locked
keyfile instead of AssemblyKeyFile

    Question

  • Help.

    I have the following in my AssemblyInfo.cs file:

    [assembly: AssemblyKeyFile("mypubprivkey.snk")]

     

    Every time I Run a Code Analysis -- Build/Run Code Analysis on my project it produces a warning:

    Warning 1 Use command line option '/keyfile' or appropriate project settings instead of 'AssemblyKeyFile'

     

    How do I resolve this warning? I've tried several examples that I found online but get the same error or different errors.

    Any ideas?

    Thanks.

    Wednesday, January 03, 2007 2:00 PM

Answers

  • Hi

    I had never noticed the warning before, but looked into some of the past builds and noticed that it had always been there.  After doing some research, I found out that Visual Studio 2005 now considers the use of setting the AssemblyKeyFile in the AssemblyInfo.cs file a security issue.  This is due to the AssemblyKeyFile attribute being embedded within your assembly and possibly containing sensitive path information.  The warning also recommended setting this information via the project settings.  I use an external strong name key file for all of my assemblies.  It resides outside all of my projects/solutions.  When I referenced this strong name key file, VS2005 copied it into the project.  This wasn't a good thing at all.

    http://dougrohm.com/cs/archive/2006/06/18/169.aspx

     

    and the solution

    http://davidkean.net/archive/2005/08/25/1162.aspx

     

    Hope this helps you out, please close the thread if it does :)

    Wednesday, January 03, 2007 7:07 PM

All replies

  • If you are using Visual Studio 2005, you can use Project Settings (right click project name in solution explorer) to sign the assembly.
    Wednesday, January 03, 2007 2:12 PM
  • I did just that and still get the error.
    Wednesday, January 03, 2007 2:54 PM
  • This warning is not a Code Analysis warning, it is issue by the compiler so I'm moving this to C# language forum.
    Wednesday, January 03, 2007 5:58 PM
  • that's fine; any ideas why the error occurs?
    Wednesday, January 03, 2007 6:27 PM
  • Hi

    I had never noticed the warning before, but looked into some of the past builds and noticed that it had always been there.  After doing some research, I found out that Visual Studio 2005 now considers the use of setting the AssemblyKeyFile in the AssemblyInfo.cs file a security issue.  This is due to the AssemblyKeyFile attribute being embedded within your assembly and possibly containing sensitive path information.  The warning also recommended setting this information via the project settings.  I use an external strong name key file for all of my assemblies.  It resides outside all of my projects/solutions.  When I referenced this strong name key file, VS2005 copied it into the project.  This wasn't a good thing at all.

    http://dougrohm.com/cs/archive/2006/06/18/169.aspx

     

    and the solution

    http://davidkean.net/archive/2005/08/25/1162.aspx

     

    Hope this helps you out, please close the thread if it does :)

    Wednesday, January 03, 2007 7:07 PM
  •  

    I ran into the same problem - my solution consists of several projects, and they all use the same .snk file that is used by many solutions in our company. I do not want Visual Studio 2005 to copy the file, and I also do not like to get warnings...

     

    What I did is:

    1. delete the AssemblyKeyFile entry from AssemblyInfo.cs of the projects.

    2. In each project, I added the .snk file as a link (Add existing item -> choose the file -> click the small triangle near "Add" and choose "Add as link"

    3. In the project settings - signing: I choose the .snk file in its physical location.

     

    This way, Visual Studio uses the same file, but does nto copy it locally.

    • Proposed as answer by Frank Hileman Friday, July 02, 2010 5:35 PM
    Monday, May 12, 2008 6:16 AM