Home > Articles > Programming > Windows Programming

  • Print
  • + Share This
From the author of

What's In a Strong Name?

In order to allow an assembly to be shared, it must contain a strong name. In fact, assemblies compiled without a strong name (referred to as private assemblies) must be loaded from the application's directory, as discussed previously.

Simply put, a strong name is information placed into the assembly at compile time that provides name uniqueness, version compatibility, and binary integrity to the shared assembly. It does this by placing a public key token (called the originator) with a digital signature in the assembly, along with the assembly's identity information (assembly name, version number, and culture information). This information is then used by the common language runtime at binding time to make sure that the correct assembly is loaded.


Although strong names provide important benefits, the notion of trust is not among them. In other words, although an assembly with a strong name can ensure version compatibility, it cannot be used to ensure, for example, that the assembly about to be loaded came from a particular publisher. To do so, you also need to sign the assembly using an Authenticode digital signature.

Because referencing an assembly that has a strong name implies that you want to derive the benefits of strong names, assemblies that use them can reference only other strong-named assemblies. However, this rule applies only to DLL assemblies, not executables. In other words, if you create a class library assembly that relies on code in another assembly, that other assembly must also have a strong name. You'll note that all the assemblies that comprise the .NET Framework have strong names, so you can reference them in any of your applications.

To create a strong-named assembly, you can either use the Assembly Generation command-line utility (AL.exe) or the AssemblyKeyFile, AssemblyKeyName, and AssemblyDelaySign attributes in the AssemblyInfo.vb (or .cs) file in the VS .NET project.

Most often, developers will use the AssemblyKeyFile attribute, and pass it the location of the file that contains the public-private key pair like so:

<Assembly: AssemblyKeyFile("QuilogyEducation.snk")> 
<Assembly: AssemblyVersion("1.0.*")> 

This key pair can be generated using the Strong Name command-line utility (SN.exe) with the –k option. You'll also note that the AssemblyVersion attribute can be used to specify the version information, and that the asterisk denotes that the third and fourth parts of the version number will be autogenerated at compile time.

Although the technique shown here is fine for small organizations or individual development, the key pair used to sign code in a large organization is often closely guarded. In this case, developers typically have access to the public key, whereas the private key remains in the hands of only a few. In terms of generating strongly named assemblies, access to the public key during development is critical because any assemblies referencing the strongly named assembly must contain the originator. To enable development to continue, .NET also supports delayed or partial signing using the AssemblyDelaySign attribute and the Strong Name utility.


See Chapter 5 in Building Distributed Applications with Visual Basic .NET for more information.

  • + Share This
  • 🔖 Save To Your Account