With the release of .NET 4 comes the obsoletion of the policy portion of code access security. If you ignore the compilation warnings (warnings are errors) and attempt to run the afflicted application, you will inevitably encounter exceptions.

NotSupportedException: This method uses CAS policy, which has been obsoleted by the .NET Framework. In order to enable CAS policy for compatibility reasons, please use the <NetFx40_LegacySecurityPolicy> configuration switch.

As the exception suggests, if you’re making your application .NET 4 ready and want to get in an operational state as soon as possible, adding the NetFx40_LegacySecurtyPolicy configuration switch is the solution. Open your application’s configuration file and add the following:

<configuration>
  <runtime>
    <NetFx40_LegacySecurityPolicy enabled="true"/>
  </runtime>
</configuration>

However, the CAS policy system is obsolete and calls to it should be removed. These calls are those that directly manipulate security policy, require CAS policy to sandbox, or make use of the Evidence class.

Calls that are used to determine the permission set or trust level for an assembly or application can now be accessed with the following calls: Assembly.PermissionSet, Assembly.IsFullyTrusted, Assembly.IsFullyTrusted, and AppDomain.IsFullyTrusted. That leaves sandboxing in .NET 4, which is more involved.

Changes are inevitable with a new release of the framework, and unlike the past two major release (3.0, and 3.5), 4 isn’t just additions to .NET 2.0. This is the first I’ve come across as I’ve started moving around, but I will post more upgrade information as I come across it under the tag obsolete.