DotNet Development, SharePoint Customizing, Silverlight, MS Infrastructure and other tips and tricks

Deploy dlls to the webApplications bin rather than GAC

Posted by PANVEGA on May 14, 2008

Background information

Let’s first discuss some topics related to the GAC. The GAC is the centralrepository for assemblies which are installed on a Windows machine (including all important .NET system assemblies implementing the Framework Class Library). By the way, all assemblies which are stored in the GAC must be strong named.

The primary purpose of the GAC is to eliminate problems of sharing DLL code. There are several ways to interact with the GAC, for instance via the gacutil tool or ShFusion.dll, which is a Windows Explorer shell extension that provides a user-friendly interface to the GAC.

If you want to see ShFusion.dll in action go to the <%windir%>\assembly folder. You can also access the GAC through the Fusion API (implemented in Fusion.dll).

An assembly must be strongly named before it can be added to the GAC. The correct way to do this in visual studio 2005 is specify the path to a strong name key file (snk file – generated with sn -k ) in the signing tab of the projects properties dialog.
Once this is done, under the Build Events tab of the projects properties dialog, specify the following to install the assembly to the GAC on a successful build:
"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\gacutil.exe" /i "$(TargetPath)"

Note that you do not need to worry about uninstalling the existing assembly from the GAC before installing the new one – the above command takes care of this.

Also Note – make sure that you set the AssemblyVersion in AssemblyInfo.css to or equivalent. If you leave stars in the AssemblyVersion, the assembly will get installed multiple times in the GAC (for each version).


Best practice for development is not to deploy to the GAC, but to work on the bin folder. this saves a lot of time (no need to recycle the application pools each time you build to clear the cache) and allows easy debugging.

Normaly it is secure to deploy the dll to the bin folder of you web application. If you are note sure about the content of the dll, do not copy it to your GAC. The DLL have now fully control on your machine and can do whatever it wants.If you wann deply your assembly to the GAC you receive in your Central Administration a red waring message before starting deploying.

  1. Biggest advantage is the fact that you do not have to reset iis after every compilation of code.
  2. You can directly copy the dll from the other bin folders to this as and when required.
  3. lower security risks like CAS security policies <trustLevel name=”WSS_Minimal” policyFile=”C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_minimaltrust.config” />

Here is an example how to add you 2 dlls to the webapplication and GAC folder in the manifest.xml:

<?xml version=”1.0″ encoding=”utf-8″ ?>
<Solution xmlns=”;

<FeatureManifest Location=”WebPartFeatureFiles\feature.xml”/>
<Assembly DeploymentTarget=”WebApplication” Location=”SampleWebParts.dll”>
<SafeControl Assembly=”SampleWebParts, Version=, Culture=neutral,
PublicKeyToken=null” Namespace=”SampleWebParts” TypeName=”*”/>
<Assembly DeploymentTarget=”GlobalAssemblyCache” Location=”ConnectionSend.dll”>
<SafeControl Assembly=”ConnectionSend, Version=, Culture=neutral, PublicKeyToken=b51650fecfb783f6″ Namespace=”ConnectionSend” TypeName=”*”/>

The first DeploymentTarget is for the Webapplicatin the second one is deplxed into the GAC folder. Add the dll SafeControl tag in order to register in your SharePoint web.config.

You will find the dll in C:\Inetpub\wwwroot\wss\VirtualDirectories\moss.litwareinc.com80\bin

Path to GAC: c:\windows\assembly\gac\[assemblyname]\version.

You can use this script in Visual Studo build event if necessary.

path = “E:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\”
gacutil.exe /if “$(TargetPath)”

without the app.config or the RecycleAppPools.vbs parts. I also want the iisreset automatic pls

Following steps are necessary:

  1. The Assembly can be without Strong Name
  2. References System.Security to your Webpart-Project
  3. Add into the AssemblyInfo.cs:

    using System.Security;
    [assembly: AllowPartiallyTrustedCallers()]
  4. –> Project Properties –> build set to Sharepoint bin-Folder (copy PostBuilt Event)
  5. <SafeControls>in the web.config of your Sharepoint Application<SafeControl>Assembly=”TestWebPartLibrary, Version=, Culture=neutral,
    PublicKeyToken=XXXXXXXXXXXXXXXXX Namespace=”TestWebPartLibrary” TypeName=”*”
    Safe=”True” />
  6. adding <securityPolicy> to your web.config:<securityPolicy>
    <trustLevel name=”Full” policyFile=”internal”/>
  7. <trust> add the trust Tag to the web.config and set to “Full” Level:
    <trust level="Full" originUrl="" />
  8. Uncomment the default trust level tag. Otherwise you receive a Security FileIOPermission Error Code message

more about Trust Level Settings


Creating a solution package is the only way to deploy an assembly to a SharePoint farm. For that, you use the <Assemblies> element. This element can have one or more <Assembly> elements, each one bearing two mandatory attributes:

  • DeploymentTarget – Specifies if the assembly should be copied to the GAC (if its value is GlobalAssemblyCache) or to the BIN folder of the web application (if its value is WebApplication).
  • Location – Specifies the path to the assembly inside the solution package. This value is relevant because, when placed in the BIN folder of the web application, the assembly will be placed in the same folder structure that exists inside the solution package. This means that, if you want to place the assembly in the BIN folder (and not in any subfolder), you must put it in the root of the solution package.


The <SafeControls> element allows you to add one or more lines to the SafeControls section of the web application’s web.config file. This is an essential step if you are deploying a web part or a web control to SharePoint, because without it SharePoint will not allow it to be used. This element can have one or more <SafeControl> elements, each one with four mandatory attributes:

  • Assembly – The full qualified name of the assembly.
  • Namespace – The namespace of the type to be marked as a safe control.
  • TypeName – The name of the class that implements the control to be marked as safe. You can use the asterisk (*) character to specify that all types in the assembly are safe.
  • Safe – Boolean flag that indicates if the type is to be marked safe or unsafe.

If you look closely, you’ll see that each <SafeControl> element has exactly the same format as the line added to the web application’s web.config file.


2 Responses to “Deploy dlls to the webApplications bin rather than GAC”

  1. […] Different ways how  to add a dll to your SP Solution and deploy it on your server. Read one of my p… […]

  2. nlvraghavendra said

    Setting TrustLevel = Full is a high risk and it is not recommended at all.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: