Strong naming, or assembly signing, is essential for ensuring the integrity of .NET assembly files in production environments. By providing a unique identity to each assembly, strong naming helps prevent assembly tampering and ensures that the correct versions of assemblies are loaded at runtime. However, the modification of compiled assemblies, such as obfuscation, requires careful handling of the strong naming process.
When using Dotfuscator to apply protection mechanisms to your assemblies, it modifies the compiled output. Consequently, it’s critical to apply signing after Dotfuscator has completed its modifications and before the assemblies are published. Failure to do so can lead to runtime errors, which might disrupt application functionality:
The method of integrating Dotfuscator significantly influences how strong naming is managed. With direct Visual Studio integration, Dotfuscator is invoked automatically as part of the existing build pipeline. This integration ensures that no additional configuration for signing is required and that the process is seamless, maintaining the integrity of the assembly signing.
Dotfuscator can also be run as a distinct step in the build process by using the command line interface or GUI. Directly obfuscating assembly files via command line or GUI will invalidate the strong name signature. To avoid this, configure Signing details from the Settings tab:
Alternatively, you can specify signing configurations directly in Dotfuscator’s configuration file:
<signing>
<resign>
<option>dontuseattributes</option>
<key>
<file dir="${configdir}\..\.." name="KeyFile.snk"/>
</key>
</resign>
</signing>Starting with Dotfuscator version 6, there has been a deprecation of direct Authenticode signing within Dotfuscator. However, it remains possible and recommended to Authenticode sign the obfuscated assemblies. This can be achieved using a postbuild event in Dotfuscator to invoke Signtool.exe:
<eventlist>
<event type="postbuild">
<option>runoneachmodule</option>
<option>buildsuccessful</option>
<program>
<file dir="[Sign Tool Dir]" name="signtool.exe" />
<environment commandline="sign -fd sha256 -f [Certificate File Path].pfx -p [Certificate Password] -tr [Timestamp URL] -as ${dotf.current.out.module}" workingdir="" />
</program>
</event>
</eventlist>Was this article helpful? Your insights and experiences are vital for us to provide relevant and practical support content. If you have feedback on this topic or suggestions for future topics in the Support Corner, please reach out to our Support team. We’re here to help enhance your experience and answer any questions you might have.