Private Assemblies & Strong Names??

[Chris Mohan]

Hi, I've signed a private assembly with a strong name and have deployed it in a web app's bin directory. Things work fine, yet I recently read you "can't" do this:

From: http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp
"private assemblies... This type of assembly cannot be strong named. Strong named assemblies used by ASP.NET Web applications must be installed in the global assembly cache. This restriction is necessary because of the internal workings of the multi-application domain worker process."

I wonder if this statement is as literal as the wording suggests or if the author is being bombastic. Could it be that the statment really means: "If you want to re-use your assembly in multiple application domains you need to sign it with a strong name and deploy it to the GAC"?

The code in my signed assembly sends email; I'm currenlty calling the class directly, but I'd like to use declarative security in order to only allow an inputValidation class to call it directly.

There are various reasons why I prefer not to install these assemblies in the GAC. Is installing them in the GAC really my only option if I want the assembly to have a strong name(even if I really don't need the strong name)?

 

[Jim Cheshire [MSFT]]

Hi Chris,

In a word, yes. In the current architecture of ASP.NET, strong-named
assemblies are loaded domain neutral. That means that they are not
unloaded until the ASP.NET worker process is unloaded. This can cause
issues with file access because the files remain locked by the process even
when the app domain is unloaded.

In version 1.0 and 1.1, strong-named assemblies are retricted to the GAC
only.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.


--------------------

Thread-Topic: Private Assemblies & Strong Names??
thread-index: AcRogC6GKCVSc+YNRg2OuCyxd+/P2Q==
X-WBNR-Posting-Host: 192.239.90.254
From: "=?Utf-8?B?Q2hyaXMgTW9oYW4=?=" <[email protected]>
Subject: Private Assemblies & Strong Names??
Date: Mon, 12 Jul 2004 19:22:01 -0700
Lines: 10
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:10758
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi, I've signed a private assembly with a strong name and have deployed it

in a web app's bin directory. Things work fine, yet I recently read you
"can't" do this:

From: http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp
"private assemblies... This type of assembly cannot be strong named.

Strong named assemblies used by ASP.NET Web applications must be installed
in the global assembly cache. This restriction is necessary because of the
internal workings of the multi-application domain worker process."

I wonder if this statement is as literal as the wording suggests or if the

author is being bombastic. Could it be that the statment really means: "If
you want to re-use your assembly in multiple application domains you need
to sign it with a strong name and deploy it to the GAC"?

The code in my signed assembly sends email; I'm currenlty calling the

class directly, but I'd like to use declarative security in order to only
allow an inputValidation class to call it directly.

There are various reasons why I prefer not to install these assemblies in

the GAC. Is installing them in the GAC really my only option if I want the
assembly to have a strong name(even if I really don't need the strong name)?