Sharepoint: Is it possible to automate the deployment of a custom CAS policy?

Question

Hi all,

I'm looking for a way to automate the deployment of a custom CAS policy in SharePoint.

What i would like to achieve is the following:

All assemblies that have been built and signed by our build server (with a secret key) should run in SharePoint under the 'higher than normal' trust level.

Now I can manually edit the cas policy files to include something like this:

        <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="MyPermissionSet" Name="[My Company public key]" Description="Grants all ">
          <IMembershipCondition class="StrongNameMembershipCondition" version="1" PublicKeyBlob="[public key goes here]" />
        </CodeGroup>

And that works great. However, we have several huge sharepoint farms, with many applications running on it. I'd like to avoid having to manually edit all policy files to include this xml snippet.

Is there a way to automate this? For example, from a feature?

With kind regards, Erwin van der Valk

Answer 1

Hope you're familiar with .wsp files. This is a standard way to deploying anything to the farm. You can also deploy CAS policy entries though a wsp file. (Maybe you'll want to create a wsp file just for your cas policy). wsp files are the same as cab files, just renamed. Inside a wsp file lives manifest.xml in which you can define what changes to the CAS file you want to apply. The great thing about doing it this way that its reversible by uninstallaing the WSP. I've seen several different approaches to deploying CAS policies including having your custom policy file as part of your wsp and it gets deployed just like any other file.

You should google wsp cas policy manifest.xml for further tutorials.

Hope this helps..

Answer 2

This is what I have done to automate the deployment of CAS policies of my WebPart:

Inside my .wsp file, I have a Manifest.xml file with this content:

<?xml version="1.0" encoding="utf-8" ?>
<Solution SolutionId="0C006FE3-919D-4a2a-9CF0-FEA66A0A91E4" xmlns="http://schemas.microsoft.com/sharepoint/" >
    <Assemblies>
        <Assembly Location="MyWebPart.dll" DeploymentTarget="WebApplication">
            <ClassResources>
                <ClassResource Location="MyWebpart_log.config" />
                <ClassResource Location="combo.css" />
                <ClassResource Location="combo.js" />
                <ClassResource Location="img/arrow.png" />
                <ClassResource Location="img/coordination.gif" />
                <ClassResource Location="img/dt-arrow-dn.png" />
                <ClassResource Location="img/dt-arrow-up.png" />
                <ClassResource Location="img/loading.gif" />
                <ClassResource Location="img/menu-button-arrow.png" />
                <ClassResource Location="img/spinner.gif" />
                <ClassResource Location="img/split-button-arrow.png" />
                <ClassResource Location="img/sprite.png" />
            </ClassResources>
            <SafeControls>
                <SafeControl Assembly="MyWebPart, Version=1.0.0.0, Culture=neutral, PublicKeyToken=017e953639e07a31"
                             Namespace="MyWebPart" TypeName="*" Safe="True" />
            </SafeControls>
        </Assembly>
        <Assembly Location="log4net.dll" DeploymentTarget="WebApplication">
            <SafeControls>
                <SafeControl Assembly="log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=1b44e1d426115821"
                             Namespace="MyWebPart" TypeName="*" Safe="True" />
            </SafeControls>
        </Assembly>
    </Assemblies>
    <CodeAccessSecurity>
        <PolicyItem>
            <PermissionSet class="NamedPermissionSet" version="1" Name="MyWebPartPermissionSet"
                           Description="Permission set for My Web Part">
                <IPermission class="AspNetHostingPermission" version="1" Level="Medium" />
                <IPermission class="System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 
                             version="1" Unrestricted="true" />
                <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
                      version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$" />
                <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 
                    version="1" 
                    Flags="Execution" />
                <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" />
                <IPermission class="Microsoft.SharePoint.Security.WebPartPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" 
                             version="1" Connections="True" />
                <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 
                             version="1">
                    <ConnectAccess>
                        <URI uri=".*"/>
                    </ConnectAccess>
                </IPermission>
            </PermissionSet>
            <Assemblies>
                <Assembly Name="MyWebPart" />
            </Assemblies>
        </PolicyItem>
        <PolicyItem>
            <PermissionSet class="NamedPermissionSet" version="1" Name="Log4NetForMyWebPart"
                           Description="Permission set for Log4Net (logging library used by the My Web Part">
                <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execution" />
                <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
                        version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$" />
            </PermissionSet>
            <Assemblies>
                <Assembly Name="log4net" />
            </Assemblies>
        </PolicyItem>
    </CodeAccessSecurity>
</Solution>

You will have to dig into the MS documentation for the Permissions you need because it took me a while to figure out which ones I need.

The .wsp file was created with the command:

cabarc -r -p N ..\MyWebPart-1.0.0.wsp *

(I downloaded cabarc from the Microsoft website, but I don't remember exactly where)

To deploy the Web Part solution into SharePoint I use these commands:

cd C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin

stsadm.exe -o addsolution -filename MyWebPart-1.0.0.wsp

stsadm.exe -o deploysolution -name MyWebPart-1.0.0.wsp -immediate -allcontenturls -allowCasPolicies

stsadm.exe -o execadmsvcjobs

The allowCasPolicies parameter is necessary because the solution contains CAS policies. Without it, they will not be added to the web.config file of SharePoint.