Trusting network shares in Visual Studio 2010 / .NET 4.0

Trusting network shares in Visual Studio 2010 / .NET 4.0 by DSell88

Closed

as Fixed

Type:	Bug
ID:	604282
Opened:	9/23/2010 5:22:21 PM
Access Restriction:	Public

Workaround(s)

view

User(s) can reproduce this bug

I work for the CS department of an educational institution where each student's "My Documents" folder is redirected to a network share. Their profiles are deleted after they log off, so we encourage them to use this share to store projects and whatnot instead of saving to the local machine. Our classic problem with this has been the CAS policy's distrust of network shares. In VS 2008 and earlier, running caspol would allow us to set up a trust relationship:

E.G: caspol.exe -m -pp off -ag 1.2 -url file://\\UNC\path\* FullTrust

However, when we upgraded to VS2010, this command no longer worked. I've spent a bunch of time exploring VS config files and looking into the loadFromRemoteSources element, but I've been without any luck. I've tried inserting loadFromRemoteSources enabled="true" into the runtime elements of the following config files without success:

%systemroot%\Microsoft.NET\Framework\v4.0.30319\Config\machine.config

%programfiles%\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe.config

\\UNCProjectLocation\WindowsApplication\App.config

No matter what I try I still get the "You should only open projects from a trustworthy source" message box when I create a new application or open an application that is stored on our local intranet.

We also get a message a build time when a project is stored on a network location. It states "The following module was built either with optimizations enabled or without debug information". I’m not sure if this has to do with a trust issue, or if our settings are incorrect, but when I move the project to a local drive the message disappears.

I have only tested this with simple VB.NET based Windows forms, and have not tried building anything that accesses information outside of itself yet, but I'd imagine that would be hindered by not being considered "fully trusted"

Details (expand)

Visual Studio 2010

Security

1. Map a drive to a shared location on another machine in the local intranet
2. Open Visual Studio 2010 and create new VB.NET Windows Forms project
3. Set the save location to the drive previously mapped, click OK
4. Once in the Designer, add a couple objects and press F5

English

Windows 7

English

The "You should only open projects from a trustworthy ource" messagebox appears when a new project is created on a network location or a project is opened from a network location.

The message, "The following module was built either for optimizations enabled or without debug information" appears at build-time if the project is saved or opened from a network location.

Enabling loadFromRemoteLocation has no effect on making these projects "fully trusted"

We expect that adding loadFromRemoteLocation to the configuration files of either .NET 4, Visual Studio 2010, or the individual projects themselves would mitigate these messages and allow all projects stored on network locations to be "fully trusted". Similar in fashion to the way adding trusted locations in CAS used to work prior to .Net 4.

File Name	Submitted By	Submitted On	File Size
SecurityWarning.png	DSell88	9/23/2010	29 KB
SansDebug.png	DSell88	9/23/2010	15 KB
SecurityWarning.png	DSell88	9/23/2010	29 KB
SansDebug.png	DSell88	9/23/2010	15 KB

Posted by hobbsenigma on 5/17/2013 at 6:37 AM

Years later, this is still not fixed. Please reopen.

Posted by MrBeatnik on 6/13/2011 at 2:29 AM

Hi, this is closed but about 10 months later I still receive this problem with VS2010 SP1 installed.
How can we make a UNC path (network intranet share) a trusted source for opening automatically when deployed to multiple PCs from a network admin share?

As mentioned, the caspol command does not seem to work?

Posted by Microsoft on 10/29/2010 at 7:17 PM

Hi Derek, this is on our plans to be fixed in the next release of Visual Studio.

Thanks
-Ion

Posted by DSell88 on 10/2/2010 at 12:48 PM

Well thank you for looking into it at least. For now we will tell the users in our environment to save their projects on portable media until we hear more about a viable solution from your end.

Thanks,
Derek

Posted by Microsoft on 10/1/2010 at 5:39 PM

Derek - sorry, I had forgotten that this will be triggered not only by originating from the internet (which would allow you to hit UNblock) but also in some other cases, like I think, being on a network share, in the temp or downloads directory.
I don't know a way to switch that off wholesale, I"m afraid. You are supposed to be able to do it with
Tools>Options>Projects and Solutions>Warn user when project location is not trusted
But embarrassingly, this doesn't seem to function.
I"m leaving this bug active to fix that for the next version. Meanwhile I'm afraid you'll have to keep clicking through the dialog for the first time you open a particular solution.

Dan

Posted by DSell88 on 9/24/2010 at 10:34 AM

The problem with the first suggestion is that we're not only trying to supress the message, but we want to avoid any issues that would crop up with our student's solutions being not "fully trusted".

I have also searched the properties of every file and folder in one of the problem solutions I created, and I did not see an "Unblock" button on any of them.

We also would like a fix that we can roll out to all instances of Visual Studio 2010 running on our network in the same way we had with caspol in Visual Studio 2008 and earlier. Telling our students to perform a tweak for each project they create is not a desirable solution. Is there a way to create a remotely deployable fix for 2010?

Posted by Microsoft on 9/24/2010 at 9:50 AM

Hi Derek
To avoid the message, you can either (1) just agree to load; this should suppress the message for whenever you open the project as part of that solution as the same user on the same machine; or (2) go to windows explorer, right click on the project file, choose Properties, look at the bottom of the General tab, if there's an Unblock button click on that. You might need to do this for any .user file next to the project as well.
Let me know if that works.
Dan

Posted by Microsoft on 9/23/2010 at 10:36 PM

Thank you for reporting the issue.
We are routing this issue to the appropriate group within the Visual Studio Product Team for triage and resolution.These specialized experts will follow-up with your issue.