如何:禁用强名称跳过功能How to: Disable the strong-name bypass feature

从 .NET Framework 3.5 版 Service Pack 1 (SP1) 开始,当程序集加载到完全信任的 AppDomain 对象(如 MyComputer 区域的默认 AppDomain)时,不会验证强名称签名。Starting with the .NET Framework version 3.5 Service Pack 1 (SP1), strong-name signatures are not validated when an assembly is loaded into a full-trust AppDomain object, such as the default AppDomain for the MyComputer zone. 这被称之为强名称跳过功能。This is referred to as the strong-name bypass feature. 在完全信任的环境中,对于已签名的完全信任的程序集,无需考虑其签名,对 StrongNameIdentityPermission 的要求总是成功。In a full-trust environment, demands for StrongNameIdentityPermission always succeed for signed, full-trust assemblies regardless of their signature. 唯一的限制是该程序集必须完全受信任,因为其区域是完全受信任的。The only restriction is that the assembly must be fully trusted because its zone is fully trusted. 因为在这些条件下,强名称不是决定性因素,所以没有理由验证强名称。Because the strong name is not a determining factor under these conditions, there is no reason for it to be validated. 跳过验证强名称签名可显著提高性能。Bypassing the validation of strong-name signatures provides significant performance improvements.

该跳过功能适用于未被延迟签名的任何完全信任程序集,以及从其 AppDomain 属性指定的目录加载到任何完全信任的 ApplicationBase 中的完全信任程序集。The bypass feature applies to any full-trust assembly that is not delay-signed and that is loaded into any full-trust AppDomain from the directory specified by its ApplicationBase property.

可通过设置注册表项值来替代计算机中所有应用程序的跳过功能。You can override the bypass feature for all applications on a computer by setting a registry key value. 可使用应用程序配置文件来替代单个应用程序的设置。You can override the setting for a single application by using an application configuration file. 如果注册表项禁用了单个应用程序的跳过功能,则无法恢复该功能。You cannot reinstate the bypass feature for a single application if it has been disabled by the registry key.

替代跳过功能后,将只验证强名称的正确性,而不检查其 StrongNameIdentityPermissionWhen you override the bypass feature, the strong name is validated only for correctness; it is not checked for a StrongNameIdentityPermission. 如果要确认某个特定的强名称,必须单独执行该检查。If you want to confirm a specific strong name, you have to perform that check separately.

重要

如下面的过程所述,是否能强制执行强名称验证取决于注册表项。The ability to force strong-name validation depends on a registry key, as described in the following procedure. 如果运行应用程序时使用的帐户没有访问该注册表项的访问控制列表 (ACL) 权限,则该设置无效。If an application is running under an account that does not have access control list (ACL) permission to access that registry key, the setting is ineffective. 必须确保配置了此注册表项的 ACL 权限,使所有程序集均可读取此项。You must ensure that ACL rights are configured for this key so that it can be read for all assemblies.

对所有应用程序禁用强名称跳过功能Disable the strong-name bypass feature for all applications

  • 在 32 位计算机上的系统注册表中,在 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework 项下创建名为 AllowStrongNameBypass,值为 0 的 DWORD 项。On 32-bit computers, in the system registry, create a DWORD entry with a value of 0 named AllowStrongNameBypass under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework key.

  • 在 64 位计算机上的系统注册表中,在 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework 和HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework 项下创建名为 AllowStrongNameBypass,值为 0 的 DWORD 项。On 64-bit computers, in the system registry, create a DWORD entry with a value of 0 named AllowStrongNameBypass under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework keys.

对单个应用程序禁用强名称跳过功能Disable the strong-name bypass feature for a single application

  1. 打开或创建应用程序配置文件。Open or create the application configuration file.

    有关此文件的详细信息,请参阅配置应用中的“应用程序配置文件”一节。For more information about this file, see the Application Configuration Files section in Configure apps.

  2. 添加以下项:Add the following entry:

    <configuration>  
      <runtime>  
        <bypassTrustedAppStrongNames enabled="false" />  
      </runtime>  
    </configuration>  
    

通过删除配置文件设置或将属性设置为 true,可以还原应用程序的跳过功能。You can restore the bypass feature for the application by removing the configuration file setting or by setting the attribute to true.

备注

只有对计算机启用了跳过功能,才能打开和关闭针对应用程序的强名称验证。You can turn strong-name validation on and off for an application only if the bypass feature is enabled for the computer. 如果对计算机关闭了跳过功能,将对所有应用程序验证强名称,并且不能对单个应用程序跳过验证。If the bypass feature has been turned off for the computer, strong names are validated for all applications and you cannot bypass validation for a single application.

请参阅See also