(B)Where is version information stored of a assembly ?
Version information is stored in assembly in manifest.
(I)Is versioning applicable to private assemblies?
Versioning concept is only applicable to global assembly cache (GAC) as private assembly lie in
there individual folders.
(B) What is GAC ? Twist :- What are situations when you register .NET assembly in GAC ?
GAC (Global Assembly Cache) is used where shared .NET assembly reside.GAC is used in the
following situations :-
√ If the application has to be shared among several application.
√ If the assembly has some special security requirements like only administrators
can remove the assembly.If the assembly is private then a simple delete of
assembly the assembly file will remove the assembly.
Note :- Registering .NET assembly in GAC can lead to the old problem of DLL hell.
Where COM version was stored in central registry.So GAC should be used when
absolutely necessary.
(I) What is concept of strong names ? Twist :- How do we generate strong names or what is the process of generating strong names, What is use of SN.EXE , How do we apply strong names to assembly ? , How do you
sign an assembly ?
Strong name is similar to GUID(It is supposed to be unique in space and time) in COM
components.Strong Name is only needed when we need to deploy assembly in GAC. Strong
Names helps GAC to differentiate between two versions.Strong names use public key cryptography
(PKC) to ensure that no one can spoof it.PKC use public key and private key concept.
Following are the step to generate a strong name and sign a assembly :-
√ Go to “Visual Studio Command Prompt"
√ After you are in command prompt type sn.exe -k “c:\test.snk”.
√ After generation of the file you can view the SNK file in a simple notepad.
√ After the SNK file is generated its time to sign the project with this SNK file.
√ Click on project properties and the browse the SNK file to the respective
folder and compile the project.
(I)How to add and remove a assembly from GAC?
There are two ways to install .NET assembly in GAC:-
√ Using Microsoft Installer Package.You can get download of installer from
http://www.microsoft.com.
√ Using Gacutil. Goto “Visual Studio Command Prompt” and type “gacutil –i
(assembly_name)”.Where (assembly_name) is the DLL name of the project.
(B) What is Delay signing ?
During development process you will need strong name keys to be exposed to developer which
will is not a good practice from security aspect point of view.In such situations you can assign the
key later on and during development you an use delay signing
Following is process to delay sign a assembly:
√ First obtain your string name keys using SN.EXE.
√ Annotate the source code for the assembly with two custom attributes from
System.Reflection: AssemblyKeyFileAttribute, which passes the name of the file
containing the public key as a parameter to its constructor. AssemblyDelaySignAttribute,
which indicates that delay signing is being used by passing true as a parameter to its
constructor. For example as shown below:
The compiler inserts the public key into the assembly manifest and reserves space in the PE file for
the full strong name signature. The real public key must be stored while the assembly is built so
that other assemblies that reference this assembly can obtain the key to store in their own assembly
reference.
√ Because the assembly does not have a valid strong name signature, the verification of
that signature must be turned off. You can do this by using the –Vr option with the
Strong Name tool.The following example turns off verification for an assembly called
myAssembly.dll.
Sn –Vr myAssembly.dll
√ Just before shipping, you submit the assembly to your organization's signing authority
for the actual strong name signing using the –R option with the Strong Name tool.The
following example signs an assembly called myAssembly.dll with a strong name using
the sgKey.snk key pair.
Sn -R myAssembly.dll sgKey.snk
