Tip - DevExpress XtraReports CodeDomLayoutSerializationRestrictedException

Reporting is a very common requirement for line-of-business applications, and the inevitable request for user-customizable reports will always arise.

DevExpress XtraReports has a solution to this. It offers an end-user report designer, and you can serialize the modified report to storage once the user is done, and load it from storage when required for reporting.

When you upgrade to DevExpress 25.2.5, you will start getting the following error when attempting to serialize or deserialize a persisted report:

DevExpress.XtraReports.Security.CodeDomLayoutSerializationRestrictedException' occurred in xxxxxxxxx
DevExpress Reports default configuration prohibits CodeDOM serialization

This, as you can see, is a security exception.

There are two solutions to this problem.

1. The first, and preferred, is to eschew CodeDOM serialization altogether and use XML serialization.
2. The second, shorter-term solution (as you get your ducks in a row) is to temporarily allow CodeDOM.

This line of code will achieve this:

DevExpress.XtraReports.Configuration.Settings.Default.AllowCodeDomLayoutDeserialization = True

This code allows you to call the following prohibited (by default) methods:

• XtraReport.LoadLayout()
• XtraReport.FromFile()
• XtraReport.FromStream()

Place it somewhere in your application startup, and everything should work.

TLDR

DevExpress XtraReports now, by default, restricts the loading and persistence of CodeDOM-serialized reports.