InternalsVisibleTo and strong names

I just stumbled upon a funny problem related to the new .NET 2.0 attribute InternalsVisibleTo in conjunction with a strong-named assembly.

The situation is this: I have that assembly that exposes its internals to another assembly (for unit testing) using InternalsVisibleTo. Now I decided to sign that assembly with a strong name. Suddenly, I got the following error message at compile time:

Friend assembly reference ‘UnitTests’ is invalid. Strong-name signed assemblies must specify a public key token in their InternalsVisibleTo declarations.

So what to do about this? Well, first the UnitTests assembly needs to be signed with a strong name, too. Then the tricky part is using the correct string to pass to the InternalsVisibleTo attribute. Problem is, you won’t be able to compile either of the two assemblies before you get that syntax right: the UnitTests assembly doesn’t compile because it references the other assembly, which can’t be compiled because the attribute is not correctly configured.

The trick is to find out the public key token of the strong name key pair you are using to sign the UnitTests assembly. There are several ways to do that:

  1. Find any other assembly in the GAC that has been signed with the same strong name and copy the public key token from the properties dialog.
  2. From the command line, use the sn.exe tool to show the public key token for an assembly that’s already signed: sn.exe -T assembly.dll (note the capital T)
  3. From the command line, use the sn.exe tool to show the token for a public key that you have saved in a file: sn.exe -t If you have your key pair together in one file, you’ll need to extract the public key into a separate file first: sn.exe -p mykey.snk

There are other ways, especially if you’re using a key pair stored in a container. Use the sn.exe command without parameters to get some helpful information on parameter syntax. In either case, you should end up with your public key token, which is a string representing an eight byte hexadecimal number.

The final step to get the assembly combination to compile correctly is to include the public key token in the parameter to the InternalsVisibleTo attribute in the correct syntax (use your own public key token, obviously):

[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("UnitTests, PublicKeyToken=123456789abcdef0")]

19 Comments on InternalsVisibleTo and strong names

  1. Brad Thompson // October 19, 2005 at 11:31 pm // Reply

    Unfortunately, this doesn’t work for me. My method was to edit the unittest code to comment out all references to the main dll. Then compile it with a strong key that I created with sn.exe. I then used sn.exe to get the public key. I included this in the main dll assembly exactly as above, but when I compile I still get the same error. I even GACed the unittest.dll file. Is there anything wrong with my approach?


  2. It does sound correct. What is the error you’re getting? The same message I showed above? I just double-checked and I find there has to be something funny going on on your end. The thing is this: the compiler checks only for the valid syntax of the string passed to the InternalsVisibleTo attribute. For example, you can even use the string shown above, with the nonsense public key token in it, to make the compiler happy. So if you’re still getting errors, there must be another reason… are you sure you’re not seeing old messages? VS is sometimes great at this… To be sure, the best way is to switch to the Output tab after a compiler run (not the Error list tab!) and check the output carefully – maybe there’s some other problem and VS is showing you the old error.


  3. Hi, I have come across your same error but with the difference being none of my assemblies were strongly signed.At first I thought that the documentation included was incorrect and that the final release would only allow you to use the InternalsVisibleTo attribute on strongly signed assemblies. I was in the middle of writing something to MS when I tried to compile their example and was surprised when it worked.So after much headscractching I discovered that if I removed the following three attributes from my ported AssemblyInfo.cs file:[assembly: AssemblyDelaySign(false)][assembly: AssemblyKeyFile("")][assembly: AssemblyKeyName("")]Then my error went away. It seems that if the compiler detects the presense of these attributes, for the purposes of the InternalsVisibleTo, it seems to think that the assembly is strongly signed.


  4. HiThe InternalsVisibleTo attribute now uses the public key of the assembly, rather than the public key token. This can be extracted by running:sn -tp mykey.puband using PublicKey= rather than PublicKeyToken=


  5. Hey Neil – Certainly an interesting hint, but do you find this more useful? I tried it with my own key and while the token has 16 chars (8 bytes), the complete key string is more than 320 chars long. If I have the choice, I’ll still go with the token 🙂


  6. Justin Scott // December 3, 2007 at 6:44 pm // Reply

    Command is slightly wrong:Try this:[assembly: InternalsVisibleTo("UnitTests, PublicKeyToken=<123456789abcdef0>")]


  7. Justin Scott // December 3, 2007 at 7:08 pm // Reply

    Scratch that; I am not able to get PublicKeyToken to work as desired in Orcas. However, PublicKey still works A-OK.Use sn -Tp assembly.dllwhich will return:PublicKey=00240000048…9PublicKeyToken=123456789abcdef0Then in code:[assembly: InternalsVisibleTo("UnitTests, PublicKey=00240000048…9")]


  8. Thank you very much! Specifying [InternalsVisibleTo("MyDll, PublicKey=…")] worked beautifully. Visual Studio 2008 just simply refused to accepted [InternalsVisibleTo("MyDll, PublicKeyToken=…")]Thanks again!


  9. Just wanted to confirm Andrew’s comment — VS 2008 requires PublicKey; PublicKeyToken does not work.


  10. Im working with the Data Block of the Enterprise Library.Both PublicKey and PublicKeyToken didnt work for me. There seems to be an endless nesting of referenced assemblies that I have to add this attribute to. What is the workaround if any?


  11. Thanks for the info. Very – The latest version of the Enterprise Library comes strong named. Otherwise, you just have to download the source, go into each project and sign each. Its a PITA, but once you’re done, you have a nice set of signed Enterprise Library dlls.


  12. "The latest version of the Enterprise Library comes strong named.". I found the lastest version of the Library doesn’t includes strong name <a href=""&gt; latest library</a>Is this link correct? Thank you!


  13. Firstly thanks for the article, im new to c# and .net (came from php5), and this has helped me get InternalsVisibleTo working. I do have one slight ‘odity’ in VS2008 however. I have a solution with 2 projects, one is the library code the other a unit test project for the library. When I build the library code all works fine but I don’t get the internal class appearing in the intellisense when using the unit test code. It all compiles fine however – anybody else experiencing this?


  14. I could not get mine to compile and see the internals until I found another post which said to use PublicKey (instead of PublicKeyToken) and use the actual hex public key (extracted from my unitTest binary using sn -Tp myunitTest.dll


  15. Brian Johnston // October 31, 2008 at 2:38 am // Reply

    I can confirm response #14 – in VS2008, had to use PublicKey and full hex public key extracted as shown above. What a PIA. Visual Studio team shouldn’t make it so hard to do basic security – no wonder so many people don’t sign their files when you have to go through all this!


  16. VS2008 allows PublicKeyToken, but the token has to be contained in angle brackets, as per Justin in #6.<code>[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("TestTestSuiteLib, PublicKeyToken=&lt;9018f56b77fb9f38&gt;")]</code>works for me.


  17. Vaillancourt // November 10, 2009 at 3:47 pm // Reply

    With the strong naming you better use this :

    sn.exe -Tp assembly.dll

    And copy paste the long public key.

    [[assembly: InternalsVisibleTo(“TestTestSuiteLib, PublicKey=00240000048000” +
    “00940000000602000000240000525341310004000001000100117b0b7131311e” +
    “e5a2279939d38d0fa02bddeee660a75088081110f5b65526b38dbea2e04a6ef4b28e6034068103” +
    “0a4b0366d30fba3fb2cdb035a38006e11d6c41ce2a8981dc41b712c753a76d315cb64b7ba01b34” +
    “edda3b549c40a32bf7cc8b6aa0afa94f7d2e11087a408cce5029cc0d041ad7c253406684ca07ab” +


  18. I’m glad you shared this with everyone! Firstly thanks for the article, im new to c# and .net (came from php5), and this has helped me get Internals VisibleTo working.


  19. Confirming @Rupert’s comment above, PublicKeyToken works if you surround it with angle brackets. VS2010 as well.


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s