Recently with coworkers, we discussed the pros and cons of strong naming your assemblies. I’m currently employed at an organization that does not strong name their assemblies.
The organization has many .Net projects that depend on other internal projects. When the core team releases a new build the product teams upgrade to the latest build.
Strong naming provides version checking at compile time. If an assembly is has a dependency on version 1.5.0, the assembly will not run unless the 1.5.0 version of the assembly is present. Dropping in a different version of the assembly will cause a run-time error. This also includes the same code-base and assembly being generated with a different strong name (don’t know who would do this…).
Strong naming provides a level of confidence that your assemblies have not fallen a victim of tampering. This is achieved by creating a hash of all the code and files in the assembly. If any of the files change the hash create at compile time and run-time do not match and exception is thrown — game over for those IL hackers!
It should be noted, for a higher level of trust use a digital signature.
The biggest benefit I’ve experienced is enforcing the version integrity. Without version integrity you are left not knowing if the assembly is the correct assembly.
I can’t tell you how many times I’ve run into type mismatch issues because two version of the same dll were loaded or the assembly throws a missing method exception. These issues magically disappear with a strong name.
With all the benefits of strong naming there are downsides.
Strong named assemblies can only reference other strong named assemblies this causes issue because many third party and open source assemblies don’t strong name their assemblies. This can be resolved by strong naming the assembly. This can be achieved by either building the source and applying a strong name at compilation time or using command line tools to add a strong name.
Chasing down non strong named assemblies can turn into a yak shaving event.
It’s yet another piece of the application that must be managed.
How to Strong Name a non-strong named assembly
1. Generate a Key File
sn -k sn.snk
2. Generate the IL for an Assembly
ildasm MyAssembly.dll /out:MyAssembly.il
3. Rename the original assembly, just in case you need to revert.
ren MyAssembly.dll MyAssembly.dll.old
4. Create a new assembly with the strong name.
ilasm MyAssembly.il /dll /key=sn.snk