Assemblies should have valid strong names

MSDN Home

MSDN
MSDN Library
Development Tools and Language ...
Visual Studio 2005
Visual Studio Team System
Team Edition for Developers
Writing Quality Code
Detecting and Correcting Manag ...
Code Analysis for Managed Code ...
Design Warnings

Design Warnings

Abstract types should not have ...
Assemblies should have valid s ...
Avoid empty interfaces
Avoid excessive parameters on ...
Avoid namespaces with few type ...
Avoid out parameters
Collections should implement g ...
Consider passing base types as ...
Declare event handlers correct ...
Declare types in namespaces
Default parameters should not ...
Define accessors for attribute ...
Do not catch general exception ...
Do not declare protected membe ...
Do not declare static members ...
Do not declare virtual members ...
Do not declare visible instanc ...
Do not expose generic lists
Do not hide base class methods
Do not nest generic types in m ...
Do not overload operator equal ...
Do not pass types by reference
Enum Storage should be Int32
Enumerators should be strongly ...
Enums should have zero value
Exceptions should be public
Generic methods should provide ...
ICollection implementations ha ...
Implement IDisposable Correctl ...
Implement standard exception c ...
Indexers should not be multidi ...
Interface methods should be ca ...
Lists are strongly typed
Mark assemblies with assembly ...
Mark assemblies with CLSCompli ...
Mark assemblies with ComVisibl ...
Mark attributes with Attribute ...
Mark enums with FlagsAttribute
Members should not expose cert ...
Move pinvokes to native method ...
Nested types should not be vis ...
Override methods on comparable ...
Override operator equals on ov ...
Properties should not be write ...
Provide ObsoleteAttribute mess ...
Replace repetitive arguments w ...
Static holder types should be ...
Static holder types should not ...
String uri overloads call syst ...
Types should not extend certai ...
Types that own disposable fiel ...
Types that own native resource ...
Uri parameters should not be s ...
Uri properties should not be s ...
Uri return values should not b ...
Use events where appropriate
Use generic event handler inst ...
Use generics where appropriate
Use integral or string argumen ...
Use properties where appropria ...
Validate arguments of public m ...

Switch View :

Classic

Lightweight Beta

ScriptFree

Feedback

Visual Studio Team System

Assemblies should have valid strong names

TypeName	AssembliesShouldHaveValidStrongNames
CheckId	CA2210
Category	Microsoft.Design
Breaking Change	NonBreaking

Cause

An assembly is not signed with a strong name, the strong name could not be verified, or the strong name would not be valid without the current registry settings of the computer.

Rule Description

This rule retrieves and verifies the strong name of an assembly. A violation occurs if any of the following are true:

The assembly does not have a strong name.
The assembly was altered after signing.
The assembly is delay-signed.
The assembly was incorrectly signed, or signing failed.
The assembly requires registry settings to pass verification. For example, the Strong Name tool (Sn.exe) was used to skip verification for the assembly.

The strong name protects clients from unknowingly loading an assembly that has been tampered with. Assemblies without strong names should not be deployed outside of very limited scenarios. If you share or distribute assemblies that are not correctly signed, the assembly can be tampered with, the common language runtime might not load the assembly, or the user might have to disable verification on his or her computer. An assembly without a strong name suffers from the following drawbacks:

Its origins cannot be verified.
The common language runtime cannot warn users if the contents of the assembly have been altered.
It cannot be loaded into the global assembly cache.

Note that to load and analyze a delay-signed assembly, you must disable verification for the assembly.

How to Fix Violations

To fix a violation of this rule, use the Strong Name tool (sn.exe) to create a key file and sign the assembly with a strong name using one of the following procedures:

Use the Assembly Linker tool (Al.exe) provided by the .NET Framework SDK.
For the .NET Framework v1.0 or v1.1, use either the System.Reflection.AssemblyKeyFileAttribute or System.Reflection.AssemblyKeyNameAttribute attribute.
For the .NET Framework 2.0, use either the /keyfile or /keycontainer compiler option /KEYFILE (Specify Key or Key Pair to Sign an Assembly) or /KEYCONTAINER (Specify a Key Container to Sign an Assembly) linker option in C++).

When to Exclude Warnings

Only exclude a warning from this rule if the assembly is used in an environment where tampering with the contents is not a concern.

Tasks

How to: Sign an Assembly with a Strong Name

Reference

Strong Name Tool (Sn.exe)
System.Reflection.AssemblyKeyFileAttribute
System.Reflection.AssemblyKeyNameAttribute

Tags :

Community Content

dNetGuru

How to quickly sign your assembly.

To sign your assembly with a strong name, do the following:

In Visual Studio 2005, open your solution.
In Solution Explorer, right-click your project and choose Properties
In the Project properties, choose the the Signing tab and check the Sign the assembly checkbox
Drop the Choose a strong name key file combo and choose New
In the Create Strong Name Key window and enter a name for your strong name key in the Key file name textbox
Choose whether to protect the key with a password and click OK
Under the Build menu, choose Build [projectname]

Note : You can also use a key file from your storage, to do so in the 4th step choose Browse and select the preferred Key file from the storage attached to your computer, then skip to the last step

That's it!

Tags :