What does partial trust mean the Web Part developer?
If you install assemblies into the BIN directory, you must ensure your code provides error handling in the event that required permissions are not available. Otherwise, unhandled security exceptions may cause your Web Part to fail and may affect page rendering on the page where the Web Part appears.
The following is a typical example of a security exception:
Request for the permission of type
Microsoft.SharePoint.Security.SharePointPermission,
Microsoft.SharePoint.Security, Version=11.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c failed
As stated previously, the WSS_Minimal trust level does not grant permission to the SharePointPermission.ObjectModel to assemblies in the BIN directory for an application. Therefore, if your code attempts to use the Microsoft SharePoint object model, the common language runtime (CLR) throws an exception.
Since the minimal permission set provides the smallest set of permissions required for code to execute, the likelihood of additional security exceptions is increased.
Recommendation Try-catch critical areas to address situations where you may not have the necessary permissions to accomplish a specified objective.
What if my assemblies are installed in the GAC?
By default, assemblies installed in the global assembly cache (GAC) run with Full trust. Although, installing your Web Part assembly in the GAC is a viable option, it is recommended that you install Web Part assemblies in the BIN directory for a more secure deployment.
How can I raise the trust level for assemblies installed in the BIN directory?
Windows SharePoint Services can use any of the following three options from ASP.NET and the CLR to provide assemblies installed in the BIN directory with sufficient permissions. The following table outlines the implications and requirements for each optionI want to access a Web service from my Web Part. When I do so, I get an InvalidOperationException as follows:
One or more assemblies referenced by the XmlSerializer cannot be called
from partially trusted code.
When you create a reference to a Web service, Microsoft Visual Studio®.NET creates and places one or more objects in your assembly to store the argument data passed to the method(s) in the Web service. These objects are serialized using the XmlSerializer class when you invoke one or more of the methods in the Web service. By default, if your assembly is strongly named and resides in the BIN directory, callers with partial trust cannot access objects within that assembly. When you make the call to the Web service method, the XmlSerializer detects that there are partially trusted callers on the callstack (i.e. your assembly) and prevents the serialization from taking place even though the object resides in the same assembly.
You have several possible solutions, both of which have security implications that you must consider:
- You can add the AllowPartiallyTrustedCallersAttribute attribute to the specified library assembly.
Important You can only add this attribute to the source code. If you are using a third-party assembly and do not have access to the source, you cannot choose this option. If you choose this option, you are allowing partially trusted callers to execute code from within the library. This could represent a potential security risk as it opens the specified library assembly for use by other callers with partial trusts.
- You can give your assembly Full trust by installing it to the GAC.
Important Assemblies installed in the GAC are available to all virtual servers and applications on the server running Windows SharePoint Services. This could represent a potential security risk as it potentially grants a higher level of permission to your assembly across a larger scope than necessary.
- You can give your assembly Full trust by creating a custom policy file as outlined in the previous section.
Important It is recommended that you choose this option as it allows you to explicitly grant the required minimum level of permission to your assembly without increasing the scope of access to a larger number of callers
No comments:
Post a Comment