Previously we have looked at how to setup Code Access Security properly for our Web Parts. This process obviously requires access to the SharePoint Server. So what if, we don't have access to the Server? What if, the Web Part is a commercial web part? Do we do what most vendors do and ask customers to put the DLL of our Web Part in the GAC? Or do we ask them to set the Web.Config Trust Level to WSS_Medium or even worse Full? Or do we give them complicated instructions on how to setup Code Access Security? Well, none of these need apply! What we can do is use the manifest.xml inside our WSP to specify any additional Permission Sets we require, and we can create a Union Code group in there.
When we deploy the Web Part Solution, A Copy of the currently set CAS policy file is made, renamed, amended, and added to the Web.Config.
So here is how to do it:
- Create a WSP solution for your web part. See this link on how to create a WSP. http://msdn2.microsoft.com/EN-US/library/aa543741.aspx
- Type the following code to setup a new Permission Set in the WSP. (The following example gives our web part the same permissions as SPRestricted, but also adds the SharePointPermission with Object Model access).
<>
class="NamedPermissionSet"
version="1"
Name="LightningTools">
<>
class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Level="Minimal"
/>
<>
class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Execution"
/>
<>
version="1"
Connections="True"
/>
<>
version="1"
ObjectModel="True"
/>
- Create the Union Code Group in order to ensure that code signed with our Public Key Blob gets the new Permission Set:
<>
Name = "LightningTools.KPIBDC"
PublicKeyBlob = "002400000480000094000000060200000024000052534131000400000100010055E1CAF1A2C193A4B6822A726B33FF2E197ACAB70E9BB7F7C03E7D9243EA82A2E67735C91F8E8E5290703C05DA6826F7186A640B42551259042F27CE55053442877B248123BA91F423E852A10F1BB625CEDD9EE43B7233780180FFB1941C8BE96D1CC22CD3E71C88C8E1DC2C93F9E6CAFE2B9DA07105A25362D8E085A33657AD"
Version = "1.0.0.0">
- Your completed manifest.xml should look like this:
< xmlns="http://schemas.microsoft.com/sharepoint/">
SolutionId="D5BF6893-8024-45c6-91A1-E35758013A03">
< Location="LightningTools.KPIBDC.dll">
DeploymentTarget="WebApplication">
< Namespace="LightningTools.KPIBDC">
TypeName="*" />
<>
class="NamedPermissionSet"
version="1"
Name="LightningTools">
<>
class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Level="Minimal"
/>
<>
class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Execution"
/>
<>
version="1"
Connections="True"
/>
<>
version="1"
ObjectModel="True"
/>
<>
Name = "LightningTools.KPIBDC"
PublicKeyBlob = "002400000480000094000000060200000024000052534131000400000100010055E1CAF1A2C193A4B6822A726B33FF2E197ACAB70E9BB7F7C03E7D9243EA82A2E67735C91F8E8E5290703C05DA6826F7186A640B42551259042F27CE55053442877B248123BA91F423E852A10F1BB625CEDD9EE43B7233780180FFB1941C8BE96D1CC22CD3E71C88C8E1DC2C93F9E6CAFE2B9DA07105A25362D8E085A33657AD"
Version = "1.0.0.0">