Cast causes "Operation could destabilize the runtime" on one ASP.NET 4.0 box and not another

Question

Here's (part of) a simple deserialization method that I've used in .NET 2.0 for years. T is an unconstrained type parameter.

protected virtual T ItemFromString(string s) {

    if (typeof(T).IsPrimitive ||
        typeof(T) == typeof(string)) {

        try {
            // needed for string, too: compiler doesn't allow (T)s
            return (T)Convert.ChangeType(s, typeof(T));
        }
        catch (Exception ex) {
            // stuff
        }
    }
}

I changed the application pool to run in 4.0, and everything was fine — until I deployed it to the remote server. There, I get "Operation could destabilize the runtime" on the line

return (T)Convert.ChangeType(s, typeof(T));

(Actually the line reported is the ending brace of the method, but I've narrowed it down to that line.)

The problem goes away if I change the runtime back to 2.0.

The runtime versions are both 4.0.30319. The app is otherwise identical, including web.config. Both apps using shared application pools and running in Full trust. Presumably another setting is affecting it, but I have no idea how to figure out what.

Everything I've found about this involves Reflection.Emit or covariance, which I'm not using.

Any leads?

Thanks.

Answer 1

Now that this question has been viewed 0x80 times, I'll post the solution I recently used when I could no longer put off the move to .NET 4.

You have to target the .NET 4 platform in the build, and set the following assembly property.

using System.Security;

// Needed to enable generic deserialization in partial trust.
[assembly: SecurityRules(SecurityRuleSet.Level1)]

I'd commented that I was in full trust mode, but I must have been wrong about that. This is only an issue in partially-trusted environments.