Of course, when I went to build the project in Visual Studio 2010, I got a Cryptographic failure while attempting to sign the assembly.
Well, this error message did not provide me with enough details, so I opened a Visual Studio Command prompt and typed "sn -k key.snk" Now, instead of the Cryptographic failure error message, I got another error message "Failed to generate a strong name key pair -- Access is denied"
Well, after a little Google searching, I found several blog posts indicating that I needed to change the file system permissions for the following directory:
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys
A lot of articles and blog posts mention adding specific user privileges in order to get the strong naming operation to work correctly.
However, what I have found out is that this is usually not necessary. Instead, I simply checked the check boxes for the following "Include inheritable permissions from this object's parent" and "Replace all child object permissions with inheritable permissions from this object."
For whatever reason, somehow the Administrators group becomes orphaned and no longer has permissions to the required directory. (I suspect that it is because I installed Visual Studio 2010 before joining my machine to the domain, but I can't tell for sure.) In any case, by simply inheriting permissions for the directory, this will override any "special" permissions that somehow got applied to the directory which preventing the signing of an assembly with a strong name key.
These are the steps I followed:
- Open Windows Explorer
- Browse to the directory path C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys
- Right click on the directory and select Properties
- Click on the Security tab
- Click on the Advanced button
- Click on the Change Permissions button
- Check on the checkbox next to "Include inheritable permissions from this object's parent" as well as "Replace all child object permissions with inheritable permissions from this object."
- Click on the OK button
- If you receive any access denied error messages, click on Cancel.
- If you receive any other error dialog boxes, click on Cancel.
- Even though you clicked on Cancel on the various dialog boxes, the inherited permissions should still have been applied.
- Once again attempt to either sign the assembly with a strong name key or rebuild the solution in Visual Studio.
- If everything worked correctly, you should now be able to successfully sign your assembly with a strong name key!
No comments:
Post a Comment