Private Assemblies & Strong Names??

Discussion in 'ASP .Net Security' started by Chris Mohan, Jul 13, 2004.

  1. Chris Mohan

    Chris Mohan Guest

    Hi, I've signed a private assembly with a strong name and have deployed it in a web app's bin directory. Things work fine, yet I recently read you "can't" do this:

    From: http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp
    "private assemblies... This type of assembly cannot be strong named. Strong named assemblies used by ASP.NET Web applications must be installed in the global assembly cache. This restriction is necessary because of the internal workings of the multi-application domain worker process."

    I wonder if this statement is as literal as the wording suggests or if the author is being bombastic. Could it be that the statment really means: "If you want to re-use your assembly in multiple application domains you need to sign it with a strong name and deploy it to the GAC"?

    The code in my signed assembly sends email; I'm currenlty calling the class directly, but I'd like to use declarative security in order to only allow an inputValidation class to call it directly.

    There are various reasons why I prefer not to install these assemblies in the GAC. Is installing them in the GAC really my only option if I want the assembly to have a strong name(even if I really don't need the strong name)?
    Chris Mohan, Jul 13, 2004
    #1
    1. Advertising

  2. Hi Chris,

    In a word, yes. In the current architecture of ASP.NET, strong-named
    assemblies are loaded domain neutral. That means that they are not
    unloaded until the ASP.NET worker process is unloaded. This can cause
    issues with file access because the files remain locked by the process even
    when the app domain is unloaded.

    In version 1.0 and 1.1, strong-named assemblies are retricted to the GAC
    only.

    Jim Cheshire [MSFT]
    MCP+I, MCSE, MCSD, MCDBA
    Microsoft Developer Support


    This post is provided "AS-IS" with no warranties and confers no rights.


    --------------------
    >Thread-Topic: Private Assemblies & Strong Names??
    >thread-index: AcRogC6GKCVSc+YNRg2OuCyxd+/P2Q==
    >X-WBNR-Posting-Host: 192.239.90.254
    >From: "=?Utf-8?B?Q2hyaXMgTW9oYW4=?=" <>
    >Subject: Private Assemblies & Strong Names??
    >Date: Mon, 12 Jul 2004 19:22:01 -0700
    >Lines: 10
    >Message-ID: <>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="Utf-8"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >Content-Class: urn:content-classes:message
    >Importance: normal
    >Priority: normal
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
    >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    >Xref: cpmsftngxa06.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:10758
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >Hi, I've signed a private assembly with a strong name and have deployed it

    in a web app's bin directory. Things work fine, yet I recently read you
    "can't" do this:
    >
    >From: http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp
    >"private assemblies... This type of assembly cannot be strong named.

    Strong named assemblies used by ASP.NET Web applications must be installed
    in the global assembly cache. This restriction is necessary because of the
    internal workings of the multi-application domain worker process."
    >
    >I wonder if this statement is as literal as the wording suggests or if the

    author is being bombastic. Could it be that the statment really means: "If
    you want to re-use your assembly in multiple application domains you need
    to sign it with a strong name and deploy it to the GAC"?
    >
    >The code in my signed assembly sends email; I'm currenlty calling the

    class directly, but I'd like to use declarative security in order to only
    allow an inputValidation class to call it directly.
    >
    >There are various reasons why I prefer not to install these assemblies in

    the GAC. Is installing them in the GAC really my only option if I want the
    assembly to have a strong name(even if I really don't need the strong name)?
    >
    Jim Cheshire [MSFT], Jul 13, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dmitry Bond.

    problems with strong named assemblies

    Dmitry Bond., Oct 31, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    417
    Dmitry Bond.
    Nov 1, 2005
  2. namekuseijin

    Re: "Strong typing vs. strong testing"

    namekuseijin, Sep 27, 2010, in forum: C Programming
    Replies:
    214
    Views:
    3,285
    Nick Keighley
    Oct 17, 2010
  3. namekuseijin

    Re: "Strong typing vs. strong testing"

    namekuseijin, Sep 27, 2010, in forum: Python
    Replies:
    229
    Views:
    3,388
    Gregory Ewing
    Oct 29, 2010
  4. Toby Considine

    Strong Names and Web Assemblies

    Toby Considine, Oct 16, 2003, in forum: ASP .Net Security
    Replies:
    3
    Views:
    123
    Chris Jackson
    Oct 17, 2003
  5. Greg Stangler
    Replies:
    5
    Views:
    207
    Greg Stangler
    Feb 9, 2005
Loading...

Share This Page