debugging strongly named assemblies

[Guest]

VS 2k5, .NET v2.0.50727

I'm working on a system that can use plugins via loading DLL's into an
appdomain. I'm trying to nail down security as tight as possible. To do
this, I've created a testbed with plugins that do bad things (violate code
access security, throw exceptions, etc). Part of my security requirements is
that all plugins be signed (i.e., have strong names). I'm concerned with
signing all these different plugins during the debug/testing phase. I need
to sign them to test them fully, but I don't want them in the GAC. I've
given them static version numbers, so I hopefully won't have fifteen hundred
different versions of the DLL's in the GAC. Is that enough? Are there any
other considerations when doing the edit-compile-sign-debug-repeat process?
TIA.

 

[Dmytro Lapshyn [MVP]]

Hi William,

Signing an assembly with a strong name does not require you to put the
assembly in the GAC. You can keep the plug-in assemblies in the same folder
as the main application, or in a sub-folder thereof. Giving the assemblies a
static version number is definitely a good idea. So you are all set for
debugging your testbed and the plug-ins.

What you should be concerned with is keeping your original strong name key
file secure. You can also consider delayed key signing if the company's
master strong name key is not available during your debugging process.

 

[Guest]

That answers my question. Thank you.

BTW, for the testbed, I'm not using my company's key pair. I'm hoping that
once I have this written and working, I can distribute it to any clients who
wish to develop plugins...