Signing assembly Access Is Denied

Question

I\'ve recently upgraded to WIndows 7. When I try to sing the assembly in VS2010 I get an \"Access is denied\" error. I am logged as admin so I\'m puzzled. What service accou

Answer 1

Solution:

Run the following command from Administrator command prompt:

For 64-bit systems:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\StrongName /v MachineKeyset /t REG_DWORD /d 0

For 32-bit systems:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StrongName /v MachineKeyset /t REG_DWORD /d 0

The change affects immediately.

Why this happens:

MS Assembly Linker ALINK (AL.EXE) used by Visual Studio to sign assemblies creates a temporary crypto key during its work. Actually it uses some internal CLR functions for this, and the problem is that CRYPT_MACHINE_KEYSET flag is used by default. This requires elevation, and that's why running VS "as Administrator" works.

But, fortunately, I found that CLR has a global flag for StrongName signing, and it's stored in the system registry under

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StrongName

and is controlled by DWORD value

MachineKeyset.

0 - use current user key set

1 - use machine key set (this is default)

Visual Studio is a 32-bit app and uses 32-bit version of AL.EXE for build. So on 64-bit systems it's subject to registry redirection, and the flag is located under the key

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\StrongName

It works on my VS2019, Win10, and .Net framework 4.8, but I didn't test it on previous versions though.