C#: why sign an assembly?

Question

In some C# code I have taken over (in Visual Studio 2005), I have noticed that the assemblies are all signed with the same .snk file.

• Wh

Answer 1

You need to sign assemblies if you want to put them in the GAC.

If you sign an executable, then any class libraries it links to also needs to be signed. This can be difficult if you're using a third-party library (especially if you need to use an ActiveX control or similar).

Richard Grimes have written a good workshop about security in .NET and that includes a chapter about this: Security Workshop

The reason for all the assemblies being signed with the same .snk file could be if he used unit testing with code coverage. To be able to do code coverage (at least with the tools built into the testing version of Visual Studio 2005) and if the assemblies are signed, you need to specify what .snk files are used for the signing, but I think you can only specify one .snk file for the whole solution, so if you sign the various class libraries with different .snk files you can only check the code coverage on one of them at a time.