We enabled open source signing for Application Insights SDK on github. Open source signing allows you to build assembly that matches identity of those officially built by Microsoft.
When you import Application Insights NuGet package reference like this will be added to your project. Note that this reference is added to the assembly with the specific public key token:
1 2 3 4
You may also have some already compiled assemblies that has a reference to Application Insights SDK. Those references would also be on strongly named assembly.
Open source signing allows you to change the code of Application Insights SDK, compile it and replace original assembly for testing. Applicaiton Insights assembly you’ll compile locally will have the same public key token as one compiled by Microsoft. Here is what sn tool will output:
1 2 3 4 5 6 7 8 9 10 11 12 13
So you don’t need to change public key token in project file and you don’t need to recompile other assemblies referring Application Insights SDK. You can just replace a file and test your changes.
There are some limitations with open source signing. First, strong name verification will obviously fail:
1 2 3 4 5 6
So you may need to disable verification for this public key token (don’t forget to run this command for the correct bittness - x86 or x64):
Next limitation is related to the behavior of ASP.NET infrastracture. Even if you turned strong name verification off on computer, your ASP.NET applicaitons will likely fail with the message like this:
1 2 3 4 5 6 7
The issue explained in details at IIS forum.
When using .NET 4, shadow copying assemblies in an application for which assemblies rarely ever change has improved. In previous versions of ASP.NET, there was often a noticeable delay in application startup time while assemblies were being shadow copied. Now, the framework checks the file date/time of an application’s assemblies and compares that with the file date/time of any shadow copied assemblies. If they are the same, the shadow copying process does not occur. This causes the shadow copying process to kick off only if an assembly has been physically modified.
The process would look something like this for each assembly:
1. Copy assembly from application location to temporary location
2. Open assembly
3. Verify assembly name
4. Validate strong name
5. Compare update to current cached assembly
6. Copy to shadow copy location (if newer)
7. Remove assembly from temporary location
Shadow copying is important if you are modifying assemblies directly in a live application.
But if you want to skip strong name assembly, you must disable shadow copying.
So you need to disable shadow copying for your ASP.NET application in
1 2 3
More information on open source signing can be found at corefx documentaiton page.
With open source signing it is much easier to validate changes you may need in Application Insights SDK. We always happy to hear your feedback and accept your contribution!