Jump to content

Nuget and strong-signed dll

Posted on:March 29, 2016 at 02:00 AM


Nuget is very good packed manager tool for .NET projects. We all use Nuget to get all necessary dependencies in our project. Usually, our projects are installed in Program Files or inetpub, which is perfectly valid :) Referenced dlls will be installed along with our projects. Everything is great!

The problem appears when we want/need to deploy our project to GAC. In such a case we have to sign an assembly with strong-key. Here it’s explained why all assemblies have to be strongly signed. We can configure signing our assemblies (Project properties->Signing in VS) and we are ready to go… except referenced assemblies have to have strong-name too.

The Pain

So we ended up with very useful, but not signed assembly from Nuget… We have at least 3 options how to relief the pain:

  1. Search in Nuget for a signed version of our assembly. I was lucky with RestSharp because there is a signed version
  2. Recompile referenced dll and add a strong-name to it. This solution has a number of side-effects. Compiling extra project, updating and so on…
  3. Sign assembly without recompiling (link). I didn’t try that yet, but it seems to mitigate some pain from the 2nd point.

Our assembly in Nuget

When we also have some tiny assemblies in Nuget available for other developers, we should consider providing singed-version. Once I had to replace one assembly with something else just because it was not signed. Missing strong-name version problem also applies to my tiny HandyLib project, so I’ve added it to my TODO already :)’