I received the following compilation warning as a error while upgrading some ASP.NET code from .NET 3.5: 'System.Security.Permissions.SecurityAction.RequestMinimum' is obsolete.

The attribute has bee applied on the assebly level:

[assembly: System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityAction.RequestMinimum, Execution=true)]

Also the code makes use of the P&P Web Client Software Factory, specificly the ObjectBuilder.WCSFExtensions library. Also it the code is providing some role provider implementations.

Keep in mind this code is used as Framework code in other projects, so it is hard to determine what security demands there might be.

So the milion dolar question is:

What value needs to be used for the "System.Security.Permissions.SecurityAction" enum?

Alternatively is there a better approach to applying the this security attribute?

Did you read the full compiler warning or visit the link it includes? The "naked" CLR no longer restricts CAS permissions under .NET 4.0 unless you flip a "legacy mode" switch, so there is no replacement for your RequestMinimum use. The assembly-level SecurityPermissionAttribute should be removed, not modified.

For a more complete explanation of the 4.0 CAS changes than appears on MSDN, see http://blogs.msdn.com/b/shawnfa/archive/2009/05/21/security-policy-in-the-v4-clr.aspx and http://blogs.msdn.com/b/shawnfa/archive/2010/02/24/so-is-cas-dead-in-net-4-or-what.aspx.

http://msdn.microsoft.com/en-us/library/ee471421.aspx

It seems the problem is that assembly level declarative security on the whole has been marked obsolete. Perhaps you can apply this at a method-level instead?