4

So I enabled this group policy and the first time I tried to compile my solution I get this error. The funny thing is that I only use cryptographic function in one place but what I am seeing this on is all my Silverlight ResourceDictionary files and WPF userControl files. Everything else seems to compile fine.

Why am I seeing the error on only xaml files where I do nothing with encryption? I know I can disable the FIPS group policy but I do want to support it. Any idea why specific XAML files are throwing this error during compile?

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
mdutra
  • 393
  • 5
  • 18

2 Answers2

4

I know I'm a bit late to the game but I recently came across this problem and also figured out a solution. For the reasons stated by @mdutra above, this is why it doesn't work but interestingly, Visual Studio 2010 and 2012 have two different "fixes".

A Microsoft Connect post (that no longer exists) stated:

Visual Studio 2012 now builds C# projects in a separate process that runs msbuild. The entry you added to devenv.exe.config (that worked for VS 2010) won't be seen by this process. You should add <enforceFIPSPolicy enabled="false"/> directly above the </runtime> tag in the msbuild.exe.config file; typically found at C:\Windows\Microsoft.Net\Framework\v4.0.30319\msbuild.exe.config.

I also added it to the C:\Windows\Microsoft.Net\Framework64\v4.0.30319\msbuild.exe.config file as well since I didn't know which MSBuild I was using.

Brett Wertz
  • 412
  • 4
  • 19
  • I recall this solution worked for me at one point but now I can't save edits to the file, with errors saying it is open somewhere else or I don't have permissions to save (even in administrator mode on my own computer). – cr0 May 26 '17 at 14:52
  • 1
    @cr0, one reason that message will show is if you currently have a build going. I would suggest closing Visual Studio or even restarting the computer and then try editing the file again. You could try modifying the permissions on the parent folder as well, just in case the permissions are inherited. – Brett Wertz Jun 19 '17 at 16:55
  • for the MSBuild versions bundled with visual studio since 2013 you need to change the msbuild.exe.config files found under `%ProgramFiles(x86)%\MSBuild\[version]` – rjvdboon Jul 17 '17 at 16:25
  • 1
    I have looked in task manager where msbuild.exe starts from, then changed the .config as offered, closed VS, started aand.. it works! – Rekshino Dec 12 '17 at 14:27
1

After some research I found this answer which makes sense:

WPF and FIPS

Here are the contents of the link just in case it is removed:

The following is the reply I got from the WPF XAML team:

We didn’t fix it because this issue was discovered days (June 2, 2008) before the release.

I still have the BBPack I didn’t checkin.  Here is the comment from the code.



            // The Federal Information Processing Standard mandates that

            // MD5 is obsolete and not safe for cryptographic checksums.

            // We are using it to coordinating source files for debugging

            // not authenticating so MD5 use is OK here.

            // But, on a OS with the FIPS compliant switch ON, the managed

            // MD5CryptoServiceProvider Ctor will throw.  So we can't use it.

            //

            // Currently we use a PInvoke wrapper to the Native layer;

            // which still works, even on a FIPS compliant machine.  A Better

            // fix would be to move to the approved SHA checksums, but that

            // will require co-ordination with VS and the Debugger groups etc.



The MSI builder and a few other tools also threw on a FIPS=1 machine.

So even we if we fixed our part (in 3.5sp1), the customer’s end-to-end solution was still broken.



General FIPS info:

http://support.microsoft.com/kb/811833/en-us
mdutra
  • 393
  • 5
  • 18