Make sure you have a solid versioning policy in place. You can apply a version stamp using the AssemblyVersion attribute at compile time, for example:
It’s usually best to apply the same version number to all the assemblies in an application during the build process.
2. Give Assemblies Strong Names
An assembly is the smallest unit of versioning, security, deployment, version control and reusability of code in .NET. Each assembly contains:
- Assembly Identity information (name, version, etc.)
- Manifest and metadata information
- MSIL code
- Type and security information
An assembly with a strong name can be uniquely identified by a combination of its assembly version, culture information, and a digital signature.
You can create a strong name for your assembly using the strong name utility (sn.exe) provided by the .NET framework. The utility requires you to provide the name of a strong name key file as a parameter. The resulting file is called a “strong-named” file. You can use the sn.exe tool from the command line to create a strong-named key file as follows:
sn --k MyCompany.snk
When you execute the preceding command, you’ll see the output shown in Figure 1.
|Figure 1. Creating a Strong-Named Key File: Running the <i>sn.exe</i> file from the command line as shown creates a strong-named key file.|
When you create a project in Visual Studio, you’ll see a default file called AssemblyInfo.cs that you can use to specify the related attributes. Here is how you can specify the strong name information in the AssemblyInfo.cs file.
[assembly: AssemblyCulture("")] [assembly: AssemblyVersion("126.96.36.199")] [assembly: AssemblyKeyFile("MyCompany.snk")]
3. Obfuscate Your Assemblies
It’s good practice to obfuscate your assemblies before you deploy them; obfuscation makes assemblies more difficult to decompile, and impedes reverse-engineering efforts, thus protecting your source code to some degree from potential threats. In addition, obfuscation reduces the size of your assemblies; thereby boosting the application’s performance. You can learn more about obfuscation here.
4. Deploy Shared Assemblies to the GAC
You should deploy assemblies used by multiple applications to the Global Assembly Cache (commonly known as the GAC), which allows them to be shared by all applications that use the assembly. Deploying an assembly to the GAC improves its load performance compared to assemblies not located in the GAC. Strong-named assemblies load faster from the GAC because they’re verified at install time rather than at runtime—the .NET framework skips verification at runtime for GAC-loaded assemblies. The runtime always checks strong-named assemblies to verify their integrity. .NET refuses to load assemblies that are not trusted or that may have been tampered with. Note that you must provide a strong name for assemblies you want to install in the GAC.
You place an assembly into the GAC using the GACUtil tool. The following command places MyProject.dll into the GAC, thus making it globally accessible.
GacUtil /i MyProject.dll
To uninstall the assembly from the GAC, you would use:
GacUtil /u MyProject.dll
Note that you can even make your strong-named assembly globally accessible without placing it in the GAC. For this, you need to deploy your assembly using the XCOPY command.