After Windows update "The type or namespace name 'Html' does not exist in the namespace 'System.Web.Mvc'"

asp.net asp.net-mvc windows-update

38,002

Solution 1

Holy crap, thanks to @Nevada-Williford for the hint. Going in and setting my System.Web.Mvc reference to <Private>True</Private> (Copy Local = True) fixed it. Note, that before the update everything was working, after the update I had to modify my csproj to get it working again.

Working theory on what's going on:

Copy Local = True and <Private>True</Private> used to be almost, but not exactly, the same thing. The former was a Visual Studio setting, the latter an msbuild setting. If the msbuild setting was absent, the Visual Studio setting would be applied (as long as you were in VS). In this update I think they changed it so Copy Local just reflects the presence attribute.

In our project we do not have that attribute set explicitly but Copy Local = True so prior to the update System.Web.Mvc.dll gets copied to the bin directory. After the update, since the attribute is missing Copy Local shows False and you have to set it to True to make sure you get a local copy.

Manually setting Copy Local = True (or adding that xml element to msbuild) fixes the issue.

Edit: While this appears to be the answer to the specific question, anyone coming here should read the comment thread and other answers - especially dmatson's - for more context, caveats, and related bugs.

Solution 2

This was broken for any users without CopyLocal=true (or, in MSBuild speak, <Private>True</Private>) by MS14-059. MVC templates do set <Private>True</Private> by default, but if you use NuGet to update the MVC version, you lose that setting (see NuGet bug #4344).

There are two aspects to the problem:

Razor doesn't include a reference to MVC by default, so its compilation won't work unless some version of the MVC DLL exists in your bin folder.
If you deploy to a separate machine that doesn't have this update installed, the MVC DLL isn't included in your output anymore, so MVC will be missing.

You're seeing problem #1. To resolve both problems, I'd recommend making both of the following changes:

Add the following configuration to Views\Web.config:

<system.web>
  <compilation>
    <assemblies>
      <add assembly="System.Web.Mvc, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    </assemblies>
  </compilation>
</system.web>

Set CopyLocal=true in the VS UI for the project reference, or manually add the following line below in the Reference in your .csproj file:
```
<Private>True</Private>
```

So your full reference should look something like the following:

<Reference Include="System.Web.Mvc, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
  <Private>True</Private>
  <HintPath>..\..\packages\Microsoft.AspNet.Mvc.5.0.0\lib\net45\System.Web.Mvc.dll</HintPath>
</Reference>

Note that NuGet will remove the CopyLocal/Private setting if you update packages again in the future. (For example, if you update to MVC 5.2 today). If that version of MVC is ever GAC'd, problem #1 above will not recur as long as you've added the configuration in step A above, but problem #2 could still happen again. To ensure this doesn't happen in the future, I'd recommend manually setting CopyLocal back to true any time you do a NuGet package update.

Solution 3

You can go to References of current Project.
Right click in dll System.Web.Mvc and choose Properties
A Properties window will open
Change Copy Local to True

Solution 4

Setting CopyLocal=true did not help. Cleaning the solution then closing it and reopening it again worked. You might need to close the entire Visual Studio instance as well.

Solution 5

This appears to have been caused by a Windows Update (KB2990942) to fix security vulnerablity MS14-059, allowing security feature bypass. Our builds stopped working on our build server after the Windows Update was installed, and updating the csproj files to use 4.0.0.1 for the System.Web.Mvc reference fixed the issue.

Microsoft's description of the vulnerability is:

The vulnerability could allow security feature bypass if an attacker convinces a user to click a specially crafted link or to visit a webpage that contains specially crafted content designed to exploit the vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through a web browser, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website, or by getting them to open an attachment sent through email.

View more solutions

38,002

Author by

Abhishek

I have been a senior developer with a focus on architecture, simplicity, and building effective teams for over ten years. As a director at Surge consulting I was involved in many operational duties and decisions and - in addition to software development duties - designed and implemented an interview processes and was involved in community building that saw it grow from 20 to about 350 developers and through an acquisition. I was then CTO setting up a dev shop at working closely with graduates of a coding bootcamp on both project work and helping them establish careers in the industry. Currently a Director of Engineering at findhelp.org your search engine for finding social services. I speak at conferences, have mentored dozens of software devs, have written popular articles, and been interviewed for a variety of podcasts and publications. I suppose that makes me an industry leader. I'm particularly interesting in companies that allow remote work and can check one or more of the following boxes: Product companies that help people in a non-trite manner (eg I'm not super interested in the next greatest way to get food delivered) Product companies that make developer or productivity tooling Funded startups that need a technical co-founder Functional programming (especially Clojure or Elixir) Companies trying to do something interesting with WebAssembly

Updated on July 08, 2022

Comments

Abhishek almost 2 years
I did a Windows update and afterwards my asp.net mvc 5 application will no longer load complaining about
```
CS0234: The type or namespace name 'Html' does not exist in the namespace 'System.Web.Mvc'
```
indicating my views web.config is at fault
```
  <system.web.webPages.razor>
    <host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <pages pageBaseType="System.Web.Mvc.WebViewPage">
      <namespaces>
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization"/>
        <add namespace="System.Web.Routing" />
        <add namespace="Ogre.Extensions" />
        <add namespace="Newtonsoft.Json"/>
      </namespaces>
    </pages>
  </system.web.webPages.razor>
```
Now this is very confusing. In my project itself I can see the Html namespace, opening my assembly in ILSpy I can navigate to the bound System.Web.Mvc and I can it as well, and the fusion log is not showing any suspicious binding errors.

It's as if just my views are getting bound (successfully) to an old version of Mvc. Why would that ever happen? How can I fix it?

Let me be clear that there have been no configuration or even code changes. This is all on my dev machine on IISExpress. It was running, I did the update and rebooted and now it is no longer running.

Here are my recent installs from the update. I could start removing them one by one, but I want to know what is actually going wrong as it feels like I'm missing part of the story.
Brad Christie over 9 years

Kind of makes sense. Looks like a (forced) migration and part of the vNext project where solutions rely on fewer dependencies coming from the framework.
Abhishek over 9 years

Oh totally makes sense and a change for the better, but an unheralded out-of-band update that requires changes to existing code? Really bad form.
Abhishek over 9 years

Soooo....that just basically says "it's a vulnerability where a user can be attacked via a webpage", right? Pretty useless description.
xanadont over 9 years

It's worth noting that this also breaks existing projects that have Copy Local = True already set. At least for me, the project was no longer copying the assembly locally. Toggling to Copy Local = false, saving, then back to true and saving fixed it.
Abhishek over 9 years

Holy cow that's awful. Everyone please go upvote that nuget bug.
Abhishek over 9 years

This seems like some sort of confirmation
realstrategos over 9 years

This can easily break your builds on your CI servers, confused the crap out of me the other day when my servers updated and were throwing this error but locally it was working (hadnt received the updates locally yet)
Rob over 9 years

If anyone is confused in the future; it should be System.Web.Mvc, not System.Mvc.Web
Danny Tuppeny over 9 years

Setting CopyLocal=true did not help us; see: System.Web.MVC not copied to bin folder since MS14-059
Danny Tuppeny over 9 years

Setting CopyLocal=true did not help us; see: System.Web.MVC not copied to bin folder since MS14-059
Abhishek over 9 years

@DannyTuppeny is the reference in the project file marked as <private>true</private> though?
Abhishek over 9 years

This will only work if you have that version of mvc available locally or in the gac
Danny Tuppeny over 9 years

@GeorgeMauer See my updates on that post; it is missing private=true, however upgrading to MVC 5.2.2 fixed it, and did not introduce any changes there :-/
Hemslingo over 9 years

CopyLocal=True will put a local copy in the bin folder and run from that. Just make sure you upload it to the bin folder of the application on the test/production server.
Abhishek over 9 years

Let me correct you there, <private>true</private> in your project file will be force it to be copied. Copy Local = True will sometimes force it to be copied because that entire feature is buggy. Unfortunately, as other people mentioned, an unrelated nuget bug will remove the <private>True</private> setting if you update from nuget and you will have to manually re-add it.
Hemslingo over 9 years

I personally don't use nuget to reference the system namespace as this seems a bit convoluted, as you have just pointed out with the 'buggyness' you mentioned. but each to their own hey! This has worked for me and hopefully will shed some light on it for some other people.
Abhishek over 9 years

What did that actually do to the csproj file? CopyLocal=true should just be a ui for making a change to the csproj file now.
usefulBee over 9 years

Not sure what it did to the csproj file. Also CopyLocal was already set to true like other devs reported. However, all I know is after closing the solution or the Visual Studio instance and reopening it again, the error disappeared.
Shawn Gavett almost 9 years

Cleaning and rebuilding the Solution worked for me. Thank you for the suggestion
3 rules over 7 years

Thanks it works but how it solved just don't get idea! Can you please give some little bit description how it solved?