Visual Studio 2005 & AssemblyKeyFile Warnings

Pages

Visual Studio 2005 & AssemblyKeyFile Warnings

drohm, Sat 06/17/06 07:01 PM

I use MSBuild and CruiseControl.NET for my automated build process. Just yesterday I was debugging a problem in one of my assemblies and came across this warning message:

Use command line option '/keyfile' or appropriate project settings instead of 'AssemblyKeyFile'

I had never noticed the warning before, but looked into some of the past builds and noticed that it had always been there. After doing some research, I found out that Visual Studio 2005 now considers the use of setting the AssemblyKeyFile in the AssemblyInfo.cs file a security issue. This is due to the AssemblyKeyFile attribute being embedded within your assembly and possibly containing sensitive path information. The warning also recommended setting this information via the project settings. I use an external strong name key file for all of my assemblies. It resides outside all of my projects/solutions. When I referenced this strong name key file, VS2005 copied it into the project. This wasn't a good thing at all.

After looking into what was going on, I noticed that in the project msbuild file, there is a property called AssemblyOriginatorKeyFile. VS2005 automatically set it to reference the copied strong name key that it placed in the project. I updated this path to reference my external strong name key, saved it, and deleted the local copy of the strong name key in the project. I tested the build and it worked!

I have no idea why Microsoft designed it this way, but thankfully this method works great.

b6e4a3ec-b71e-4c2c-ac07-d51de442a2bc|0|.0

Tags:
Category: Continuous Integration | MSBuild | .NET Development

E-mail | Permalink | Comments (5) | Trackback

Comments

6. August 2006, 05:54

Keith Fernandez

That saved my bacon - thanks for that tip about the mysteriously broken AssemblyKeyFile

29. September 2006, 23:35

Corina

I try to use
OutputFile="%(VSProjects.RootDir)%(Directory)Properties\AssemblyInfo.cs"
ComVisible="false"
CLSCompliant="false"
AssemblyCompany="company name here"
AssemblyProduct="product name here"
AssemblyCopyright="© 2005-2006"
AssemblyTitle="%(Title)"
AssemblyDescription="%(Description)"
AssemblyVersion="$(Major).$(Minor).$(Build).%2A"
AssemblyOriginatorKeyFile="..\..\..\KeyPair.snk" />
but I get this error:
The "AssemblyOriginatorKeyFile" parameter is not supported by the "AssemblyInfo" task. Verify the parameter exists on the task, and it is a settable public instance property.
Can you help me please?

30. September 2006, 02:47

Douglas Rohm

Corina,
The 'AssemblyOriginatorKeyFile' needs to be placed in the project's MSBuild file. To do this, right-click on the project in Solution Explorer and choose 'Unload Project'. Then right-click on the project again and choose 'Edit .csproj'. This will open up the project's MSBuild file. Near the top in a PropertyGroup will be the AssemblyOriginatorKeyFile property. Change the value of that property to "%(VSProjects.RootDir)%(Directory)Properties\AssemblyInfo.cs". Then, remove the 'OutputFile' entry you placed in the AssemblyInfo.cs file. Also, remove the entry for AssemblyOriginatorKeyFile.

Try that.

Doug

30. September 2006, 02:49

Douglas Rohm

Corina,
Right after I posted my comment above, I realized that the value you're placing in the 'AssemblyOriginatorKeyFile' should NOT be the AssemblyInfo.cs file. It should reference your .snk file. Please update that value to the path and filename for your .snk file and then try.

Doug

30. September 2006, 15:52

Corina

I moved 'AssemblyOriginatorKeyFile' tag in a PropertyGroup in the project's MSBuild file. Now I don't get any errors but the assemblies are not signed.

Comments are closed