Document how to sign and install ELMAH into GAC

[atifaziz]

Some folks may not be entirely familiar with the process of signing a private build of an assembly, installing it into the GAC and using its strong name for configuration. It would be useful to document this for ELMAH (even though the steps would apply to any weak-named assembly) as noted in the following thread:

http://groups.google.com/group/elmah/t/885232536c2ef21

---

Originally reported on Google Code with ID 79

Reported by @atifaziz on 2008-12-02 15:57:59

[atifaziz]

Would it be possible for releases (production and beta etc) of ELMAH to be strongly signed before being uploaded to google code?

I'd rather use pre-build binaries for our application so having them signed makes it easier to drop them in the GAC.

Cheers

---

Reported by @MatthewSteeples on 2009-04-24 12:38:48

[atifaziz]

@MatthewSteeples Strong-naming the assembly by themselves won't help unless a setup MSI is also provided because that is the only official way to get an assembly into the GAC on production server. As pointed out in the thread, GACUTIL is not even installed on servers. It is purely an SDK tool at this point.

---

Reported by @atifaziz on 2009-04-28 17:20:51

[atifaziz]

I understand that. Currently we install assemblies into the GAC on production servers using windows explorer. We open up C:\windows\assembly and drag the assemblies into there.

The reason I was asking for signed assemblies is that we try and use precompiled binaries direct from websites so that we can keep track of what version we're using. If someone has to check out the source, attach a key and then compile it we don't know if any modifications have been made to the code itself (unless we use reflector on it).

As far as I'm aware there aren't any ways to sign an assembly that has already been compiled (unless it's marked as delay-sign)

---

Reported by @MatthewSteeples on 2009-04-28 18:39:59

[atifaziz]

FWIW, we have successfully signed Elmah with our own key, compiled from source, so that works, and it is easy, etc.

HTH.

-- Mark Kamoski

---

Reported by @mkamoski on 2009-04-29 20:23:05

[atifaziz]

Agree. While gacutil is not officially supported as deployment, it works well enough, just like dragging/dropping into the c:\windows\assembly folder. Not having to re-compile it would just save me from that step.

---

Reported by [email protected] on 2009-05-26 20:34:13

[atifaziz]

For anyone looking to do this,

1. Download the src zip file and extract it.
2. Open up your preferred solution version in the Solutions folder.
3. Right-click the project in Visual Studio, go to Properties, Signing, check Sign the assembly, select New, give it a name, don't bother with a password, save and exit.
4. Double-click the build.cmd file in the Solutions folder.
5. Your preferred version will now be in the appropriate bin folder.

---

Reported by [email protected] on 2009-11-19 15:37:16

[atifaziz]

Couldn't the Elmah devs just add the key and sign the dll so it would be simpler? (I know it is pretty easy, but still, all the other dlls included are fine (mono.security, mysql, npgsql, sqlite, etc) just the Elmah.dll that isn't signed)

---

Reported by c0bra99 on 2011-07-28 14:56:32

[atifaziz]

Paul Simpson has independently published a Code Project article documenting the steps:
http://www.codeproject.com/KB/aspnet/elmahGAC.aspx

---

Reported by @atifaziz on 2011-08-03 16:53:35

[atifaziz]

Please sign it... It is easy (and I did it) the real problem is that Nuget Package is not signed so in cannot use from nuget as dependency and I have to create a custom package just because it is not signed...

---

Reported by manudeareal on 2013-02-11 10:10:07