导入模块上的强名称验证失败
我无法导入程序集,据说是因为强名称验证失败,尽管即使我将程序集注册为不进行检查,也会发生这种情况。有人能发现我在这里做错了什么吗?
以下是文字记录。作为参考,sn.exe 的开关是:
- -v:验证签名。
-Vr:注册程序集以跳过验证。
PS C:\temp> .\sn.exe -v .\my.dll
Microsoft (R) .NET Framework 强名称实用程序版本 3.5.30729.1 版权所有 (c) Microsoft Corporation。保留所有权利。
程序集“.\my.dll”有效
PS C:\temp\Cmdlet>导入模块.\my.dll 导入模块:无法加载文件或程序集“我的, Version=4.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35' 或其之一 依赖关系。强名称验证失败。 (HRESULT 异常:0x8013141A) 行:1 字符:14
- 导入模块<<<< .\Microsoft.Rtc.Management.Core.dll
- CategoryInfo:未指定:(:) [导入模块]、FileLoadExcep 化
- FullyQualifiedErrorId:System.IO.FileLoadException、Microsoft.PowerShell .Commands.ImportModuleCommand
PS C:\temp\Cmdlet> .\sn.exe -Vr *
Microsoft (R) .NET Framework 强名称实用程序版本 3.5.30729.1 版权所有 (c) Microsoft Corporation。保留所有权利。
为程序集“,”添加了验证条目
PS C:\temp\Cmdlet>导入模块.\my.dll 导入模块:无法加载文件或程序集“我的, Version=4.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35' 或其之一 依赖关系。强名称验证失败。 (HRESULT 异常:0x8013141A) 行:1 字符:14
- 导入模块<<<< .\Microsoft.Rtc.Management.Core.dll
- CategoryInfo:未指定:(:) [导入模块]、FileLoadExcep 化
- FullyQualifiedErrorId:System.IO.FileLoadException、Microsoft.PowerShell .Commands.ImportModuleCommand
- 导入模块<<<< .\Microsoft.Rtc.Management.Core.dll
我应该提到的是,我已经通过 Reflector 验证了所有必需的依赖程序集都存在于同一目录中。
I'm unable to import an assembly, supposedly because strong name validation is failing, though this occurs even when I register the assembly to not be checked. Can somebody spot what I'm doing wrong here?
Below is a transcript. For reference, the switches to sn.exe are:
- -v: Verify signature.
-Vr: Register assembly for verification skipping.
PS C:\temp> .\sn.exe -v .\my.dll
Microsoft (R) .NET Framework Strong Name Utility Version 3.5.30729.1
Copyright (c) Microsoft Corporation. All rights reserved.Assembly '.\my.dll' is valid
PS C:\temp\Cmdlets> Import-Module .\my.dll
Import-Module : Could not load file or assembly 'my,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its
dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A)
At line:1 char:14- Import-Module <<<< .\Microsoft.Rtc.Management.Core.dll
- CategoryInfo : NotSpecified: (:) [Import-Module], FileLoadExcep
tion - FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell
.Commands.ImportModuleCommand
- CategoryInfo : NotSpecified: (:) [Import-Module], FileLoadExcep
PS C:\temp\Cmdlets> .\sn.exe -Vr *
Microsoft (R) .NET Framework Strong Name Utility Version 3.5.30729.1
Copyright (c) Microsoft Corporation. All rights reserved.Verification entry added for assembly ','
PS C:\temp\Cmdlets> Import-Module .\my.dll
Import-Module : Could not load file or assembly 'my,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its
dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A)
At line:1 char:14- Import-Module <<<< .\Microsoft.Rtc.Management.Core.dll
- CategoryInfo : NotSpecified: (:) [Import-Module], FileLoadExcep
tion - FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell
.Commands.ImportModuleCommand
- CategoryInfo : NotSpecified: (:) [Import-Module], FileLoadExcep
- Import-Module <<<< .\Microsoft.Rtc.Management.Core.dll
I should mention that I've verified via Reflector that all required dependent assemblies are present in the same directory.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的程序集可能是延迟签名或测试密钥签名的,并且看起来 PowerShell 只允许加载完全签名的程序集(即它忽略跳过验证设置)。这可以解释为什么 sn.exe 说程序集具有有效的强名称签名,但技术上并没有。 (您可以通过运行
sn -vf
而不是sn -v
来查明程序集是否确实具有有效签名,即使它已注册为跳过验证)。我认为您困惑的主要原因源于对跳过验证如何工作的错误假设。注册程序集以跳过验证并不能保证程序集的强名称签名永远不会被验证。验证跳过专门用于允许延迟签名和测试密钥签名的程序集在此类情况下无缝工作,但没有什么可以阻止某人(例如 PowerShell)覆盖它并强制验证。
Your assembly is probably either delay signed or test key signed, and it looks like PowerShell only allows fully-signed assemblies to be loaded (i.e. it ignores the skip verification setting). This would explain why sn.exe says the assembly has a valid strong name signature when it technically doesn't. (You can find out if the assembly actually has a valid signature, even if it's registered for verification skipping, by running
sn -vf
instead ofsn -v
).I think the major source of your confusion stems from a mistaken assumption about how verification skipping works. Registering an assembly for verification skipping is not a guarantee that the assembly's strong name signature will never be verified. Verification skipping is specifically intended to allow delay signed and test key signed assemblies to work seamlessly in situations like these, but nothing is stopping someone (like PowerShell) from overriding it and forcing verification anyway.