Does strong naming require deployment in GAC?

  • Thread starter Thread starter Bruce Wood
  • Start date Start date
B

Bruce Wood

I still haven't gotten through the .NET Framework Security tome on my
desk. Maybe the folks here can answer a burning question.

I want to use strong naming at our organization as a security measure:
we could then indicate that any assemblies we signed are fully trusted,
and so deploy centrally rather than having to deploy on each server.

However, we still want to deploy by copying each app to a separate
deployment directory, rather than using the GAC. Can we do that? Or
does strong naming mean that we have to deploy to the GAC?
 
Installing an assembly to the GAC requires that it be strong named.
However, every strong named assembly need not be installed to the GAC.
Hope that clears your doubt.

Regards,
Sarin.
 
I know that in order to put an assembly into the GAC, it must be
strongly named.

What I was asking was whether a strongly named assembly must be put
into the GAC, or whether it can be put in a directory and loaded from
there.

Sarin answered my question.
 
Bruce Wood said:
I still haven't gotten through the .NET Framework Security tome on my
desk. Maybe the folks here can answer a burning question.

I want to use strong naming at our organization as a security measure:
we could then indicate that any assemblies we signed are fully trusted,
and so deploy centrally rather than having to deploy on each server.

However, we still want to deploy by copying each app to a separate
deployment directory, rather than using the GAC. Can we do that? Or
does strong naming mean that we have to deploy to the GAC?
Click to expand...

We've seen very odd behavior from strong-named assemblies in virtual
directories, run from ASP.NET, that are not in the GAC. This is in .NET
1.1, on Windows XP. Some sort of non-thread-safe initialization seems to go
on, which leads to weird, unreprodcible failures (things like
NullReferenceExceptions in parts of the code that logically can't have null
references.) When we build the assemblies the same way but don't
strong-name them, the problems go away. It's very weird.

We've worked around it by building two sets of assemblies, strong-named ones
to be installed in the GAC for production builds, and non-strong-named ones
to be copied directly into virtual directories for developer builds.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Anybody use Strong Name Signing? 7
Rebuilding a GAC Strong Name assembly DLL 1
Requires stdole Version 7.0.33 be installed in GAC ClickOnce deployment 1
Deployment problems 2
Common Files...vs GAC 3
Assembly.LoadXXX methods and GAC 3
Deployment / Security / Strong Names 1
Binary serialization + strongly named assemblies + GAC problem 5

Back
Top