Implemting Partial Trust in SharePoint

Presenter: Corey RothEnterprise ConsultantStonebridge

Blog: www.dotnetmafia.com

Corey Roth

Consultant for Stonebridge Worked in Consumer Electronics, Travel, Advertising,

and Energy industries Currently doing MOSS development specializing in

Enterprise Search and ECM OSU Graduate Microsoft Award for Customer Excellence (ACE)

Winner E-mail: corey.roth@gmail.com Blog: www.dotnetmafia.com (mirrored on

sharepointblogs.com)

Beer and Code Meetup Tonight!

Tonight at Dirty Tavern (325 W 2nd) around 6pm after TechFest

Come talk with other IT professionals about .NET, C#, Agile, SharePoint, Ruby and more

Downtown – Just minutes from TechFest

Now you have something to do tonight!

SharePint – A SharePoint Meetup

Next Thursday at Crawpappy’s (51st and Harvard)

Come talk with other SharePoint developers in a casual setting

Great place to talk to others about best practices and your latest SharePoint issues

No presentations or slides Not a User Group All are welcome!

What is Partial Trust?

Why use Partial Trust More Secure Doesn’t require giving every

deployed DLL full trust Allows deployment of assemblies

to bin folder Deployment doesn’t require an

Application Pool reset

Demo

Implementing Partial Trust

Add [Assembly: AllowParitallyTrustedCallers()] to AssemblyInfo.cs

Set <trust Level=“Minimal” originUrl=“” /> in web.config

Define Security Policy in Trust configuration file

Security policy can be deployed via solution package (.wsp)

Install solution files with –allowCasPolicies parameter

Demo

What the Solution Package does…

Backs up your web.config Changes the trust element to WSS_Custom

in web.config Backs up trust configuration file –

wss_minimaltrust.config becomes wss_custom_wss_minimaltrust.config

Changes the path to the trust configuration file in the web.config <trustLevel> element

Adds code access security settings from manifest.xml

<CodeAccessSecurity>

Element in trust configuration file that defines which CAS Policies apply to each assembly

<IPermission> element defines individual rights to resources such as ASP.NET, SharePoint, EventLog, Configuration, SQL Server, File I/O

Can be copied to configuration file manually or deployed via solution package (wsp)

<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" />

<IPermission>

AspNetHostingPermission (Level=“Minimal”) – Required for ASP.NET Controls

SharePointPermission (ObjectModel=“True”) – Required to use SharePoint API

FileIOPermission (Read, Write, PathDiscovery, Append) – Specifies files the code can access - $AppDir$ by default

SqlClientPermission – Required to access SQL Server

ReflectionPermission – Required for LINQ SecurityPermission – Required for most basic

operations EnvironmentPermission – Provides access to

environment variables

What requires Full Trust? Item Event Receivers Timer Jobs STSADM Commands

Questions?

Don’t Forget!

Beer and Code Meetup Tonight at Dirty’s Tavern (325 E 2nd)

SharePint Meetup – This Thursday October 16th at Crawpappy’s (51st and Harvard) at 6pm

Thanks

Corey Rothcoreyroth@gmail.com www.dotnetmafia.com