Post on 05-Dec-2014
description
Implemting Partial Trust in SharePoint
Presenter: Corey RothEnterprise ConsultantStonebridge
Blog: www.dotnetmafia.com
Corey Roth
Consultant for Stonebridge Worked in Consumer Electronics, Travel, Advertising,
and Energy industries Currently doing MOSS development specializing in
Enterprise Search and ECM OSU Graduate Microsoft Award for Customer Excellence (ACE)
Winner E-mail: corey.roth@gmail.com Blog: www.dotnetmafia.com (mirrored on
sharepointblogs.com)
Beer and Code Meetup Tonight!
Tonight at Dirty Tavern (325 W 2nd) around 6pm after TechFest
Come talk with other IT professionals about .NET, C#, Agile, SharePoint, Ruby and more
Downtown – Just minutes from TechFest
Now you have something to do tonight!
SharePint – A SharePoint Meetup
Next Thursday at Crawpappy’s (51st and Harvard)
Come talk with other SharePoint developers in a casual setting
Great place to talk to others about best practices and your latest SharePoint issues
No presentations or slides Not a User Group All are welcome!
What is Partial Trust?
Why use Partial Trust More Secure Doesn’t require giving every
deployed DLL full trust Allows deployment of assemblies
to bin folder Deployment doesn’t require an
Application Pool reset
Demo
Implementing Partial Trust
Add [Assembly: AllowParitallyTrustedCallers()] to AssemblyInfo.cs
Set <trust Level=“Minimal” originUrl=“” /> in web.config
Define Security Policy in Trust configuration file
Security policy can be deployed via solution package (.wsp)
Install solution files with –allowCasPolicies parameter
Demo
What the Solution Package does…
Backs up your web.config Changes the trust element to WSS_Custom
in web.config Backs up trust configuration file –
wss_minimaltrust.config becomes wss_custom_wss_minimaltrust.config
Changes the path to the trust configuration file in the web.config <trustLevel> element
Adds code access security settings from manifest.xml
<CodeAccessSecurity>
Element in trust configuration file that defines which CAS Policies apply to each assembly
<IPermission> element defines individual rights to resources such as ASP.NET, SharePoint, EventLog, Configuration, SQL Server, File I/O
Can be copied to configuration file manually or deployed via solution package (wsp)
<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" />
<IPermission>
AspNetHostingPermission (Level=“Minimal”) – Required for ASP.NET Controls
SharePointPermission (ObjectModel=“True”) – Required to use SharePoint API
FileIOPermission (Read, Write, PathDiscovery, Append) – Specifies files the code can access - $AppDir$ by default
SqlClientPermission – Required to access SQL Server
ReflectionPermission – Required for LINQ SecurityPermission – Required for most basic
operations EnvironmentPermission – Provides access to
environment variables
What requires Full Trust? Item Event Receivers Timer Jobs STSADM Commands
Questions?
Don’t Forget!
Beer and Code Meetup Tonight at Dirty’s Tavern (325 E 2nd)
SharePint Meetup – This Thursday October 16th at Crawpappy’s (51st and Harvard) at 6pm
Thanks
Corey Rothcoreyroth@gmail.com www.dotnetmafia.com