InternalsVisibleTo, Signing and Unit tests, how to make it practical?

2.2k views Asked by At

In "C# in Depth 2nd Edition", Jon Skeet's book - which I've just read until end of part 2 -, it is mentioned in 7.7.3 that InternalsVisibleTo can also be used with signed assemblies. At the moment I did not use signatures at all. The security issue for released binaries is actually quite critical so I plan to remove completely the attribute for release assemblies using a preprocessor variable test.

Just for interest, how would it be practical to use signed assemblies and InternalsVisibleTo? In order to use InternalsVisibleTo for specifying a signed friend assembly, I need to specify its public key. I have it only after compiling the friend assembly which has a dependency on the assembly under test (dynamic assembly loading and reflexion left aside, what would bloat-up coding and readability). This sound like a chicken-egg problem requiring a bootstrap of the assembly to be tested. I can imagine some tricks with MSBuild and scripting to automate this. Is there a more practical way of doing this?

In case it remains so tedious I will stick to my first idea of dropping Unit Testing for the release builds (which is somewhat unsatisfying as subtle timing issues could be left untested...)

1

There are 1 answers

1
Pablo Romeo On BEST ANSWER

Use the same key to sign all the projects in the solution, don't generate a different one for each project and on each build. I'd recommend having the same physical key file referenced by each project in the project properties, instead of copying it into each project.

That way, all of them are associated with the same PublicKey constant. And use a single entry, such as:

[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("UnitTests, PublicKey=<your key>")]