Skip to main content

TFS Build and password protected strong name keys

A problem that I and many others have had occurs whe you use TFS Build to build projects that are signed with a password protected strong name key. When the project is built the first time in Visual Studio a dialog pops up prompting for the password. In an automated build process this dialog cannot be displayed, which results in the following error:

C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Common.targets(1805,7): error MSB4018: The "ResolveKeySource" task failed unexpectedly.
System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
 at System.Windows.Forms.Form.ShowDialog(IWin32Window owner)
 at System.Windows.Forms.Form.ShowDialog()
 at Microsoft.Build.Tasks.ResolveKeySource.ResolveAssemblyKey()
 at Microsoft.Build.Tasks.ResolveKeySource.Execute()
 at Microsoft.Build.BuildEngine.TaskEngine.ExecuteInstantiatedTask(EngineProxy engineProxy, ItemBucket bucket, TaskExecutionMode howToExecuteTask, ITask task, Boolean& taskResult)

To work around this issue, follow these steps:
  1. Log on to the build server with the account used for tha automated builds (normally the TFS service account).
  2. Open a command prompt and navigate to C:\WINDOWS\Microsoft.NET\Framework\v3.5\
  3. Run msbuild "C:\Project\Project.sln" /t:rebuild for each project (.csproj) or solution (.sln) that contains password protected strong name keys.
  4. Enter the password when the prompt is displayed. The certificate is then saved in the certificate store for the service account.
  5. Restart the Visual Studio Team Foundation Build service.
When the certificates have been read into the certificate store for the build account an automated build should work as expected. This same solution is posted in several blogs, but most posts do not mention that a restart of the build service is required. However I had to do that before I got the automated builds to work.

Comments

Popular posts from this blog

Binding Enum with DescriptionAttribute in WPF

Binding an enumeration to a ComboBox can be done in several ways. In most cases you don't want to display the value itself, but a more user friendly description. One common approach is to use the DescriptionAttribute on the Enum values to supply a description for each value.  This is all possible in a very MVVM friendly way. First step is to add the  DescriptionAttribute  to the values of the enumeration. public enum MyValues { [Description("First value")] First, [Description("Second value")] Second } To retrieve the description from the enum we use a simple extension method. This method returns the value of the DescriptionAttribute if it exists, otherwise the string representation of the enum value is returned. public static string GetDescription(this Enum value) { var fieldInfo = value.GetType().GetField(value.ToString()); var attribute = fieldInfo.GetCustomAttributes(typeof(DescriptionAttribute), false).FirstOrDefault() as

User.Identity returns old login name after name change

When a person gets married or makes a name change for some other reason this usually means that the login name for the Active Directory-account changes as well. This is rarely a problem, but it turned out to cause some issues on our web server, where the  User.Identity  property was still returning the old login name. The user logged on with the new login name, but was identified by the web application as the old login name. The reason this occurs is because the  User.Identity  property relies on the  LsaLookupSids  method to convert the user SID to a login name. The method first calls the local  LSA-cache , which is not synchronized with the Active Directory. For this purpose a simple reboot of the web server to clear the  LSA-cache  propably would have sufficed. But since we didn't want to take the application offline rebooting was not an option. Instead, it is possible to set the registry value  LsaLookupCacheMaxSize in HKLM\SYSTEM\CurrentControlSet\Control\Lsa. If this val

Programming AD with C#.NET – part 4

Our transition to the  System.DirectoryServices.Protocols  has in the whole gone very smooth, but there have been some issues with one environment that contains subdomains. Most things are working fine, but writing to a subdomain does not work in the same way as it did before. What is generally bad with the  System.DirectoryServices.Protocols is the documentation, which is practically non-existent. But most things can  be figured out anyway since most classes just are wrappers for the wldap32.dll, which in turn is way better documented. I would like to have as little bindings to a specific server as possible but still be able to access the domain. In the  LdapConnection  it is possible to set the identifier to null and use the executing computer as a starting point to find a domain controller. But sometimes I must know that I am using a Global Catalog, and with more and more RODC in the environment I sometimes must know that I am working against a writeable domain controller.