MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Custom Web Part and Partial Trust

  Asked By: Sherri    Date: Jan 16    Category: MOSS    Views: 3602

Migrating to 2007 and everything has gone great except for one site that
is using a ton of custom web parts. The web parts were created by a
contractor that is long gone. I'm no developer, but found this:

That essentially says I should edit my web.config and create a custom
policy file bassed on the wss_minimaltrust.config file. I think I did
that, but am still getting the error below. I've supplied the sections
of the two config files. I'm hoping another set of eyeballs can see the
error of my ways. Thanks!

Error Message:
Exception Details: System.Security.SecurityException: That assembly does
not allow partially trusted callers.

Source Error:

An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: That assembly does not allow partially trusted

_PreRender(Object sender, EventArgs e) +0
System.Web.UI.Control.OnPreRender(EventArgs e) +127
Microsoft.SharePoint.WebPartPages.WebPart.OnPreRender(EventArgs e)
System.Web.UI.Control.PreRenderRecursiveInternal() +144
System.Web.UI.Control.PreRenderRecursiveInternal() +258
System.Web.UI.Control.PreRenderRecursiveInternal() +258
System.Web.UI.Control.PreRenderRecursiveInternal() +258
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
System.Web.UI.Page.ProcessRequest() +105
System.Web.UI.Page.ProcessRequest(HttpContext context) +292

nStep.Execute() +610
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +177
Relevant sections from web.config file:
<trustLevel name="WSS_Medium" policyFile="d:\Program Files\Common
Files\Microsoft Shared\Web Server
Extensions\12\config\wss_mediumtrust.config" />
<trustLevel name="CCCC_MinimalTrust"
policyFile="D:\Inetpub\Web\CCCC\bin\cccc_minimaltrust.config" />
<trustLevel name="WSS_Minimal" policyFile="d:\Program Files\Common
Files\Microsoft Shared\Web Server
Extensions\12\config\wss_minimaltrust.config" />


Relevant sections from CCCC_MinimalTrust.config:
Level="Minimal" />
Flags="Execution" />
<IPermission class="WebPartPermission"
Connections="True" />
<IPermission class="SharePointPermission"
ObjectModel="True" />

Url="$AppDirUrl$/bin/CCCC.Web.Parts.dll" />



7 Answers Found

Answer #1    Answered By: Leanne Rios     Answered On: Jan 16

The error you are getting happens when you try to run a signed webpart
from the bin directory of the site. If you have access to the source
code and can recompile all you need to do is add one line to the
assemblyInfo.cs or .vb file. You need a line in there that says
[assembly: System.Security.AllowPartiallyTrustedCallers()] (That's the
C# formatting.)

If you don't have access to the source code then the webpart .dll will
need to be installed in the Global Assembly Cache (GAC) and not the bin.

Answer #2    Answered By: Zachary Roberts     Answered On: Jan 16

I put the web  part into the gac and deleted it from the bin folder.
Same error message. Does that type of activity require a reboot or

Answer #3    Answered By: Maura Durham     Answered On: Jan 16

I was able to get past this by changing the web.config in this web
application to:
<trustLevel name="Full" policyFile="internal"/>
<trust level="Full" originUrl="" />

Are there any implications to this I should be concerned about? The
web application is on the Intranet side of the firewall.

Answer #4    Answered By: Jagat Pandit     Answered On: Jan 16

The major implication is that you have disabled Code Access Security,
which means that any webpart on a page can do anything that it likes.
Although I frequently use this setting in a closed Development
environment, this is never a good idea for a production environment.
Code Access Security was essentially the same in 2003 as it is in 2007,
so if the webparts used to run either you were running your 2003
environment in "Full" mode or the contractor originally did their job
the right way and created custom  security policy files for the 2003
environment. If so, then the right way to fix it is to find those files
and carefully migrate them to the 2007 environment. They should be
almost the same in 2007 as they were in 2003.

One additional point. The specific error message you are getting
usually comes from webparts that have been signed and added to the
Global Assembly Cache. If that's the case then these webparts need to
be updated and recompiled with an additional line in the AssemblyInfo
file of the project. The line is

[assembly: System.Security.AllowPartiallyTrustedCallers()]

Answer #5    Answered By: Jerod Carrillo     Answered On: Jan 16

I just looked. It is running full on the 2003 farm. Prior to trying
to change the 2007 application to full trust, I did recompile the code
with the [assembly: System.Security.AllowPartiallyTrustedCallers()],
but that didn't seem to make any difference. I'm certain I'm not
doing something right since the project name is ABC.Web and recompile
generated ABC.Web.dll, but there is also a ABC.Web.Parts.dll on the
2003 farm and I don't know where that came from.

Since it was running in full trust  for the past 2 years without
incident, it wouldn't seem too terribly bad to leave it as is.

Answer #6    Answered By: Hema Pasupuleti     Answered On: Jan 16

Was the web  part assembly(s) deployed to the GAC or to the /bin folder?

If it was deployed to the GAC, you must use full trust  (<trust
level="Full" originUrl="" />).

Unfortunately if any custom  development (i.e. Custom Field Types, Event
Handlers) was deployed to the GAC, you will still need Full trust.

The web part  project template is set up to deploy to the GAC. Custom
Field Types and Event Handlers MUST be deployed to the GAC. Because of
this, I'm screwed when it comes to code-access security.

Microsoft needs to address this - but they won't.

Answer #7    Answered By: Candis Kinney     Answered On: Jan 16

You do not need to set trust  level to Full just because the dll was
deployed to the GAC. All you need to do is add one additional line to
the AssemblyInfo file of the project before you compile the .dll and
deploy it. IMHO production servers should never be set to run with
trust level="Full".

Didn't find what you were looking for? Find more on Custom Web Part and Partial Trust Or get search suggestion and latest updates.