Click here to Skip to main content
Click here to Skip to main content

Assemblies: locating, binding and deploying

, 10 Nov 2005
Rate this:
Please Sign up or sign in to vote.
How to plan, up front, for service packs, upgrades and hot fixes as they come along.


This article describes how the CLR locates and binds assemblies and how to change the default behavior when needed (e.g. in the deployment stage).

Any developer and system administrator who deals with .NET assemblies, especially commercial applications, must be familiar with these topics. This knowledge is the best way to plan for service packs, upgrades and hot fixes as they come along.

The .NET Framework is loaded (almost inflated) with a bunch of terms and features related to assembly deployment, locating and binding.

Here is a short list:

  • Static and dynamic loading
  • Public and private
  • GAC and private folder
  • Probing
  • Codebase
  • BindingRedirect
  • App.Config and Machine.config
  • Strongly named and weakly named
  • DevelopmentMode


The article is not at the beginner level, readers with basic knowledge in configuration files and assembly structure can also benefit from it right in the first reading.

The quest for type resolving

The CLR – Common Language Runtime – is responsible for the process of locating and binding referenced assemblies. Locating is the process of finding the correct assembly in the hard disk. Binding is the process of loading the assembly in the application address space.

The quest begins when the JIT encounters user defined types that need to be resolved. Then the CLR tries to detect where the type definition is:

  • Same file in the same assembly
  • Different file in the same assembly
  • Different assembly

This article deals with the third option.

General process blocks

The CLR moves from stage to stage, as described above, in order to determine the exact assembly to load. The reason for this flow is that each stage might override the information in the previous stage. Although, it might look like a cry out redundancy it is really necessary, because of the need to make changes in the deployment files after installation. For example, when installing a Service Pack, the system administrator would like to keep the previous installation up and running. This need requires changes in the locating and the binding process of new assemblies with new versions.

1) Search for referenced assembly upon name and version

  1. Configuration File - App.config

    The CLR checks the App.config after the manifest check. In case the referenced assembly version is overridden the App.config setting has the upper hand.

  2. Publisher policy file

    The CLR checks for the publisher policy file after the App.config check. Publisher policy files are deployed as part of an update, hot fix or service pack. A publisher policy file is used when the updated shared/public assembly has a new version (that it is different from the assembly's manifest). The setting in the publisher policy file has the upper hand unless the App.config file sets the safe mode (<PUBLISHERPOLICY apply= "no">).

  3. Machine configuration file

    The CLR checks in the machine.config file after the publisher policy file check. The file is shared by all .NET applications on the machine. In case of a version difference, the setting in the Machine.config has the upper hand.

2) Checking for previously referenced assemblies

The CLR checks if the assembly is already loaded (due to previous code execution statements). If found the CLR uses it. At first it looks like the fox in Redmond has a design bug - why not checking the assembly in the previous loaded assembly list in the first stage? The reason for that is the need to examine first which version is required.

3) Check in the GAC (Global Assembly Cache)

If not found in stage 2 and the manifest implies that the assembly is strongly named, the CLR checks the GAC. If exists, the GAC has the upper hand.

4) Codebase or Probing

The prior stages inform the CLR what is the required assembly version. In this stage, the CLR attempts to find and load the assembly.

  1. Codebase

    If the Codebase tag is defined in the application configuration file, the CLR checks only the defined location. If the assembly is not in the given URL, the probing process is terminated.

  2. Probing

    In case there is no Codebase tag in the configuration file or if the attempt to retrieve the file from the URL fails, the CLR starts the Probing process.

  3. Subdirectories

    Search in the application directory and then in the subdirectories with the assembly name.

    [application base] / [assembly name].dll 
    [application base] / [assembly name] / [assembly name].dll

    If the referenced assembly has a culture definition then the CLR checks in the following sub-directories:

    [application base] / [culture] / [assembly name].dll 
    [application base] / [culture] / [assembly name] / [assembly name].dll

    The CLR also check in BinPath.

    Tip: The CLR terminates the probing process as soon as the reference assembly is found (name search only). In case the assembly is correct - all is well - else the binding fails (Filenotfound exception raised).

Features and Terms

Static and Dynamic loading

In static loading, the CLR checks for assemblies in the assembly manifest. The list of statically referenced assemblies is entered to the file in the build process. In dynamic loading, the CLR is introduced to the assembly in run time. This feature is wrapped up in the System.Reflection assembly, which exposes methods like Assembly.Load (similar to the LoadLibrary function).

Private and Public/Shared assemblies

Shared assemblies are not deployed in the same directory of the application that uses them. The CLR will not complain if you do, but it is a deployment error to copy the shared assembly in one of the base application's directory and direct others to it. Typically shared assemblies are registered in the GAC or in a share directory (the application that uses them needs to know about).

Strongly and weakly named assemblies

The main difference between the two is that a strongly named assembly contains a public token. The token uniquely identifies the assembly. It is required for shared assemblies that are installed in the GAC. The reason for that is the slight chance that some developer creates an assembly with the same name, culture and version as one that happens to be installed in the same PC. Another difference (implied from the previous) is that strong name assemblies can be deployed privately and publicly (GAC) whereas weakly named assemblies can only be deployed privately.

Tip: Do not copy the assembly to the GAC folder ([windows main folder]\assembly). The assembly must be registered in the GAC. Use the GacUtil via the .NET command prompt or drag and drop the assembly to the GAC window.

Shared assembly and the GAC

A shared assembly that is copied outside the application base directory must be strongly named but is not required to be installed in the GAC. In this case the shared assembly location must be specified in the configuration file using the Codebase tag. Application suites can create a shared folder and copy the shared assemblies to it.

The following is a list of reasons that helps to decide when to use the GAC instead of a proprietary shared folder:

  • Third party applications might use the shared assembly. Copying the assemblies to a shared folder obligates the application that uses them to know about its location.
  • Side by side execution is easier when new version assemblies are installed in the GAC. It saves the time of dealing with different paths for different versions. Moreover, using proprietary, shared folders might cause DLL Hell.
  • Only a user who is defined in the Windows administration group can install assemblies in the GAC (security).
  • Shared folder is more accessible for reckless user mistakes like delete and override.
  • Save disk storage: this is quite a stupid reason - I know. Today, disks are very cheap, but you can not ignore the fact that copying an assembly to different locations over and over again will have some storage impact.


This is one of the two ways to define an assembly location. The instruction is done in a configuration file. You can specify only subdirectories under the application base directory (see snippet).


This is one of the two ways to define an assembly location. The CLR, first checks the assembly version, then searches for an override CodeBase definition in the configuration file. The version attribute is required, only, for strong named assemblies. For weakly named assemblies the href attribute must be assigned, only, to a subdirectory. This URL can refer to a directory on the user's hard disk or to a Web address. In the case of a Web address, the CLR will automatically download the file and store it in the user's download cache (a subdirectory under <Documents and Settings>\<UserName>\Local Settings\Application Data\Assembly). When referenced in the future, the CLR will load the assembly from this directory rather than access the URL. The CodeBase tag should only be defined in the machine configuration or publisher policy files that also redirect the assembly version (see snippet).


This feature enables the binding of a certain assembly to a different file version and it is very useful for service pack installations. Usually the redirect is done to a GAC registered assembly. The GAC allows us to install the same assembly with different versions. The CLR checks the configuration file and redirects the binding accordingly (see snippet).

Locating Assemblies Using DEVPATH

The DEVPATH is nice feature for the development stage. The feature eases the development life cycle by delaying the decisions in regards to the deployment stage.

The developer can create a DEVPATH environment variable that points to the build output directory for the assembly. Follow these steps to enjoy this feature:

  • Specify the element in the machine configuration file. Make sure you add it to the relevant framework version.

    The CLR searches for the referenced assemblies in the path described in the DEVPATH environment variable.

  • Define an environment variable. Name: DEVPATH. Value: path. Make sure that you enter it as a system variable and that the path value is ending with \.

Example: add the following statement above the </CONFIGURATION> tag.

      <developmentMode developerInstallation="true"/>


The snippets below are related to the following example:

  • The application name is HelloWorld.
  • The application is located in c:\MyTest.
  • ProductCabinet is a sub directory under the MyTest directory (c:\MyTest\ProductCabinet).
  • The file ReferencedFile.dll is located under the ProductCabinet directory.


<?xml version="1.0" encoding="utf?8" ?>
            <assemblyBinding xmlns="urn:schemas?microsoft?com:asm.v1">
                    <probing privatePath=" ProductCabinet" />


<?xml version="1.0" encoding="utf?8" ?>
            <assemblyBinding xmlns="urn:schemas?microsoft?com:asm.v1">
                    <codeBase version="" 
                      href= "file:///c:\ MyTest\ProductCabinet ReferencedFile.dll"/>


<?xml version="1.0" encoding="utf?8" ?>
      <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
         <assemblyIdentity name=" ReferencedFile"
                           culture="en-us" />
         <bindingRedirect oldVersion=""
          <publisherPolicy apply="no">


  • Fuslogvw – Assembly Binding Log Viewer

    "The Assembly Binding Log Viewer displays details for failed assembly binds. This information helps you to diagnose why the .NET Framework cannot locate an assembly at run time. These failures are usually the result of an assembly deployed to the wrong location or a mismatch in version numbers or cultures. The common language runtime's failure to locate an assembly typically shows up as a TypeLoadException in your application" (MSDN)

    Tip: make sure you set the HKLM\Software\Microsoft\Fusion\ForceLog registry value to 1 (the value is a DWORD).

  • NET Framework Configuration Tool

    NET Framework Configuration allows you to configure assemblies, remoting services, and code access security policy specifics. (MSDN)



The Process of loading and binding .NET assemblies is complex. Nevertheless, it is an important, inevitable, subject to know what it is going on under the scenes. The familiarity with this process is the only good way to start preparing for deployment and to answer some important questions like:

  • What are the configuration/overriding options?
  • What is the correct configuration file to use?
  • How to successfully install Hot Fix and Service Packs?
  • How to troubleshoot the FileNotFound exception?


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

No Biography provided

Comments and Discussions

QuestionThanks for sharing Pinmemberkevininstructor21-Aug-13 4:20 
GeneralMy vote of 5 PinprofessionalMaimonides3-Jul-13 20:55 
GeneralNot working: Code snippets have invalid characters in them, at least on my computer (figured it out and fixed it) Pinmemberbobthetomato17610-Apr-09 13:22 
QuestionHow to configure probing for windows services? Pinmemberjr@munkeby.se9-Jun-08 22:28 
GeneralGood Work PinmemberJPandya9-Nov-07 10:05 
GeneralassemblyBinding VS GAC PinmemberVladimir Vexler17-Sep-07 5:41 
GeneralRe: assemblyBinding VS GAC PinmemberCohen Shwartz Oren17-Sep-07 7:10 
GeneralRe: assemblyBinding VS GAC PinmemberVladimir Vexler17-Sep-07 7:40 
GeneralRe: assemblyBinding VS GAC PinmemberCohen Shwartz Oren24-Sep-07 4:55 
GeneralRe: assemblyBinding VS GAC PinmemberVladimir Vexler24-Sep-07 5:25 
GeneralRe: assemblyBinding VS GAC PinmemberCohen Shwartz Oren24-Sep-07 20:38 
QuestionWhat about assembly version Pinmemberesueno10-Apr-07 18:47 
AnswerRe: What about assembly version PinmemberCohen Shwartz Oren10-Apr-07 23:24 
GeneralRe: What about assembly version Pinmemberesueno11-Apr-07 5:59 
QuestionHow to list all the registered assemblies on a system Pinmemberkamal k s chauhan2-Nov-06 1:54 
AnswerRe: How to list all the registered assemblies on a system PinmemberCohen Shwartz Oren13-Mar-07 15:41 probing not working PinmemberRaj Kumar Mittal11-Oct-06 10:34 
Questiondeployment managed unmanaged dlls Pinmembernadeemahmad19-Sep-06 3:47 
AnswerRe: deployment managed unmanaged dlls PinmemberCohen Shwartz Oren13-Mar-07 15:29 
Hi sorry for the late response.
You have to.

MS support two ways interoperability. Managed to un-managed and vise versa.
PInvoke/dllimport allows you to use un-managed code like C/C++ dll in C# code (see
Using COM dll in C# code is simple as adding a COM reference.
And now for your question: using C# code (managed) in un-managed code like C++ requires COM mediation/translation in between.
If you want your C# code to be exposed to C++ code you must follow some rules (defined by MS).
Those rules was defined because of this COM component that mediate between the two technologies.
When you set in the project setting that the C# dll should be Interop/expose as COM the Visual Studio will create another dll .interop... (if I recall correctly). This is the COM component. Since COM component is heavily registered in the Registry the VS create GUIDs for all the expose classes and other data structures in your C# code. But before Visual Studio will do all of this for you it requires that the assembly will be strongly named.
The strong name requirements is a must, because otherwise the CLR runtime won't be able to definitively identify it.
Please note there are more must to have requirements:
+ must reside in the global assembly cache (GAC) or in the client application's directory.
+ Any exposed .NET class that you want COM to create must provide a default constructor.
If you need to create a COM mediator and register it in the registry during deployment you can use the regasm utility:
Regasm - In order for a COM client to find the .NET object, you need to make the registry entries that COM requires for a client to locate a server when creating an object.
Regasm comes with the .NET SDK.
program reads the metadata in a .NET class and makes registry entries that point the COM client to it.
And last but not least, in case you are interested in the flow behind scenes:
2)the registry directs the request to the registered server, Mscoree.dll.
3)Mscoree.dll inspects the requested CLSID
4)reads the registry to find the .NET class
5)starts CCW that converts native COM types to their .NET equivalents—for example, BSTRs to .NET strings—and forwards them to the .NET object

If you need more data read here:
.NET- COM Interoperability
In COM - Communication between OBJECT through interfaces therefore type library is required to define the types.
In .NET - Using the CLR Communication indirectly between OBJECT (the types is in the assembly meta data)
.NET Client to COM server
.NET --> RCW <-->COM
Interface to Objects
The .NET SDK provides Runtime Callable Wrapper (RCW)
which wraps the COM components and exposes it into to the .NET client application.
RCW can be generated by using VS.NET or by the use of TlbImp.exe utility
Both the ways will read the type library and uses System.Runtime.InteropServices.TypeLibConverter class to generate the RCW. This class reads the type library and converts those descriptions into a wrapper (RCW). After generating the RCW, the .NET client should import its namespace. Now the client application can call the RCW object as native calls.
COM Client to .NET assembly
COM Callable Wrapper (CCW)
Objects to Interface
CCW will be created by the .NET utility RegAsm.exe. This reads metadata of the .NET component and generates the CCW.
This tool will make a registry entry for the .NET components.
COM --> CCW <-->NET



GeneralJust one thing.... PinmemberLars Nilsson18-Jan-06 1:35 
GeneralRe: Just one thing.... PinmemberCohen Shwartz Oren13-Mar-07 15:10 
GeneralThank you for the excellent article PinmemberFrank Hileman12-Jan-06 4:16 
GeneralRe: Thank you for the excellent article PinmemberCohen Shwartz Oren13-Jan-06 2:09 
GeneralRe: Thank you for the excellent article PinmemberLubos Hasko13-Jun-06 22:24 
GeneralRe: Thank you for the excellent article PinmemberFrank Hileman14-Jun-06 3:38 
GeneralNice work! PinmemberIvo Ivanov22-Nov-05 8:58 
GeneralRe: Nice work! PinmemberCohen Shwartz Oren22-Nov-05 11:42 
GeneralRe: Nice work! PinmemberLe_MuLoT5-Dec-05 9:43 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.150327.1 | Last Updated 10 Nov 2005
Article Copyright 2005 by Cohen Shwartz Oren
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid