Export (0) Print
Expand All
Expand Minimize

Assemblies should have valid strong names

TypeName

AssembliesShouldHaveValidStrongNames

CheckId

CA2210

Category

Microsoft.Design

Breaking Change

NonBreaking

An assembly is not signed with a strong name, the strong name could not be verified, or the strong name would not be valid without the current registry settings of the computer.

This rule retrieves and verifies the strong name of an assembly. A violation occurs if any of the following are true:

  • The assembly does not have a strong name.

  • The assembly was altered after signing.

  • The assembly is delay-signed.

  • The assembly was incorrectly signed, or signing failed.

  • The assembly requires registry settings to pass verification. For example, the Strong Name tool (Sn.exe) was used to skip verification for the assembly.

The strong name protects clients from unknowingly loading an assembly that has been tampered with. Assemblies without strong names should not be deployed outside of very limited scenarios. If you share or distribute assemblies that are not correctly signed, the assembly can be tampered with, the common language runtime might not load the assembly, or the user might have to disable verification on his or her computer. An assembly without a strong name suffers from the following drawbacks:

  • Its origins cannot be verified.

  • The common language runtime cannot warn users if the contents of the assembly have been altered.

  • It cannot be loaded into the global assembly cache.

Note that to load and analyze a delay-signed assembly, you must disable verification for the assembly.

To fix a violation of this rule, use the Strong Name tool (sn.exe) to create a key file and sign the assembly with a strong name using one of the following procedures:

Only exclude a warning from this rule if the assembly is used in an environment where tampering with the contents is not a concern.

Community Additions

ADD
Show:
© 2014 Microsoft