tags:

views:

702

answers:

1
+1  Q: 

provide assembly with full trust in sharepoint by custom policy level not working

Hello All,

I'm building a couple of ucercontrols. These usercontrols will be hosted within the return of the smartpart. The problem i'm facing is that my assembly that goes with them, is not properly provided with sufficient rights.

To achive this you've (basically) got three options;
1. set the site to full trust level (do not want this obviously, aint working for me either. The assembly is not trusted)
2. place the assembly in the gac (tried that too, also not working).
3. security wise what I would like is to grant my assembly with a special set of rights.

This can be done by means of a custom trust file. This is what I came up with so far, but it is not working. Can someone point me in the right direction on this one?

added these two clauses at the security classes element;

<SecurityClass Name="AssemblyOne" Description="MyAssemblies.AssemblyOne, Version=1.0.0.0, Culture=neutral, PublicKeyToken=132bddbb4f2e45f2"/>
<SecurityClass Name="AssemblyTwo" Description="MyAssemblies.AssemblyTwo, Version=1.2.0.0, Culture=neutral, PublicKeyToken=e5141be41498e913" />

added this clause in the named permission sets

        <PermissionSet
                class="NamedPermissionSet"
                version="1"
                Name="SPFULL"
                Unrestricted="true">
          <IPermission
                  class="AspNetHostingPermission"
                  version="1"
                  Level="Minimal"
                        />
          <IPermission
                  class="SecurityPermission"
                  version="1"
                  Flags="Execution"
                        />
          <IPermission class="WebPartPermission"
                  version="1"
                  Connections="True"
                        />
          <Assemblies>
            <Assembly Name="MyAssemblies.AssemblyOne" Version="1.0.0.0" PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010015fd63eb99fee087978556fcf698fae059d75307d1ee8e44486a349ea87843344440af9051d4434bac1d219b3a219d5f0ff50e8c0ed9eb7c07eab19d9ff0494ecaafc5ce1cb65d59ddd153b0f09790d6641af0325aaceb81c2e55c4610a1c18ae9f5a476de2282918a293726bce20aa932e06666b4e8b6885775b919a93a91a9" />
            <Assembly Name="MyAssemblies.AssemblyTwo" Version="1.2.0.0" PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001007da2bfd8e8ec53bd9caa8a5e3af2408cabd60b04c1df80bf8cbad447addaa8a7854818c77ea4f1ada3b73f33836b716999a5aac2475b22c676cedb3fe42cb2ebfba9dc20c04b1baab5a75ead6169b45d1dbef0bcbe82d5f862f954739ed100eaf41425eddd559aee883c055da038d0d8c2e998db799d6e1995ddea95a48eb0b4" />
          </Assemblies>
        </PermissionSet>

then I added this clause above the the existing 'default' code group;

<CodeGroup
        class="UnionCodeGroup"
        version="1"
        PermissionSetName="SPFULL"
        Name="My first Web Part"
        Description="This code group grants the my first web part full permissions.">
        <IMembershipCondition
          class="StrongNameMembershipCondition"
          version="1"              PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010015fd63eb99fee087978556fcf698fae059d75307d1ee8e44486a349ea87843344440af9051d4434bac1d219b3a219d5f0ff50e8c0ed9eb7c07eab19d9ff0494ecaafc5ce1cb65d59ddd153b0f09790d6641af0325aaceb81c2e55c4610a1c18ae9f5a476de2282918a293726bce20aa932e06666b4e8b6885775b919a93a91a9" />
        <IMembershcipCondition
          Class="StrongNameMembershipCondition"
          version="1"
          PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001007da2bfd8e8ec53bd9caa8a5e3af2408cabd60b04c1df80bf8cbad447addaa8a7854818c77ea4f1ada3b73f33836b716999a5aac2475b22c676cedb3fe42cb2ebfba9dc20c04b1baab5a75ead6169b45d1dbef0bcbe82d5f862f954739ed100eaf41425eddd559aee883c055da038d0d8c2e998db799d6e1995ddea95a48eb0b4"/>
      </CodeGroup>

Can anyone point out to me how to get this right?

A: 

I fail to see how putting both dll in the GAC or changing the web.config setting to FullTrust doesn't work. You cant give it more permissions than that. Are you sure the problem you are experiencing is security related? In case your putting just one of the dlls in the GAC, do you have the [assembly:AllowPartiallyTrustedCallers()]-attribute?

Just a side note: You should put your permission set in the WSP:s manifest.xml instead, that will make sure SharePoint sets the right permisson for the dll on all frontweb when the feature is deployed. It will make administration easier.

http://msdn.microsoft.com/en-us/library/aa543901.aspx

JMD  2009-05-07 18:15:47
I'll try this out and let you know.
Frenske  2009-05-08 09:54:02

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security