tags:

views:

375

answers:

5
+1  Q: 

.NET One Hop Rule and SharePoint Webparts

Hi I have a SharePoint webpart which is compiled as a DLL and placed in the BIN folder of my SP site. My webpart works on my local machine, but when I put it on production it fails with a 

(401) Unauthorized.

After doing some research I came acrooss what is known as the "One hop rule". Meaning I have to either pass in the credentials of a network user, or use 

<identity impersonate= "true" />

in my web.config. I do not want to hard-code a network user, so my question is how can I use the impersonate in my web part? Do dll support web.configs? Thanks for the help.

A: 

I don't think there is away to add that in a DLL. To my knowledge anyways.

 2009-03-17 13:46:11
+4  A: 

Your webpart fails in production probably because of CAS; You may need to elevate the permission level or append special accesses to be granted on your assembly, because it's not fully trusted as it is in the bin folder.

If you're sure it's just an impersonation problem, can you not just use nodes in your web.config?

Tudor Olariu  2009-03-17 13:52:59
It has worked before on production, i just applied some security patches and it stopped working so I have a feeling it has to do with impersonation. I was using DefaultNetworkCredentials before.
DavidS  2009-03-17 13:55:55
The security patches could have changed the security model of the web.config for your bin directory from full trust or medium trust to minimal trust. When you use CAS and SharePoint deployment it will change it to a custom trust level.
Kirk Liemohn  2009-03-17 19:17:47
+2  A: 

Impersonate is always set to true in the web.config of a SharePoint application so the problem must be somewhere else. Web Parts that are deployed to the BIN folder of the Web Application run in a sandbox and, by default, have limited permissions. Perhaps that is the source of the problem.

Rob Windsor  2009-03-17 14:04:29
Yes I too believe that, that is the problem, how can I go about this?
DavidS  2009-03-17 14:15:47
+1  A: 

Yes, as Tudor mentioned, it is likely Code Access Security. If you put it in the GAC you would not have this problem (the GAC is fully trusted).

Here are a few articles that should help you with CAS and SharePoint web parts. The trick is knowing which IPermissions you need.

Kirk Liemohn  2009-03-17 19:16:39
A: 

If you're looking at the "double-hop" issue, then you won't use NTLM. You need to use Kerberos authentication because the Kerberos ticket can hop from user to webserver to web service. You'll need to setup Service Principle Names with SetSPN.

Is this web part calling out to external web services? Or is the permissions error based on local security?

jwmiller5  2009-03-17 19:19:45

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?