Share via


<loadFromRemoteSources> Element

Updated: April 2011

Specifies whether assemblies from remote sources should be granted full trust.

Note

If you were directed to this topic because of an error message in the Visual Studio project error list or a build error, see How to: Use an Assembly from the Web in Visual Studio.

<configuration> Element
  <runtime> Element
    <loadFromRemoteSources> Element

<loadFromRemoteSources  
   enabled="true|false"/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

enabled

Required attribute.

Specifies whether an assembly that is loaded from remote sources should be granted full trust.

enabled Attribute

Value

Description

false

Do not grant full trust to applications from remote sources. This is the default.

true

Grant full trust to applications from remote sources.

Child Elements

None.

Parent Elements

Element

Description

configuration

The root element in every configuration file used by the common language runtime and .NET Framework applications.

runtime

Contains information about runtime initialization options.

Remarks

In the .NET Framework version 3.5 and earlier versions, if you loaded an assembly from a remote location, the assembly would run partially trusted with a grant set that depended on the zone in which it was loaded. For example, if you loaded an assembly from a website, it was loaded into the Internet zone and granted the Internet permission set. In other words, it executed in an Internet sandbox. If you try to run that assembly in the .NET Framework version 4 and later versions, an exception is thrown; you must either explicitly create a sandbox for the assembly (see How to: Run Partially Trusted Code in a Sandbox), or run it in full trust.

The <loadFromRemoteSources> element lets you specify that the assemblies that would have run partially trusted in earlier versions of the .NET Framework are to be run fully trusted in the .NET Framework 4 and later versions. By default, remote assemblies do not run in the .NET Framework 4 and later. To run a remote assembly, you must either run it as fully trusted or create a sandboxed AppDomain in which to run it.

Note

In the .NET Framework 4.5, assemblies on local network shares are run as full trust by default; you do not have to enable the <loadFromRemoteSources> element.

Note

If an application has been copied from the web, it is flagged by Windows as being a web application, even if it resides on the local computer. You can change that designation by changing the file properties, or you can use the <loadFromRemoteSources> element to grant the assembly full trust. As an alternative, you can use the UnsafeLoadFrom method to load a local assembly that the operating system has flagged as having been loaded from the web.

The enabled attribute for this element is effective only when code access security (CAS) is disabled. By default, CAS policy is disabled in the .NET Framework 4 and later versions. If you set enabled to true, remote applications are granted full trust.

If <loadFromRemoteSources> enabled is not set to true, an exception is thrown under the following conditions:

  • The sandboxing behavior of the current domain is different from its behavior in the .NET Framework 3.5. This requires CAS policy to be disabled, and the current domain not to be sandboxed.

  • The assembly being loaded is not from the MyComputer zone.

Note

You may get a FileLoadException in a Windows Virtual PC application when you try to load a file from linked folders on the hosting computer. This error may also occur when you try to load a file from a folder linked over Remote Desktop Services (Terminal Services). To avoid the exception, set enabled to true.

Setting the <loadFromRemoteSources> element to true prevents this exception from being thrown. It enables you to specify that you are not relying on the common language runtime to sandbox the loaded assemblies for security, and that they can be allowed to execute as full trust.

Important

If the assembly should not run in full trust, do not set this configuration element. Instead, create a sandboxed AppDomain in which to load the assembly.

Configuration File

This element is typically used in the application configuration file, but can be used in other configuration files depending upon the context. For more information, see the article More Implicit Uses of CAS Policy: loadFromRemoteSources in the .NET Security blog.

Example

The following example shows how to grant full trust to applications from remote sources.

<configuration>
   <runtime>
      <loadFromRemoteSources enabled="true"/>
   </runtime>
</configuration>

See Also

Tasks

How to: Run Partially Trusted Code in a Sandbox

Reference

Runtime Settings Schema

Other Resources

More Implicit Uses of CAS Policy: loadFromRemoteSources

Configuration File Schema for the .NET Framework

Change History

Date

History

Reason

April 2011

Updated information about using the element in application configuration files.

Customer feedback.