Skip to content
Tags

, ,

How to Disable Windows strong name validation

April 4, 2011

When you are testing a .Net software applicatoin, you will sometimes have to build product assemblies which is strong named assembly yourself, then do your test against them. However, the assembilies will not get loaded at all if the CLR in the test machine is unable to find corresponding public Key to verify their signature. Normally,  you will be seeing exception (System.IO.FileLoadException: Could not load file or assembly together with System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A or something like that.)
)throwing out.

There are two ways for working around this issue.

Note: Disable strong name verification will of course introduce security vulnerability, A malicious assembly could use the fully specified assembly name (assembly name, version, culture, and public key token) of the assembly added to the skip verification list to fake its identity. This would allow the malicious assembly to also skip verification.so make the decision yourself.

1. We will be using SN.exe which is shipped with Windows SDK kit, to disable the strong name verification for a certain assembly. Use -Vr option should work. (Note: -Vr , V here is upper case, options for SN.exe is case sensitive).
Example: SN -Vr AssemblyName ; on the contrary, use “SN -Vu AssemblyName” to re-enable the verification for this assembly.

2. Another way is to completely disable strong name verification by modifying some registry values. since we are talking about testing purpuse. So it would be ok for this way.

We can take a look at “HKLM\Software\Microsoft\StrongName\Verification”, while “HKLM\Software\Wow6432Node\Microsoft\StrongName\Verification” is for amd64 machines.

below is a Powershell nippet for you to use. Type this function definition in an elevated Powershell command shell, then execute this function. btw, for executing powershell script, don’t forget to set appropriate execution policy.

# Disable strong name validation
Function DisableStrongSignValidation
{
 
   reg DELETE "HKLM\Software\Microsoft\StrongName\Verification" /f
   reg ADD "HKLM\Software\Microsoft\StrongName\Verification\*,*" /f
   if ($env:PROCESSOR_ARCHITECTURE -eq "AMD64")
    {
       reg DELETE "HKLM\Software\Wow6432Node\Microsoft\StrongName\Verification" /f
       reg ADD "HKLM\Software\Wow6432Node\Microsoft\StrongName\Verification\*,*" /f
    }
    Restart-Service msiserver
}

I found an awesome post about .Net assembly strong name topic at http://www.codeguru.com/columns/experts/article.php/c4643. Thanks Brent Rector for the post 🙂

From → Assembly, powershell, testing

Leave a Comment

Leave a comment

«
»