Failure when running code analysis in Visual Studio 2012 when using FxCop ASP.NET security rules

Jan 31, 2013 at 7:56 AM
Edited Jan 31, 2013 at 3:28 PM
I am using Visual Studio 2012 Pro and would like to run the ASP.NET security rules on my MVC4 application. I realise that those rules are not included with the Pro version so I installed FxCop 10.0 and downloaded the rules ASP.NET FxCop rules from this codeplex project.

I am having a problem with FxCop inside Visual Studio (see this issue raised in the Visual Studio forum) so I tried running FxCop standalone.

However when do this FxCop passes my Basic MVC application (i.e. Home, About and Contact and Login only), even when I select the debug release, which should throw a security error on having the debug flag set (and a load of other errors should happen too). Note: I can get FxCop to produce an error report by turning on rules like Globalisation rules, so some checking is going on.

Am I doing something wrong, or does it not error until there are more complex pages? I would appreciate your comments.

Jon Smith - Selective Analytics
Apr 24, 2013 at 5:12 PM
In case you haven't already resolved this issue, you may find this blog helpful. It worked for me.