structuremap will scan your machine.config / web.config


It's not a security threat or concern. I don't mean StructureMap does any harm. As IoC container, StructureMap tries to do his job by searching for assemblies specified in your machine.config or web.config.

For example, it is a kind of legacy, but we specified our custom GAC assemblies in web.config in C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

[sourcecode language="xml"]
<compilation>
<assemblies>
<add assembly="mscorlib"/>
<add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
...
<add assembly="Your.Custom.Assembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c77a5H561934e089"/>
...
[/sourcecode]

The problem is StructureMap can complain that it can't load the type while it is trying to find the matching instance. For example, we have the assembly on our dev machine and integration server, but not on the build box, and suddenly our functional tests start failing. Our functional tests do not use those dlls at all, and still StructureMap fail.

So beware of those naughty custom GAC assemblies, if you have any and put them in web.config or machine.config.