Increase trust level for a specific assembly in Sharepoint
To give access to an assembly
1. Copy the wss_minimaltrust.config file.
2. Rename the file new_file_name.config.
3. Using a text editor such as NotePad, open new_file_name.config
4. Under the <SecurityClasses> element, add a reference to the SharePointPermission class as follows:
<SecurityClasses>
<!-- other security classes omitted for clarity -->
<SecurityClass Name="SharePointPermission"
Description="Microsoft.SharePoint.Security.SharePointPermission,
Microsoft.SharePoint.Security, Version=11.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" />
</SecurityClasses>
5. Search for the <PermissionSet> tag where the name attribute equals ASP.Net.
6. Copy this entire tag and all of its children, and paste a copy of it immediately below the one you copied.
7. Change the name of the new PermissionSet element from ASP.Net to New_File_Name:
something like -
<PermissionSet class="NamedPermissionSet" version="1"
Name="New_File_Name">
<!-- <IPermission> nodes omitted for clarity -->
</PermissionSet>
8. Add the following <IPermission> node to the<PermissionSet> element where the name attribute equals New_File_Name:
<IPermission class="SharePointPermission"
version="1"
ObjectModel="True" />
Therefore, the resulting customized <PermissionSet> will look as follows:
<PermissionSet class="NamedPermissionSet" version="1" Name="
New_File_Name">
<IPermission class="AspNetHostingPermission" version="1"
Level="Minimal" />
<IPermission class="SecurityPermission" version="1" Flags="Execution"
/>
<IPermission class="WebPartPermission" version="1" Connections="True"
/>
<IPermission class="SharePointPermission" version="1"
ObjectModel="True" />
</PermissionSet>
Once you define the customized element, you must create a code group to specify when the CLR should apply the permission set. By default, the AllCode code group is a FirstMatchCodeGroup in ASP.NET policy files. Therefore, the CLR stops assigning permissions to an assembly after the first match to a specific code group. To apply the custom permissions, you must declare the specific code group assigning the custom permissions to your assembly as the first code group within the AllCode group. This ensures that the CLR assigns the MyCustomPermissions permission set and stops without proceeding to the default $AppDirUrl$/* code group that is used to assign permissions based on whether the assembly is located in BIN directory.
In the following example, the membership condition for the new code group is based on strong name membership:
<!-- a custom group must precede the default ASP.NET code group -->
<CodeGroup class="UnionCodeGroup"
version="1"
PermissionSetName="MyCustomPermissions">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="... see note below ..."
Name="MyAssemblyName" />
</CodeGroup>
To retrieve the public key blob for an assembly, use the secutil.exe tool as follows:
secutil.exe -hex -s MyAssemblyName.dll
10. Save and close the file. The policy file is ready to use.
11. Open the web.config file for the virtual server extended with Windows SharePoint Services and add the following <trustLevel> tag to the SecurityPolicy element:
<trustLevel name="MyCustomTrustLevel"
policyFile="new_file_name.config" />
In the web.config file, change the <trust> tag so that it refers to the newly defined trust level.
<trust level="MyCustomTrustLevel " originUrl="" />
12. Save and close the web.config file.
13. Reset IIS, such as by using iisreset, to apply the custom policy to the specified virtual server.
<IPermission class="SharePointPermission" version="1"
ObjectModel="True" />
1. Copy the wss_minimaltrust.config file.
2. Rename the file new_file_name.config.
3. Using a text editor such as NotePad, open new_file_name.config
4. Under the <SecurityClasses> element, add a reference to the SharePointPermission class as follows:
<SecurityClasses>
<!-- other security classes omitted for clarity -->
<SecurityClass Name="SharePointPermission"
Description="Microsoft.SharePoint.Security.SharePointPermission,
Microsoft.SharePoint.Security, Version=11.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" />
</SecurityClasses>
5. Search for the <PermissionSet> tag where the name attribute equals ASP.Net.
6. Copy this entire tag and all of its children, and paste a copy of it immediately below the one you copied.
7. Change the name of the new PermissionSet element from ASP.Net to New_File_Name:
something like -
<PermissionSet class="NamedPermissionSet" version="1"
Name="New_File_Name">
<!-- <IPermission> nodes omitted for clarity -->
</PermissionSet>
8. Add the following <IPermission> node to the<PermissionSet> element where the name attribute equals New_File_Name:
<IPermission class="SharePointPermission"
version="1"
ObjectModel="True" />
Therefore, the resulting customized <PermissionSet> will look as follows:
<PermissionSet class="NamedPermissionSet" version="1" Name="
New_File_Name">
<IPermission class="AspNetHostingPermission" version="1"
Level="Minimal" />
<IPermission class="SecurityPermission" version="1" Flags="Execution"
/>
<IPermission class="WebPartPermission" version="1" Connections="True"
/>
<IPermission class="SharePointPermission" version="1"
ObjectModel="True" />
</PermissionSet>
Once you define the customized element, you must create a code group to specify when the CLR should apply the permission set. By default, the AllCode code group is a FirstMatchCodeGroup in ASP.NET policy files. Therefore, the CLR stops assigning permissions to an assembly after the first match to a specific code group. To apply the custom permissions, you must declare the specific code group assigning the custom permissions to your assembly as the first code group within the AllCode group. This ensures that the CLR assigns the MyCustomPermissions permission set and stops without proceeding to the default $AppDirUrl$/* code group that is used to assign permissions based on whether the assembly is located in BIN directory.
In the following example, the membership condition for the new code group is based on strong name membership:
<!-- a custom group must precede the default ASP.NET code group -->
<CodeGroup class="UnionCodeGroup"
version="1"
PermissionSetName="MyCustomPermissions">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="... see note below ..."
Name="MyAssemblyName" />
</CodeGroup>
To retrieve the public key blob for an assembly, use the secutil.exe tool as follows:
secutil.exe -hex -s MyAssemblyName.dll
10. Save and close the file. The policy file is ready to use.
11. Open the web.config file for the virtual server extended with Windows SharePoint Services and add the following <trustLevel> tag to the SecurityPolicy element:
<trustLevel name="MyCustomTrustLevel"
policyFile="new_file_name.config" />
In the web.config file, change the <trust> tag so that it refers to the newly defined trust level.
<trust level="MyCustomTrustLevel " originUrl="" />
12. Save and close the web.config file.
13. Reset IIS, such as by using iisreset, to apply the custom policy to the specified virtual server.
<IPermission class="SharePointPermission" version="1"
ObjectModel="True" />
0 comments:
Post a Comment