Bypassing strong-name verification for a .Net assembly

Sometimes during testing I just want to copy a strong-named assembly from a build machine to my worktop. However the assembly won't run if the .Net runtime on my system can't find the public key to verify its signature with, so I end up with an error like this:


Unhandled Exception: System.IO.FileLoadException: Could not load file or assembly 'unit, Version=, Culture=neutral, PublicKeyToken=42cf38aff364e35' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A) File name: 'unit, version=, Culture=neutral, PublicKeyToken=42cf38aff364e35' ---> System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A)
The Zone of the assembly that failed was:

To bypass strong name verification, I essentially exempt it using the sn.exe strong-name tool that ships with VS. The -Vr option means "Register for verification skipping" and after this I can run it fine.

sn -Vr *,36e4ce08b8ecfb17

Now if I type sn -Vl I'll see this assembly in the list of assemblies that skip strong-name verification:

Microsoft (R) .NET Framework Strong Name Utility Version 2.0.50727.312
Copyright (c) Microsoft Corporation. All rights reserved.

Assembly/Strong Name Users
*,31bf3856ad364e35 All users


Use the -Vr option only during development. Adding an assembly to the skip verification list creates a security vulnerability. A malicious assembly could use the fully specified assembly name (assembly name, version, culture, and public key token) of the assembly added to the skip verification list to fake its identity. This would allow the malicious assembly to also skip verification.
Thanks for the help! I had to use this trick to be able to use the MathNet Neodym library (MathNet.Neodym.dll).

Glad you found it useful, and thanks for the comment.