Deploying binaries to the bin folderPartially Trusted Code in SharePoint

Corey RothStonebridgeTwitter: @coreyrothBlog: www.dotnetmafia.com

Corey RothConsultant for Stonebridge in Tulsa, OKWorked in Consumer Electronics, Travel, Advertising, and Energy industriesCurrently doing SharePoint development specializing in Enterprise SearchMicrosoft Solutions AdvocateMicrosoft Award for Customer Excellence (ACE) WinnerE-mail: coreyroth@gmail.com Twitter: @coreyrothBlog: www.dotnetmafia.com

What is Partial Trust?

Why use Partial Trust?More SecureAllows deployment of assemblies to bin folderDeployment doesn’t require an Application Pool resetDoesn’t require giving every deployed DLL full trust

Demo

Implementing Partial TrustAdd [Assembly: AllowParitallyTrustedCallers()] to AssemblyInfo.csSet <trust Level=“Minimal” originUrl=“” /> in web.configDefine Security Policy in Trust configuration fileSecurity policy can be deployed via solution package (.wsp) using manifest.xmlPowerShell: Install with Install-SPSolution and –CASPolicies parameterWSS3: Install with stsadm and –allowCasPolicies parameter

Visual Studio 2010CAS policies configured in Package Editor manifest tabStill must configure permissions manuallySet Assembly Deployment Target to WebApplication on project properties

Demo

How do I determine CAS policy?Google

ReflectorExceptionsDotNetMafia.com

<CodeAccessSecurity>Element in trust configuration file that defines which CAS Policies apply to each assembly<IPermission> element defines individual rights to resources such as ASP.NET, SharePoint, EventLog, Configuration, SQL Server, File I/OCan be copied to configuration file manually or deployed via solution package (wsp)

<IPermission>AspNetHostingPermission (Level=“Minimal”) – Required for ASP.NET ControlsSharePointPermission (ObjectModel=“True”) – Required to use SharePoint APIFileIOPermission (Read, Write, PathDiscovery, Append) – Specifies files the code can access - $AppDir$ by defaultSqlClientPermission – Required to access SQL ServerReflectionPermission – Required for LINQSecurityPermission – Required for most basic operationsEnvironmentPermission – Provides access to environment variables

What the solution package doesBacks up your web.config

Changes the trust element to WSS_Custom in web.configBacks up trust configuration file – wss_minimaltrust.config becomes wss_custom_wss_minimaltrust.configChanges the path to the trust configuration file in the web.config <trustLevel> elementAdds code access security settings from manifest.xml

Demo

Sandboxed SolutionsVariation of Code Access Security but more restrictivePermissions configured in wss_UserCode.xml in the 14\CONFIG folderOnly allows use of ASP.NET controls and some of the SharePoint object model

Demo

What requires full trust?Event ReceiversVisual Web PartsTimer JobsPowerShell commandletsSTSADM Commands

Questions?

Thank you sponsors!!

Remember to fill out your evaluations for your chance to win

cool prizesKodak Zi8 HD Pocket Video Camera 2 HP Netbook’s

Also Tons of books2 thinkgeek giftcards for $100 Telerik rad controls set2 licenses of essential user interface studio1 webcast from critical pathMicrosoft Zune

Thanks

Corey RothE-mail: coreyroth@gmail.comTwitter: @coreyrothBlog: www.dotnetmafia.com