Most applications in .NET do not need to be strong named. Strong names can also introduce pain because they end up requiring binding redirects. Because of this, many OSS libraries do not strong name their assemblies.
Strong named assemblies that reference assemblies that aren't strong named are rejected by the .NET Framework (desktop app only restriction). So if for whatever reason you actually do need to strong name your project, you couldn't easily consume open source packages.
Strong Namer is a NuGet package which aims to change this. Simply install the StrongNamer NuGet package, and it will transparently and automatically sign the assemblies you reference as part of the build process.
Here's how to try Strong Namer out for yourself:
- Create a new Console application
- Add a strong name to the application
- Go to the Signing tab of the project properties
- Check "Sign the assembly"
- In the key file dropdown, choose <New...>
- Choose a key file name (ie "key.snk"), uncheck the password option, and click OK
- Add a reference to the Octokit NuGet package
- Replace Program class with the following code:
using Octokit;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
class Program
{
static void Main(string[] args)
{
MainAsyncWithErrorHandling().Wait();
}
static async Task MainAsyncWithErrorHandling()
{
try
{
await MainAsync();
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
static async Task MainAsync()
{
var github = new GitHubClient(new ProductHeaderValue("MyAmazingApp"));
var user = await github.User.Get("half-ogre");
Console.WriteLine(user.Followers + " folks love the half ogre!");
}
}
- Start without debugging (CTRL+F5)
- 😞
- Add a reference to the StrongNamer NuGet package
- Start without debugging (CTRL+F5)
- ✨ 🎆 😄 🎆 ✨
The NuGet package includes an MSBuild targets file and task which hook into the build process and add a strong name to any references which aren't strong named just before they are passed to the compiler.
The task uses Mono.Cecil to do this. Credit goes to Nivot.StrongNaming for showing me how to do this.
You can conditionally disable automated signing of unsigned packages by setting the "DisableStrongNamer" property to "true". This is particularly useful if you have a custom build configuration for your application (e.g., you only wish for unsigned packages to be autosigned in specific environments).