existing key pair, you can skip this procedure.) The second procedure describes how to extract and display the public key. The third procedure describes how to assign the public key to an assembly. The last procedure describes how to update the InternalsVisibleTo attribute.

To create a key pair

1. At the Visual Studio command prompt, go to the directory that will hold the key pair.

2. To create a key pair, type sn –k keyfile.snk.

   Note

   You can also use the CreateStrongName dialog box in Visual Studio 2005 to create a key pair. To access this dialog box, select a project node in Solution Explorer. On the Project menu, click Properties. When the Project Designer appears, click the Signing tab. On the Signing page, select Signtheassembly, and then click New in the Choose a strong name key file drop-down list box.

You must extract the public key from the key pair (the public key is required for updating the InternalsVisibleTo attribute). The following procedure shows how to extract and display the public key.

To extract and display the public key

1. At the command prompt, type sn –p keyfile.snk publickey.pk to extract the public key from the key pair.
2. Type sn –tp publickey.pk to display the public key in hexadecimal. Keep the Configuration Console window open (or copy the output to a text file).

The next procedure describes how to assign the key to the Enterprise Library assemblies. Open the EnterpriseLibrary.VSTS.sln or EnterpriseLibrary.NUnit.sln solution file. (This depends on which edition of Visual Studio you have installed.) Follow these steps for each project, including the unit tests and design projects.

To assign the public key to a project assembly

1. In Visual Studio, select the project node in Solution Explorer. On the Project menu, click Properties (or right-click the project node in Solution Explorer, and then click Properties).
2. In the Project Designer, click the Signing tab.
3. Select the Sign the assembly check box.
4. In the Choose a strong name key file drop-down list box, click Browse.
5. In the Select File dialog box, navigate to the key file you created or enter its path in the File name box. Click Open to select it.
6. Close the Properties window and save the changes.

The application block unit tests are in assemblies that are separate from the application block assemblies. To give the unit test assemblies access to the application block assemblies' internal types and members, the application blocks use the InternalsVisibleToAttribute attribute. You must update this attribute to include the public key of the strong-named assemblies.

To update the InternalsVisibleTo attribute

1. In Visual Studio, point to FindandReplace on the Edit menu, and then click FindinFiles.

2. Search the entire solution for the InternalsVisibleTo attribute.

3. For each occurrence of the InternalsVisibleTo attribute, follow these steps:

4. Copy the full public key (not the token) that you extracted from the key pair.

5. Add the public key to the attribute, as shown in the following example.

   [assembly: InternalsVisibleTo("Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Tests,PublicKey=00240000048000009400000006020000002400005253413100040000010001008B3B735C2738A3A3518083C40A3AF8518DBA6D299F0DB7883A9BE2BFF1343B72A65A04EE8DEACF3A2A5B240126C1E803D14FEEDAC508DE566251756E0EAD6323D1C2B121B24904FEE55086CF1ACBD1146194603421DC0E13D9DC486422180ED756CCDADF31C0B7E4F58FAC82C867F26D8D886A45FF503D7B62BCB24A160C64F8")]
   

   Note

   The public key must be entered on a single line. When you copy it from the command prompt window, it is on multiple lines (as shown in this example). Place it on a single line when you update the InternalsVisibleTo attribute.

6. Save each file you changed.

7. Rebuild the entire solution.

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
The latest Enterprise Library information can be found at the Enterprise Library site.