Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

How do I fully trust this operation?

  Asked By: Krista    Date: Oct 16    Category: Sharepoint    Views: 742

I have a code security/permissions issue.

A member of my development Team is building a simple webpart whose
only purpose is to be an IRowProvider for other webparts.
The information that this webpart is providing is a distilled set of
employee data. This data is unlikely to change during the day so I
wrote an assembly that uses an HTTPModule to monitor for changes in
the source data and keep an ASP.Net Cache object current with a
DataTable of the active information. (We do not have SQL 2005.)
This DLL works like a champ in regular ASP.Net 1.1 websites.

I then added some methods in our "webpart helper" library to return
a particular Employee class based on either the currently logged in
user (System.Web.HttpContext.Current.User.Identity.Name) or based on
a Network ID passed to the method. The Employee class is really
little more than a wrapper to a DataRow from the cached DataTable...
just to give junior developer Intellisense.

My developer then built a prototype webpart that references both the
MyCompany.WebPart.WPHelper.DLL assembly and it's required
counterpart, MyCompany.Web.EmployeeDetails.DLL. When we try to
retrieve the DataTable from the ASP.Net cache, we get the following
exception, "System.Security.SecurityException: Security error.".

I have both assemblies and the webpart all three in the GAC; I have
all three listed in the "SafeControls" area of the web.config.
I even tried setting <trust level="Full" originUrl="" />, but that
wasn't successful, so I backed it down.



3 Answers Found

Answer #1    Answered By: Alison West     Answered On: Oct 16

No developers looking at the messages?

Answer #2    Answered By: Freddy Heath     Answered On: Oct 16

I estimate this list to be roughly 2/3 developers. Not all posts get answered, however. This is a “volunteer” list……….

Answer #3    Answered By: Joanna Dixon     Answered On: Oct 16

There are developers who read this list but it depends on what time your messages are posted. Think timezones.

Even though you put your webpart  in the GAC, I think you still need to do impersonation to access the user information  to do the interaction with the system.

Didn't find what you were looking for? Find more on How do I fully trust this operation? Or get search suggestion and latest updates.