Error text refers to a switch which is not defined - loadFromRemoteSources - relative to Prism, CAS Policy changes in .Net 4.0

Question

I am trying to get a Silverlight Prism app to build in VS2010. I have tried allowing it to convert to .Net 4.0, and I have tried keeping it at .Net 3.5. In both instances I cannot build because of CAS Policy issues. The error text refers to the following link:
http://msdn.microsoft.com/en-us/library/dd233103(VS.100).aspx

The help text also says "If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch." - but a search online for loadFromRemoteSources returns 0 hits on live.com and little more on other search engines. I think that the loadFromRemoteSources switch needs to be documented somewhere.

I understand this build issue I have is relative to CAS Policy changes in .Net 4.0 regarding externally referenced DLLs, but I am not finding any quick answer to how to get beyond this issue, so I'm not able to move forward with VS2010. I think this error needs to be very well documented if it is going to be a breaking change and prevent users from moving to VS2010 without making some sort of change to existing projects.

Here is the full text of the error which I receive on all my projects using Prism v2. If anyone has any help it would be much appreciated:

Error    1    The "ValidateXaml" task failed unexpectedly.
System.IO.FileLoadException: Could not load file or assembly 'file:///C:\Users\SmartyP\Desktop\Matchingo.Silverlight.2010\_Externals\Prism2\Microsoft.Practices.Composite.dll' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
File name: 'file:///C:\Users\SmartyP\Desktop\Matchingo.Silverlight.2010\_Externals\Prism2\Microsoft.Practices.Composite.dll' ---> System.NotSupportedException: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework.  This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous.  If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go2.microsoft.com/fwlink/?LinkId=131738 for more information.

   at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)
   at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)
   at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
   at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, StackCrawlMark& stackMark)
   at System.Reflection.Assembly.LoadFrom(String assemblyFile)
   at Microsoft.Silverlight.Build.Tasks.ValidateXaml.XamlValidator.Execute()
   at Microsoft.Silverlight.Build.Tasks.ValidateXaml.XamlValidator.Execute()
   at Microsoft.Silverlight.Build.Tasks.ValidateXaml.Execute()
   at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()
   at Microsoft.Build.BackEnd.TaskBuilder.ExecuteInstantiatedTask(ITaskExecutionHost taskExecutionHost, TaskLoggingContext taskLoggingContext, TaskHost taskHost, ItemBucket bucket, TaskExecutionMode howToExecuteTask, Boolean& taskResult)

    Matchingo.Modules.AboutScreenModule

Answer 1

after trying to convert the project a few times more i have finally gotten it to build (after a few changes relative to embedded fonts).. but ill still need to understand this error if i want to move to .net 4.0.. thanks for any help

Answer 2

Caveat: I'm not on the security team but will attempt to answer this nonetheless...

What's happening here is that the build tasks for Silverlight are attempting to load an assembly that, in previous versions of the CLR, would classify it as a partial trust assembly based on its evidence (e.g. its zone) according to CAS policy.

In CLR 4.0, CAS policy is totally deprecated and is not even enabled by default. Under the circumstances, though, it appears the CLR throws an Exception when what would be a partial trust load in CLR 2.0 is a full trust load in CLR 4.0.

The loadFromRemoteSources switch the Exception message refers to is in the runtime element under configuration and looks like this:

<runtime>
  <loadFromRemoteSources enabled="true|false" />
</runtime>

This will not enable legacy CAS policy but will allow you (or, in this case, the build system) to load remote assemblies with the same permissions as the host AppDomain. In this case it seems as though you could modify the configuration for the build system (which I assume in this case would be Visual Studio: %ProgramFiles%\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe.config) to enable this switch.

If you don't want to modify that configuratino then you can set the environment variable COMPLUS_EnableLegacyCASPolicy to 1, which will enable CAS Policy that was present in CLR 2.0 and also allow Silverlight to load this task.

Hope that helps.
David

---

Blog - http://blogs.rev-net.com/ddewinter/ Twitter - @ddewinter

Answer 3

Thanks for the reply David, this is very helpful. I will have to give this a whirl tomorrow night and respond back.

I guess an overarching question I have is how adding external references will look like now in CLR 4.0 and Silverlight. I am making use of the Prism guidance on codeplex, so i guess going forward any external references i make use of will only work when building by making use of your suggestions? is there a better way to add references now in .net 4.0, or would a newer version of those assemblies built against the latest CLR remove these issues?

Thanks again, and sorry if my reply doesn't make total sense, I will have to take a better look into your input tomorrow evening once i have a chance.

thanks again

Answer 4

Unfortunately I have only used Prism in conjunction with WPF, so I'm not sure what the story is with Silverlight/Prism. This might be something you have to do as a workaround for now.

However, it seems strange to me that loading an assembly from what should be your My Computer zone would cause this Exception to occur. Something is causing the CLR to treat this assembly as being from a zone other than My Computer, like LocalIntranet or TrustedSites. Is it possible that this could be the case?

---

Blog - http://blogs.rev-net.com/ddewinter/ Twitter - @ddewinter

Answer 5

I'm wondering if it is because I am running the project from my desktop.. i had received warnings in VS2008 from time to time that the location i was loading the project from was not a trusted location, and asking me if i was sure i wanted to open the project.. ill give a few things a whirl tonight and post back. thanks again