Skipping .NET assembly strong name validation

This is something I did not know ... you can disable strong name valildation on an assembly using the Strong Name tool.

An assembly that fails strong name validation will not load unless you disable signature verification for the assembly using the Strong Name command-line tool (sn.exe) that ships with the .NET Framework. To disable verification of an assembly, type the following at the command line:

    SN -Vr SomeAssemblyName

This permits the assembly named SomeAssemblyName to skip strong name validation. After an assembly is registered in this manner, the common language runtime will not attempt to verify the signature.

Note: Disabling verification of an assembly creates a security vulnerability.

To re-enable verification of the assembly, type the following at the command line:

    SN -Vu SomeAssemblyName

Comments (4)
  1. Prashant says:

    Can you please explain how does skipping strong names introduces security vulnerability?

  2. esseemme says:

    Prashant, simply because you might end up loading in your process an assembly that has been altered, an assembly that is not guaranteed to be the expected one.

  3. snort says:

    That is if you had an eval version of a component, and you hack it.

  4. Bipin says:

    See it work only on where sn.exe is available and for that we have installed Microsoft SDK but if client uses are application and only .net framework 4.0 installed on client PC then what will do to bypass strong assembly verification rather than install Microsoft SDK because its around 150 MB data and some client won't allowed this to install large data… please suggest me some solution.

Comments are closed.

Skip to main content