How to: Sign Assemblies for Precompiled Web Sites

You can digitally sign the assemblies produced by the ASP.NET Compilation Tool (Aspnet_compiler.exe) to help improve the security of your Web application. Signing an assembly with a strong name makes it more difficult for attackers to introduce malicious code into your application. For more information about the benefits of using signed assemblies, see Strong-Named Assemblies.

Whenever you sign an assembly with either the -keyfile or -keycontainer switch, you must also specify that the AllowPartiallyTrustedCallersAttribute attribute be applied to the assembly by using the -aptca switch. If you do not specify the -aptca switch, your assembly cannot be called by the ASP.NET process, and Aspnet_compiler.exe throws an exception.

The procedure in this topic uses a strong-named key pair and the switches and parameters of Aspnet_compiler.exe. For more information about this tool, see ASP.NET Compilation Tool (Aspnet_compiler.exe). For more information about strong-named keys, see Creating and Using Strong-Named Assemblies.

For more information about precompilation, see How to: Precompile ASP.NET Web Sites.

To sign assemblies for a precompiled Web site

  1. Create a strong-named key pair or key container. For more information about creating a strong-named key, see How to: Create a Public/Private Key Pair.

  2. Open a command window and navigate to the folder containing the .NET Framework.

    The .NET Framework is installed in the following location.

    %windir%\Microsoft.NET\Framework\version
    
  3. Run the aspnet_compiler command by typing the following at a command prompt.

    aspnet_compiler -v virtualPath targetPath -keyfile keyFile.snk -aptca
    

    The virtualPath parameter indicates the Internet Information Services (IIS) virtual path of your Web site; the targetPath parameter indicates a physical path to the directory for the compiled Web site; and keyFile.snk indicates the name of the key file.

    If you are using a key container, type the following at a command prompt.

    aspnet_compiler -v virtualPath targetPath -keycontainer keyContainer.snk -atpca
    

    If your Web site is not an IIS application, and therefore has no entry in the IIS metabase, type the following at a command prompt.

    aspnet_compiler -p physicalOrRelativePath -v / targetPath -keyfile keyFile.snk -aptca
    

    In this case, the physicalOrRelativePath parameter refers to the fully qualified directory path in which the Web site files are located, or a path relative to the current directory. The period (.) operator is allowed in the physicalOrRelativePath parameter. The -v switch specifies a root that the compiler will use to resolve application-root references (for example, with the tilde (~) operator). When you specify the value of / for the -v switch, the compiler will resolve the paths using the physical path as the root.

    If you are using a key container, type the following at a command prompt.

    aspnet_compiler -p physicalOrRelativePath -v / targetPath -keycontainer keyContainer.snk -aptca
    

    The targetPath parameter is a physical path to the destination directory.

See Also

Tasks

How to: Precompile ASP.NET Web Sites

Other Resources

ASP.NET Web Site Precompilation