Skip to content

How to Disable Windows strong name validation

April 4, 2011

When you are testing a .Net software applicatoin, you will sometimes have to build product assemblies which is strong named assembly yourself, then do your test against them. However, the assembilies will not get loaded at all if the CLR in the test machine is unable to find corresponding public Key to verify their signature. Normally,  you will be seeing exception (System.IO.FileLoadException: Could not load file or assembly together with System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A or something like that.)
)throwing out.

There are two ways for working around this issue.

Note: Disable strong name verification will of course introduce security vulnerability, A malicious assembly could use the fully specified assembly name (assembly name, version, culture, and public key token) of the assembly added to the skip verification list to fake its identity. This would allow the malicious assembly to also skip verification.so make the decision yourself.

1. We will be using SN.exe which is shipped with Windows SDK kit, to disable the strong name verification for a certain assembly. Use -Vr option should work. (Note: -Vr , V here is upper case, options for SN.exe is case sensitive).
Example: SN -Vr AssemblyName ; on the contrary, use “SN -Vu AssemblyName” to re-enable the verification for this assembly.

2. Another way is to completely disable strong name verification by modifying some registry values. since we are talking about testing purpuse. So it would be ok for this way.

We can take a look at “HKLM\Software\Microsoft\StrongName\Verification”, while “HKLM\Software\Wow6432Node\Microsoft\StrongName\Verification” is for amd64 machines.

below is a Powershell nippet for you to use. Type this function definition in an elevated Powershell command shell, then execute this function. btw, for executing powershell script, don’t forget to set appropriate execution policy.

# Disable strong name validation
Function DisableStrongSignValidation
{
 
   reg DELETE "HKLM\Software\Microsoft\StrongName\Verification" /f
   reg ADD "HKLM\Software\Microsoft\StrongName\Verification\*,*" /f
   if ($env:PROCESSOR_ARCHITECTURE -eq "AMD64")
    {
       reg DELETE "HKLM\Software\Wow6432Node\Microsoft\StrongName\Verification" /f
       reg ADD "HKLM\Software\Wow6432Node\Microsoft\StrongName\Verification\*,*" /f
    }
    Restart-Service msiserver
}

I found an awesome post about .Net assembly strong name topic at http://www.codeguru.com/columns/experts/article.php/c4643. Thanks Brent Rector for the post :)

About these ads
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: