Strong Naming web parts helps to make sure that they can not be tampered with – just like signing any .NET assembly does. However, because of the nature of SharePoint, there are a few additional steps that are required after the assembly is strong named to ensure that the web part can be deployed and correctly loaded.
The process involves two major steps: Strong Naming the Assembly, Changing the DWP file(s).
Strong Naming the Assembly
Strong naming the assembly is covered in a separate document. Signing the web part assembly itself is no different than any other .NET assembly. See How to Strong Name an Assembly
Changing the DWP File(s)
The DWP file that Visual Studio creates uses the name of the assembly without a strong name. The fully identified assembly name must be used to load all strong named assemblies, so if the DWP file is not modified it will fail to load the assembly – and you’ll get an error message that the control is not marked as safe.
The quickest way to get the correct assembly definition in the DWP file is to use GACUtil – which installs the DLL into the GAC. The process for getting the full assembly name and adding it into the DWP appears below:
- Open a command prompt and navigate to the project’s bin\debug directory.
- Type GACUTIL /I MyAssembly.dll where MyAssembly.DLL is the name of the assembly for the project. You’ll see a message that the Assembly was successfully added to the cache.
- Type GACUTIL /u MyAssembly where MyAssembly is the name of the assembly for the project – without the DLL extension. You will see a set of messages which show the full name of the assembly including it’s publickeytoken.
- Copy the Uninstalled line, including any additional information that appears on the next line to the clip board.
- Go to Visual Studio and open the DWP file.
- Paste the copied text between the and tags replacing what was there.