CA2210: Assemblies should have valid strong names
Note
This article applies to Visual Studio 2015. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here
Item | Value |
---|---|
TypeName | AssembliesShouldHaveValidStrongNames |
CheckId | CA2210 |
Category | Microsoft.Design |
Breaking Change | Non Breaking |
Cause
An assembly is not signed with a strong name, the strong name could not be verified, or the strong name would not be valid without the current registry settings of the computer.
Rule Description
This rule retrieves and verifies the strong name of an assembly. A violation occurs if any of the following are true:
The assembly does not have a strong name.
The assembly was altered after signing.
The assembly is delay-signed.
The assembly was incorrectly signed, or signing failed.
The assembly requires registry settings to pass verification. For example, the Strong Name tool (Sn.exe) was used to skip verification for the assembly.
The strong name protects clients from unknowingly loading an assembly that has been tampered with. Assemblies without strong names should not be deployed outside very limited scenarios. If you share or distribute assemblies that are not correctly signed, the assembly can be tampered with, the common language runtime might not load the assembly, or the user might have to disable verification on his or her computer. An assembly without a strong name has from the following drawbacks:
Its origins cannot be verified.
The common language runtime cannot warn users if the contents of the assembly have been altered.
It cannot be loaded into the global assembly cache.
Note that to load and analyze a delay-signed assembly, you must disable verification for the assembly.
How to Fix Violations
To create a key file
Use one of the following procedures:
Use the Assembly Linker tool (Al.exe) provided by the .NET Framework SDK.
For the .NET Framework v1.0 or v1.1, use either the System.Reflection.AssemblyKeyFileAttribute or System.Reflection.AssemblyKeyNameAttribute attribute.
For the .NET Framework 2.0, use either the
/keyfile
or/keycontainer
compiler option /KEYFILE (Specify Key or Key Pair to Sign an Assembly) or /KEYCONTAINER (Specify a Key Container to Sign an Assembly) linker option in C++).To sign your assembly with a strong name in Visual Studio
In Visual Studio, open your solution.
In Solution Explorer, right-click your project and then click Properties.
Click the Signing tab, and select the Sign the assembly check box.
From Choose a strong name key file, select New.
The Create Strong Name Key window will display.
In Key file name, type a name for your strong name key.
Choose whether to protect the key with a password, and then click OK.
In Solution Explorer, right-click your project and then click Build.
To sign your assembly with a strong name outside Visual Studio
- Use the strong name tool (Sn.exe) that is provided by the .NET Framework SDK. For more information, see Sn.exe (Strong Name Tool).
When to Suppress Warnings
Only suppress a warning from this rule if the assembly is used in an environment where tampering with the contents is not a concern.
See Also
System.Reflection.AssemblyKeyFileAttribute System.Reflection.AssemblyKeyNameAttribute How to: Sign an Assembly with a Strong Name Sn.exe (Strong Name Tool)