How does one fix the "'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete" compilation error?
Did you read the full compiler warning or visit the link it includes? The "naked" CLR no longer restricts CAS permissions under .NET 4.0 unless you flip a "legacy mode" switch, so there is no replacement for your RequestMinimum use. The assembly-level SecurityPermissionAttribute should be removed, not modified.
For a more complete explanation of the 4.0 CAS changes than appears on MSDN, see http://blogs.msdn.com/b/shawnfa/archive/2009/05/21/security-policy-in-the-v4-clr.aspx and http://blogs.msdn.com/b/shawnfa/archive/2010/02/24/so-is-cas-dead-in-net-4-or-what.aspx.
Related videos on Youtube
03 : 45
07 : 35
02 : 31
01 : 56
07 : 01
02 : 42
02 : 45
04 : 36
05 : 43
02 : 30
02 : 20
01 : 06
03 : 45
08 : 20
03 : 07
Schalk
BY DAY: Slave to alien code... BY NIGHT: Information overloading FOR FUN: Riding waves in peace
Updated on June 13, 2022Comments
-
Schalk about 2 years
I received the following compilation warning as a error while upgrading some ASP.NET code from .NET 3.5: 'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete.
The attribute has bee applied on the assebly level:
[assembly: System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityAction.RequestMinimum, Execution=true)]Also the code makes use of the P&P Web Client Software Factory, specificly the ObjectBuilder.WCSFExtensions library. Also it the code is providing some role provider implementations.
Keep in mind this code is used as Framework code in other projects, so it is hard to determine what security demands there might be.
So the milion dolar question is:
What value needs to be used for the "System.Security.Permissions.SecurityAction" enum?
Alternatively is there a better approach to applying the this security attribute?
-
Schalk over 12 yearsThanks Nicole, the articles you mentioned provides a clearer background than the MSDN documentation (which was comprehensive, but did not give any explicit/obvious statement saying: remove the attribute). I was not sure what the implications would be in removing the attribute. In the end I opted to leave that code in 3.5 for now.
-
Nicole Calinoiu over 12 yearsAn assembly-level RequestMinimum simply instructs the host not to load the assembly if it isn't granted the specified permission. A RequestMinimum for execution permission is pretty near useless anyway since the host won't run any code in the assembly unless it has execution permission. The only difference in runtime behaviour when the permission is not granted are the details of the exception and when it is thrown. However, regardless of whether the attribute is present or not, you will see an exception before any code in the assembly is executed.
