Sharepoint code access and webpage security

Question

Sharepoint code access and webpage security

I have a vague idea of how Code Access Security works in Sharepoint.

I have developed my own website and have set the CAS policy in my manifest

<CodeAccessSecurity>
<PolicyItem>
  <PermissionSet class="NamedPermissionSet" version="1" Description="Permission set for Okana">
    <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" />
    <IPermission class="SecurityPermission" version="1" Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration" />
    <IPermission class="AspNetHostingPermission" version="1" Level="Medium" />
    <IPermission class="DnsPermission" version="1" Unrestricted="true" />
    <IPermission class="EventLogPermission" version="1" Unrestricted="true">
      <Machine name="localhost" access="Administer" />
    </IPermission>
    <IPermission class="EnvironmentPermission" version="1" Unrestricted="true" />
    <IPermission class="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Unrestricted="true"/>
    <IPermission class="System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
    <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Unrestricted="true" />
    <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" PathDiscovery="*AllFiles*" />
    <IPermission class="IsolatedStorageFilePermission" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807" />
    <IPermission class="PrintingPermission" version="1" Level="DefaultPrinting" />
    <IPermission class="PerformanceCounterPermission" version="1">
      <Machine name="localhost">
        <Category name="Enterprise Library Caching Counters" access="Write"/>
        <Category name="Enterprise Library Cryptography Counters" access="Write"/>
        <Category name="Enterprise Library Data Counters" access="Write"/>
        <Category name="Enterprise Library Exception Handling Counters" access="Write"/>
        <Category name="Enterprise Library Logging Counters" access="Write"/>
        <Category name="Enterprise Library Security Counters" access="Write"/>
      </Machine>
    </IPermission>
    <IPermission class="ReflectionPermission" version="1" Unrestricted="true"/>
    <IPermission class="SecurityPermission" version="1" Flags="SerializationFormatter, UnmanagedCode, Infrastructure, Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration, ControlAppDomain,ControlDomainPolicy"  />
    <IPermission class="SharePointPermission" version="1" ObjectModel="True" />
    <IPermission class="SmtpPermission" version="1" Access="Connect" />
    <IPermission class="SqlClientPermission" version="1" Unrestricted="true"/>
    <IPermission class="WebPartPermission" version="1" Connections="True" />
    <IPermission class="WebPermission" version="1">
      <ConnectAccess>
        <URI uri="$OriginHost$"/>
      </ConnectAccess>
    </IPermission>
  </PermissionSet>
  <Assemblies>
     ....
  </Assemblies>

This translates correctly to wss_custom_wss_minimaltrust.config when it is deployed to the Sharepoint server and basically works.

To fully work with WebPart, I found that after deployment, I need to modify wss_custom_wss_minimaltrust.config manually after installation and set Unrestricted = "true" in the permission settings

 <PermissionSet class="NamedPermissionSet" version="1" Description="Permission set for MyApp" Name="mywebparts.wsp-86d8cae1-7db2-4057-8c17-dc551adb17a2-1">

to

<PermissionSet class="NamedPermissionSet" version="1" Description="Permission set for MyApp" Name="mywebparts.wsp-86d8cae1-7db2-4057-8c17-dc551adb17a2-1" Unrestricted="true">

This is because I am loading User Control from the web part. I don’t believe there is a way to enable CAS, but I’m ready to go wrong.

Is there a way to set something in the manifest so I don't have to do this fix manually?

thank

+2

c # sharepoint cas code-access-security web-parts

Gordon thompson 26 Aug 09 at 14:23

source to share

4 answers

Chris jones · Answer 1 · 2009-09-15T16:55:41+0000

Is your web part in a bin file?

Have you installed partially trusted callers in the assembly?

If not! this is the best practice.

Jon Schoning · Answer 2 · 2009-10-03T05:42:54+0000

It is sometimes difficult to determine what permissions are actually being used when loading a usercontrol. Try to provide unrestricted = true in the following list of security classes, and if you get it working, remove them one by one until you get the minimum set your web part needs:

            <SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <SecurityClass Name="DataProtectionPermission" Description="System.Security.Permissions.DataProtectionPermission, System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
            <SecurityClass Name="DnsPermission" Description="System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="EventLogPermission" Description="System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="FileCodeGroup" Description="System.Security.Policy.FileCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="FileDialogPermission" Description="System.Security.Permissions.FileDialogPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <SecurityClass Name="IsolatedStorageFilePermission" Description="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="KeyContainerPermission" Description="System.Security.Permissions.KeyContainerPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
            <SecurityClass Name="NetCodeGroup" Description="System.Security.Policy.NetCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="OleDbPermission" Description="System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="PerformanceCounterPermission" Description="System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="PrintingPermission" Description="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
            <SecurityClass Name="ReflectionPermission" Description="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="RegistryPermission" Description="System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="SocketPermission" Description="System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="SharePointPermission" Description="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
            <SecurityClass Name="SmtpPermission" Description="System.Net.Mail.SmtpPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <SecurityClass Name="SqlClientPermission" Description="System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="StorePermission" Description="System.Security.Permissions.StorePermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="UIPermission" Description="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <SecurityClass Name="WebPartPermission" Description="Microsoft.SharePoint.Security.WebPartPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
            <SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
            <SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>

Chris jones · Answer 3 · 2009-10-05T10:22:05+0000

To set up cas take a look at the code and take a look at wspbuilder.

You don't need to do this manually.

0

Chris jones 05 oct. '09 at 10:22

source to share

Faiz · Answer 4 · 2010-01-05T13:17:56+0000

As far as I know, you cannot enforce custom controls on custom controls. Loading custom Dlls must be in the Gac or web application. The trust level must be fully established. Try to avoid user control if you need to put your dll in bin

Sharepoint code access and webpage security

More articles: