tags:

views:

1598

answers:

3
+1  Q: 

CAS Policy for Sharepoint Application Page

I have an application page that I am creating in SharePoint to host in the LAYOUTS directory. The web project reference an external Assembly that access the file system to get files from a external file share.

My problem is that I want to deploy the assembly to the application BIN directory (not GAC) and use a CAS permission policy to allow it to execute within SharePoint. However, at this point, whenever I deploy the page I get this exception:

Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

I know that the issue is CAS-related, as it works fine when I deploy to the GAC.

My current CAS permissions look like this:

<SecurityClasses>
    <SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
    <SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="WebPartPermission" Description="Microsoft.SharePoint.Security.WebPartPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"/>
    <SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="SharePointPermission" Description="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
    <PermissionSet
      class="NamedPermissionSet"
      version="1"
      Unrestricted="true"
      Name="FullTrust"
      Description="Allows full access to all resources"
    />
    <PermissionSet
      class="NamedPermissionSet"
      version="1"
      Name="Nothing"
      Description="Denies all resources, including the right to execute"
    />
    <PermissionSet
      class="NamedPermissionSet"
      version="1"
      Name="SPRestricted">
     <IPermission 
       class="AspNetHostingPermission"
       version="1"
       Level="Minimal"
     />
     <IPermission 
       class="SecurityPermission"
       version="1"
       Flags="Execution"
     />
     <IPermission class="WebPartPermission"
       version="1"
       Connections="True"
     />
    </PermissionSet>
    <PermissionSet
      class="NamedPermissionSet"
      version="1"
      Name="CustomTrust">
     <IPermission 
       class="AspNetHostingPermission"
       version="1"
       Level="Medium"
     />                        
     <IPermission class="WebPartPermission"
       version="1"
       Connections="True"
     />
     <IPermission class="SharePointPermission" 
       version="1" 
       ObjectModel="True" />
     <IPermission
       class="FileIOPermission"
       version="1"
       Unrestricted="true"        
       Read="$AppDir$"
       Write="$AppDir$"
       Append="$AppDir$"
       PathDiscovery="$AppDir$"        
     />      
     <IPermission 
       class="SecurityPermission"
       version="1"
       Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration, ControlEvidence, UnmanagedCode"
       Unrestricted="true"
     />
     <IPermission
       class="EnvironmentPermission"
       version="1"
       Unrestricted="true"
     />
    </PermissionSet>
</NamedPermissionSets>
<CodeGroup 
     class="FirstMatchCodeGroup"
     version="1"
     PermissionSetName="Nothing">
    <IMembershipCondition 
      class="AllMembershipCondition"
      version="1"
    />
<CodeGroup class="UnionCodeGroup" 
    version="1" 
    PermissionSetName="CustomTrust">
    <IMembershipCondition class="StrongNameMembershipCondition" 
     version="1" 
     PublicKeyBlob="0x00240000048000009400000006020000002400005253413100040000010001002B54E7863E7D5443ACBF8DD7F18B9D2399FF73AE7C791BDEFA2BF7544DFB5B8DBB5C8DD705374386CD6A729C755ED4478CD9FA0FF912385FA1AE684345E82E793262A2DCEE1DEC1178BE488C18D338CFE62BCC1C06E4B235BBB6A886884889FC854F8CFA149DFCD18CC479229F0956E19A1DC9FDECAE844F850C2A34121546B8" 
     Name="ConteoPolicy" /> 
    </CodeGroup>
<CodeGroup 
      class="UnionCodeGroup"
      version="1"
      PermissionSetName="FullTrust">
     <IMembershipCondition 
       class="UrlMembershipCondition"
       version="1"
       Url="$AppDirUrl$/_app_bin/*"
     />
    </CodeGroup>
    <CodeGroup 
      class="UnionCodeGroup"
      version="1"
      PermissionSetName="SPRestricted">
     <IMembershipCondition 
       class="UrlMembershipCondition"
       version="1"
       Url="$AppDirUrl$/*"
     />
    </CodeGroup>
    <CodeGroup 
      class="UnionCodeGroup"
      version="1"
      PermissionSetName="FullTrust">
     <IMembershipCondition 
       class="UrlMembershipCondition"
       version="1"
       Url="$CodeGen$/*"
     />
    </CodeGroup>
    <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="Nothing">
     <IMembershipCondition 
      class="ZoneMembershipCondition"
      version="1"
      Zone="MyComputer" />
     <CodeGroup
       class="UnionCodeGroup"
       version="1"
       PermissionSetName="FullTrust"
       Name="Microsoft_Strong_Name"
       Description="This code group grants code signed with the Microsoft strong name full trust. ">
      <IMembershipCondition
        class="StrongNameMembershipCondition"
        version="1"
        PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
      />
     </CodeGroup>
     <CodeGroup
       class="UnionCodeGroup"
       version="1"
       PermissionSetName="FullTrust"
       Name="Ecma_Strong_Name"
       Description="This code group grants code signed with the ECMA strong name full trust. ">
      <IMembershipCondition
        class="StrongNameMembershipCondition"
        version="1"
        PublicKeyBlob="00000000000000000400000000000000"
      />
     </CodeGroup>
    </CodeGroup>
</CodeGroup>

I used the permcalc tool available from Microsoft on my assembly and added the permissions that it discovered, but the issue was not resolved.

Has anyone ever have this problem deploying application pages in Bin folder?

A: 

I've always had problems with the BIN folder working correctly, so I always build mine to deploy to the GAC.

Microsoft does describe how to make the correct settings to your web.config file that should allow your assembly to run with higher permissions.

Take a look at this page for more information. I know the page is about WebParts but it should also go with what you are trying to do.

http://msdn.microsoft.com/en-us/library/cc768621.aspx

 2009-06-23 22:18:37
+3  A: 

I prefer to deploy to the bin folder but have had issues specifiying the required permissions.

This approach works well and grants your assembly full trust while still located in the bin folder.

http://blog.tylerholmes.com/2008/11/creating-custom-cas-policy-file-for.html

Unfortunalty it's a manual process.

Rob  2009-06-24 09:01:11
A: 

After reading some articles in Internet and MSDN i came up with another solution, just make a WSP package to install the solution and to define in the manifest file the apropiate permissions. This solution is great because you dont have to modify the Web.config and the wss_minimaltrust.config manually, the stsadm make all this automaticly and in all the nodes of the server farm.

When you deploy the solution dont forget to put de option -allowCasPolicies.

STSADM -o deploysolution -name Mysolution.wsp -immediate -url http://serverfarm:8083 -allowCasPolicies

My manifest look like this

    <Solution
  SolutionId="27F5B763-2613-41a7-84D9-458A7206F1BE"
  xmlns="http://schemas.microsoft.com/sharepoint/"&gt;
<TemplateFiles>
 <TemplateFile Location="LAYOUTS\MyAppPage\apppage.aspx" />
</TemplateFiles>

<Assemblies>
    <Assembly DeploymentTarget="WebApplication" Location="MyAssembly.dll" >
        <SafeControls>
            <SafeControl Assembly="MyAssembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=..." Namespace="MyAssembly" TypeName="*" Safe="True" />
        </SafeControls>
    </Assembly>
</Assemblies>

<CodeAccessSecurity>
 <PolicyItem>
  <PermissionSet class="NamedPermissionSet" version="1" Description="Permisos para My assembly">
            <IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
            <IPermission class="SecurityPermission" version="1" Flags="Execution,UnmanagedCode,ControlPrincipal,ControlEvidence,Assertion" />
            <IPermission class="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Unrestricted="true" />
            <IPermission class="System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
            <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" />
            <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" PathDiscovery="*AllFiles*" />
            <IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
            <IPermission class="System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
            <IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
        </PermissionSet>
  <Assemblies>
   <Assembly PublicKeyBlob="..."/>   
  </Assemblies>
 </PolicyItem>
</CodeAccessSecurity>

Esteban Lalinde  2009-06-30 19:30:28

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?