stackoom
  简体   繁体   中英

CAS Policy for Sharepoint Application Page

 原文  2009-06-23 22:01:04       sharepoint

Question

I have an application page that I am creating in SharePoint to host in the LAYOUTS directory. The web project reference an external Assembly that access the file system to get files from a external file share.

My problem is that I want to deploy the assembly to the application BIN directory (not GAC) and use a CAS permission policy to allow it to execute within SharePoint. However, at this point, whenever I deploy the page I get this exception:

Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

I know that the issue is CAS-related, as it works fine when I deploy to the GAC.

My current CAS permissions look like this: 

<SecurityClasses>
    <SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
    <SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="WebPartPermission" Description="Microsoft.SharePoint.Security.WebPartPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"/>
    <SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="SharePointPermission" Description="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
    <SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
    <PermissionSet
            class="NamedPermissionSet"
            version="1"
            Unrestricted="true"
            Name="FullTrust"
            Description="Allows full access to all resources"
    />
    <PermissionSet
            class="NamedPermissionSet"
            version="1"
            Name="Nothing"
            Description="Denies all resources, including the right to execute"
    />
    <PermissionSet
            class="NamedPermissionSet"
            version="1"
            Name="SPRestricted">
        <IPermission 
                class="AspNetHostingPermission"
                version="1"
                Level="Minimal"
        />
        <IPermission 
                class="SecurityPermission"
                version="1"
                Flags="Execution"
        />
        <IPermission class="WebPartPermission"
                version="1"
                Connections="True"
        />
    </PermissionSet>
    <PermissionSet
            class="NamedPermissionSet"
            version="1"
            Name="CustomTrust">
        <IPermission 
                class="AspNetHostingPermission"
                version="1"
                Level="Medium"
        />                        
        <IPermission class="WebPartPermission"
                version="1"
                Connections="True"
        />
        <IPermission class="SharePointPermission" 
                version="1" 
                ObjectModel="True" />
        <IPermission
                class="FileIOPermission"
                version="1"
                Unrestricted="true"                             
                Read="$AppDir$"
                Write="$AppDir$"
                Append="$AppDir$"
                PathDiscovery="$AppDir$"                                
        />                      
        <IPermission 
                class="SecurityPermission"
                version="1"
                Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration, ControlEvidence, UnmanagedCode"
                Unrestricted="true"
        />
        <IPermission
                class="EnvironmentPermission"
                version="1"
                Unrestricted="true"
        />
    </PermissionSet>
</NamedPermissionSets>
<CodeGroup 
        class="FirstMatchCodeGroup"
        version="1"
        PermissionSetName="Nothing">
    <IMembershipCondition 
            class="AllMembershipCondition"
            version="1"
    />
<CodeGroup class="UnionCodeGroup" 
    version="1" 
    PermissionSetName="CustomTrust">
    <IMembershipCondition class="StrongNameMembershipCondition" 
        version="1" 
        PublicKeyBlob="0x00240000048000009400000006020000002400005253413100040000010001002B54E7863E7D5443ACBF8DD7F18B9D2399FF73AE7C791BDEFA2BF7544DFB5B8DBB5C8DD705374386CD6A729C755ED4478CD9FA0FF912385FA1AE684345E82E793262A2DCEE1DEC1178BE488C18D338CFE62BCC1C06E4B235BBB6A886884889FC854F8CFA149DFCD18CC479229F0956E19A1DC9FDECAE844F850C2A34121546B8" 
        Name="ConteoPolicy" /> 
    </CodeGroup>
<CodeGroup 
            class="UnionCodeGroup"
            version="1"
            PermissionSetName="FullTrust">
        <IMembershipCondition 
                class="UrlMembershipCondition"
                version="1"
                Url="$AppDirUrl$/_app_bin/*"
        />
    </CodeGroup>
    <CodeGroup 
            class="UnionCodeGroup"
            version="1"
            PermissionSetName="SPRestricted">
        <IMembershipCondition 
                class="UrlMembershipCondition"
                version="1"
                Url="$AppDirUrl$/*"
        />
    </CodeGroup>
    <CodeGroup 
            class="UnionCodeGroup"
            version="1"
            PermissionSetName="FullTrust">
        <IMembershipCondition 
                class="UrlMembershipCondition"
                version="1"
                Url="$CodeGen$/*"
        />
    </CodeGroup>
    <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="Nothing">
        <IMembershipCondition 
            class="ZoneMembershipCondition"
            version="1"
            Zone="MyComputer" />
        <CodeGroup
                class="UnionCodeGroup"
                version="1"
                PermissionSetName="FullTrust"
                Name="Microsoft_Strong_Name"
                Description="This code group grants code signed with the Microsoft strong name full trust. ">
            <IMembershipCondition
                    class="StrongNameMembershipCondition"
                    version="1"
                    PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
            />
        </CodeGroup>
        <CodeGroup
                class="UnionCodeGroup"
                version="1"
                PermissionSetName="FullTrust"
                Name="Ecma_Strong_Name"
                Description="This code group grants code signed with the ECMA strong name full trust. ">
            <IMembershipCondition
                    class="StrongNameMembershipCondition"
                    version="1"
                    PublicKeyBlob="00000000000000000400000000000000"
            />
        </CodeGroup>
    </CodeGroup>
</CodeGroup>

I used the permcalc tool available from Microsoft on my assembly and added the permissions that it discovered, but the issue was not resolved.

Has anyone ever have this problem deploying application pages in Bin folder?

3 answers

solution1
 3 ACCPTED  2009-06-24 09:01:11

I prefer to deploy to the bin folder but have had issues specifiying the required permissions.

This approach works well and grants your assembly full trust while still located in the bin folder.

http://blog.tylerholmes.com/2008/11/creating-custom-cas-policy-file-for.html

Unfortunalty it's a manual process.

solution2
 1  2009-06-30 19:30:28

After reading some articles in Internet and MSDN i came up with another solution, just make a WSP package to install the solution and to define in the manifest file the apropiate permissions. This solution is great because you dont have to modify the Web.config and the wss_minimaltrust.config manually, the stsadm make all this automaticly and in all the nodes of the server farm.

When you deploy the solution dont forget to put de option -allowCasPolicies.

STSADM -o deploysolution -name Mysolution.wsp -immediate -url http://serverfarm:8083 -allowCasPolicies

My manifest look like this 

    <Solution
  SolutionId="27F5B763-2613-41a7-84D9-458A7206F1BE"
  xmlns="http://schemas.microsoft.com/sharepoint/">
<TemplateFiles>
    <TemplateFile Location="LAYOUTS\MyAppPage\apppage.aspx" />
</TemplateFiles>

<Assemblies>
    <Assembly DeploymentTarget="WebApplication" Location="MyAssembly.dll" >
        <SafeControls>
            <SafeControl Assembly="MyAssembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=..." Namespace="MyAssembly" TypeName="*" Safe="True" />
        </SafeControls>
    </Assembly>
</Assemblies>

<CodeAccessSecurity>
    <PolicyItem>
        <PermissionSet class="NamedPermissionSet" version="1" Description="Permisos para My assembly">
            <IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
            <IPermission class="SecurityPermission" version="1" Flags="Execution,UnmanagedCode,ControlPrincipal,ControlEvidence,Assertion" />
            <IPermission class="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Unrestricted="true" />
            <IPermission class="System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
            <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" />
            <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" PathDiscovery="*AllFiles*" />
            <IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
            <IPermission class="System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
            <IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
        </PermissionSet>
        <Assemblies>
            <Assembly PublicKeyBlob="..."/>         
        </Assemblies>
    </PolicyItem>
</CodeAccessSecurity>

solution3
 0  

I've always had problems with the BIN folder working correctly, so I always build mine to deploy to the GAC.

Microsoft does describe how to make the correct settings to your web.config file that should allow your assembly to run with higher permissions.

Take a look at this page for more information. I know the page is about WebParts but it should also go with what you are trying to do.

http://msdn.microsoft.com/en-us/library/cc768621.aspx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question LayoutsPageBase and CAS policies in SharePoint Page Inheritance in custom Sharepoint Application Display PDF - Application Page SharePoint SharePoint 2010 List Application Page Ribbon SharePoint Application Page - File not found exception How to use SharePoint Field in application page How to add an application page to a site in SharePoint? Remote File Accessing from Sharepoint Application Page SharePoint SPContext.List in a custom application page Publishing SharePoint Application Page to a remote server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM