Disabling assembly signature verification


	BlueCielo Meridian Enterprise 2013 Administrator's Guide \| BlueCielo ECM Solutions

You are here: BlueCielo Meridian Enterprise Administrator's Guide > Installing Meridian > Installing the Data Library > Disabling assembly signature verification

Disabling assembly signature verification

A .NET Framework 2.0 managed assembly that has an Authenticode signature (several of which are included in Meridian Enterprise) takes longer to load than an assembly without a signature. The signature is always verified when the managed assembly is loaded. Additionally, the managed assembly may take longer than usual to load because of various other settings, for example, because of the network configuration.The common language runtime (CLR) tries to verify the Authenticode signature at load time to create publisher evidence for the assembly (publisher of the assembly, not BlueCielo Publisher specifically). However, by default, most applications do not need publisher evidence since a standard code access security (CAS) policy does not rely on the publisher evidence. When you disable signature verification, the .NET Framework 2.0 managed application starts faster.

You should avoid the unnecessary startup time associated with verifying the publisher signature unless your application executes on a computer with a custom CAS policy or you need to satisfy security requirements in a partial-trust environment. (Demands for identity permissions always succeed in a full-trust environment.)

We recommend that you clear the generatePublisherEvidence element in the .NET Framework 2.0 configuration files of such assemblies to improve startup performance. Because this involves both the client computers as well as servers, we recommend that this only be done on those computers that actually experience inadequate load times. To do this, you can add a setting to the <ApplicationName>.exe.config file for the application. Create the file if it does not yet exist in the same folder as the executable.

The file should look similar to the following:

<configuration>
    <runtime>
        <generatePublisherEvidence enabled="false"/>
    </runtime>
</configuration>

For example, disable the generatePublisherEvidence element in the following configuration files. These are for applications that load Publisher user interface extensions and that are signed .NET assemblies. Configure the setting on all computers that run the corresponding application.

PowerUserU.exe.config
ConfiguratorU.exe.config

Note Configuration files that include this setting are installed by default by Meridian Enterprise 2012 SP1 and later and modification is not necessary.

You can configure the setting for all ASP.NET web applications (Publisher computer and web servers) or for all applications on a computer (servers or clients) by adding the setting to the following files.

On 32-bit operating systems:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet.config (servers only)
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config (servers and clients)

On 64-bit operating systemsin addition to the preceding 32-bit files:

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet.config (servers only)
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config (servers and clients)

For more information, see the following Microsoft resources:

FIX: A .NET Framework 2.0 managed application that has an Authenticode signature takes longer than usual to start

<generatePublisherEvidence> Element on MSDN