Is it possible for a website project to reference a signed assembly in visual studio?

Question

I'm aware of the following two different types of web projects in Visual Studio 2008:

• Website project
• Web application project

A web application project can reference a signed assembly as long as the web application's assembly is also signed with the same key. However, this doesn't work with the website project because there is no place to sign an assembly. I think this is because the assembly is compiled dynamically on the server?

Anyway, is it possible to get the website project working with this signed assembly? Or will I have to convert this website project into a web application project?

Edit:

The following situation has required me to ask for clarification in this matter:

I have a class library that is being referenced by several other projects in my solution in Visual Studio. One of the projects is a windows application that will be deployed to specific external users. In order to make sure that the application is using the correct assembly and to also prevent others from using the assembly (I am aware of the limitations with respect to its effectiveness), all assemblies have been signed and all the classes in the library are declared as Friend (internal).

The website project doesn't seem to have a way for me to sign its assembly and I get the following message when attempting to use anything from the library: "CLASS is not assessable in this context because it is 'Friend'", which is to be expected.

The following attributes are inside the AssemblyInfo.vb file in my class library project:

<Assembly: InternalsVisibleTo("OtherProject1, PublicKey=AAA...")>
<Assembly: InternalsVisibleTo("OtherProject2, PublicKey=AAA...")>
...

My Conclusion:

Looks like the cleanest way to do this would be to convert the website into a web application but this would require a bit of time to do since our site is pretty fleshed out already and as pointed out in other discussions, can be quite a pain to do. Going forward, I think creating a web application in the first place may have been a better idea and much more flexible for future development.

Answer 1

There's no requirement for the two projects to be signed with the same key - after all the framework assemblies are all signed with MS's key, which you don't have access to yet you can happily reference them from both Web Site and Web Application projects.

There's nothing at all stopping you referencing a signed assembly from a Website project - what errors are you seeing?

---

Edit to add

In light of your updated information, yes, I think you'll have to either:

1. Convert the web site to a web application - as you rightly point out, there's no way to sign the site, and indeed, there's no real control over the libraries that ASP.NET will generate for the site.
2. Compile two versions of the class library, one signed, the other not. You could probably use conditional compilation to achieve this.

---

Edit to add

I think the conditional compilation will probably end up getting messy quickly, but in brief it would work like this:

• Open the Project Properties for the class library, and go to the Build tab.
• Switch the "Configuration" dropdown to "All Configurations"
• In the "Conditional compilation symbols" box, add a new symbol, such as "INTERNAL".

Go to the class libraries that you want to make public, and modify them to something like:

#if INTERNAL
  internal class MyClass
#else
  public class MyClass
#endif
  {
    [...]
  }

Then, when you need to produce the Public version of the library, remove the "INTERNAL" symbol from the properties and rebuild - you could make this easier by creating a new set of Debug and Release configurations that have this symbol defined, and switch between them using the Solution Configuration dropdown.

Potential issues:

1. It might not be easy to tell whether you've got the symbol defined or not - I don't know what the behaviour is in vanilla VS, however with ReSharper installed it will grey out the parts of the code that won't be compiled under the current set of symbols, and flags the class as inaccessible as you type.
2. You'll want to leave your properties and methods as public so that when you don't build it as "INTERNAL" you can access the them, but this will look a bit odd (although doesn't produce any warnings so clearly is legal).

Answer 2

Now that I have a clearer picture of the issue I see that my original answer does not apply well. What I have done before in a similar situation was to use source control to branch the code files for the "Friend" classes into the consuming project so that they compile as part of the consuming assembly.

In my case I was trying to reuse some code in different server control projects without putting it into a separate dll, but I suspect it would also work well for your website scenario. It would mean your web site has no need to reference the signed DLL because the classes are compiled as part of the site and therefore all of the internal declarations should be available to it.

I don't know if this would be an option for you or not, largely depends on what source control tool you use, how you have your code repository set up, and how comfortable you are with the branching and merging concept.

Answer 3

Public members of a signed assembly should be available to any other project which has access to the DLL. I have created several signed assemblies and distributed them to other members of my team, we have used them in a mix of websites, web projects and console apps. The only place we ran into a conflict was when we tried to use an assembly that referenced HttpContext.Current in a console app. Even that worked if we avoided the methods which utilized this reference.

The only case in which signing/keys should be an issue is if you are trying to make them "Friends", meaning that they can see eachothers internal types and methods. The rules about friends and signing are documented here: http://msdn.microsoft.com/en-us/library/0tke9fxk.aspx