Code Access Security

Aug 1, 2008 at 1:00 PM
Edited Aug 1, 2008 at 1:36 PM
I have been following the Tutorial by Microsoft to implement a simple Search Web Part for MOSS 2007.
However when deploying the Web part I run into all kinds of security exceptions which can be avoided by supplying CAS permissions in the solution file.
( Or changing the trust level in the web.config which I will not do unless as a last resort )

What I would like to know is:
How can I specify the Code Access Security Definitions when using the "Sharepoint Solution Installer".

I know I can manually extract the .WSP file and modify the manifest.xml, but that would mean that I have to change this every time.

Aug 1, 2008 at 1:20 PM
Edited Aug 1, 2008 at 1:21 PM
The SharePoint Solution Installer is not intended to directly help you with this.  The developer of the solution should put the appropriate CAS policies into the manifest.xml file within the solution/wsp.  I am not aware of any way to put CAS policies into a feature.xml file.

Updating the manifest.xml file just needs to be done one time before the WSP is built, so I'm not sure I understand what you mean by "every time".

There are tools out there that can help build your manifest.xml.  Two that I am aware of are STSDEV (http://www.codeplex.com/stsdev) and WSPBuilder (http://www.codeplex.com/wspbuilder).  I personally use STSDEV (but want to check out WSPBuilder to understand the pros/cons of each).

If you are not a developer for the solution and do not have control of the creation of the WSP, you should be able to extract the contents of the WSP (rename it to end in .cab first), modify the manifext.xml, then use makecab to create a new WSP.

Note that one thing the SharePoint Solution Installer could/should do is to display to the end user (administrator) what CAS policies are in place and if any assemblies are being put into the GAC.  I will add this to the issue tracker now...

I hope this helps.

Kirk
Aug 1, 2008 at 2:32 PM
Edited Aug 1, 2008 at 2:49 PM
Thanks for your swift reply Kirk,

Could I ask you to take a deeper look at what's happening.

What I did is:
Create a new Web Part based on the smartpart template, and used the code from the msdn.com website for creating a custom search webpart.
Note, goal for this practice exercise in making Web Parts was to create a simple search web part which could search on a single site.

I modified the createwsp.bat file included with the smartpart template to '-BuildCas true'

By doing this the Sharepoint Solution Installer correctly adds Code Access Security parameters to the manifest.xml file.
However, after an iisreset the Web Part still reports an error

Failed action is: LinkDemand The type of the first failed permission was: Microsoft.SharePoint.Security.SharePointPermission

I Uploaded the full source directory to rapidshare ( including the bat files and the Sharepoint Solution Installer I used )
Sources on rapidshare  Screensnap of the entire errormessage

Any help would be greatly appreciated, after all a simple search shouldnt be rocket science right ?
Aug 20, 2008 at 5:27 PM
I hope I'm not setting up a bad precedent here, as I cannot spend all my time troubleshooting individual WSPs.  So, I probably won't be responding to further requests like this.  Having said that...

Looking at your manifest file (webpartsmanifest.xml) I do not see any mention of CAS policies. You need something like the following wiithin the <Solution> node of your manifest file.  If you have further problems, I suggest doing a web search for "SharePoint manifest CAS" and following the links and/or read chapter 9 & 10 from Inside Microsoft Windows SharePoint Services 3.0 by Pattison/Larson.

 

 

<

CodeAccessSecurity>

 

<

PolicyItem>

 

<

PermissionSet class="NamedPermissionSet" version="1" Name="ThreeWill.SharePoint.WebServicesForInfoPath">

 

<

IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execution" />

 

<

IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Level="Minimal" version="1" />

 

<

IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" UnsafeSaveOnGet="True" />

 

</

PermissionSet>

 

<

Assemblies>

 

<

Assembly Name="ThreeWill.SharePoint.WebServicesForInfoPath" />

 

</

Assemblies>

 

</

PolicyItem>

 

</

CodeAccessSecurity>