Logo 
Search:

Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Rights Security

  Asked By: Daniel    Date: Nov 29    Category: Sharepoint    Views: 1486

I have a webpart dll that I have writen and deployed to the bin dir. That said
one of the webparts uses a call to:

SPUtility.SendEmail(SPContext.Current.Web, false, false,
SendEmailToAddress, _emailTitle, _emailBody);

and also puts content into a list - with a call to list.update....

I have writen a security right file:

<configuration>
<mscorlib>
<security>
<policy>
<PolicyLevel version="1">
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition"
Description="System.Security.Policy.AllMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="AspNetHostingPermission"
Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="FirstMatchCodeGroup"
Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="NamedPermissionSet"
Description="System.Security.NamedPermissionSet" />
<SecurityClass Name="SecurityPermission"
Description="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="StrongNameMembershipCondition"
Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="UnionCodeGroup"
Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="UrlMembershipCondition"
Description="System.Security.Policy.UrlMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="WebPartPermission"
Description="Microsoft.SharePoint.Security.WebPartPermission,
Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" />
<SecurityClass Name="ZoneMembershipCondition"
Description="System.Security.Policy.ZoneMembershipCondition, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="SharePointPermission"
Description="Microsoft.SharePoint.Security.SharePointPermission,
Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" />
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet class="NamedPermissionSet" version="1"
Description="WSPBuilder generated permissionSet"
Name="sterling.wsp-45f17bd8-c4d8-4862-b5f4-342755599f9a-1">
<IPermission class="System.Security.Permissions.FileIOPermission,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Unrestricted="true" />
<IPermission class="System.Net.WebPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
<IPermission class="System.Net.Mail.SmtpPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
<IPermission
class="Microsoft.SharePoint.Security.SharePointPermission,
Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" version="1" Unrestricted="True" />
<IPermission class="WebPartPermission" version="1"
Connections="True" />
<IPermission class="System.Net.SocketPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
<IPermission class="System.Configuration.ConfigurationPermission,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" version="1" Unrestricted="true" />
<IPermission class="System.Data.SqlClient.SqlClientPermission,
System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Unrestricted="true" />
<IPermission
class="System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
<IPermission class="System.Net.DnsPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
<IPermission
class="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
<IPermission
class="System.Security.Permissions.ReflectionPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
<IPermission class="PrintingPermission" version="1"
Level="DefaultPrinting" />
<IPermission class="System.Security.Permissions.StorePermission,
System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Unrestricted="true" />
<IPermission class="System.Web.AspNetHostingPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Level="Unrestricted" Unrestricted="true" />
<IPermission
class="System.Security.Permissions.RegistryPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
<IPermission
class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"
Unrestricted="true" />
</PermissionSet>
<PermissionSet class="NamedPermissionSet" version="1"
Unrestricted="true" Name="FullTrust" Description="Allows full access to all
resources" />
<PermissionSet class="NamedPermissionSet" version="1" Name="Nothing"
Description="Denies all resources, including the right to execute" />
<PermissionSet class="NamedPermissionSet" version="1"
Name="SPRestricted">
<IPermission class="AspNetHostingPermission" version="1"
Level="Minimal" />
<IPermission class="SecurityPermission" version="1"
Flags="Execution" />
<IPermission class="WebPartPermission" version="1"
Connections="True" />
</PermissionSet>
<PermissionSet class="NamedPermissionSet" version="1"
Name="WebPartBinTrust">
<IPermission class="AspNetHostingPermission" version="1"
Level="Medium" />
<IPermission class="SecurityPermission" version="1"
Flags="Execution" />
<IPermission class="WebPartPermission" version="1"
Connections="True" />
<IPermission class="SharePointPermission" version="1"
ObjectModel="True" />
</PermissionSet>
</NamedPermissionSets>
<CodeGroup class="FirstMatchCodeGroup" version="1"
PermissionSetName="Nothing">
<IMembershipCondition class="AllMembershipCondition" version="1" />
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="sterling.wsp-45f17bd8-c4d8-4862-b5f4-342755599f9a-1">
<IMembershipCondition version="1" Name="Sterling"
class="StrongNameMembershipCondition"
PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001003\
D7501DF9058F72242F1211AEF2F2A147B76D3559B2F85D641EF2E73AA53B8CD1B57BEE5F9472B9C0\
AD62AA79AD38EB354CF576400D842665AD15F8EBA73CAA8861F48F03DAA06E9B51AB870209B40023\
DB4C5D5483A7CDFE1D050994F11914D570BDBD4FE01DB8BDC7E82B33A7105497D678832CD95CE0CE\
A0FDA93C63D6186" AssemblyVersion="1.0.0.0" />
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="WebPartBinTrust">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001003\
D7501DF9058F72242F1211AEF2F2A147B76D3559B2F85D641EF2E73AA53B8CD1B57BEE5F9472B9C0\
AD62AA79AD38EB354CF576400D842665AD15F8EBA73CAA8861F48F03DAA06E9B51AB870209B40023\
DB4C5D5483A7CDFE1D050994F11914D570BDBD4FE01DB8BDC7E82B33A7105497D678832CD95CE0CE\
A0FDA93C63D6186" Name="Sterling" />
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="FullTrust">
<IMembershipCondition class="UrlMembershipCondition" version="1"
Url="$AppDirUrl$/_app_bin/*" />
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="SPRestricted">
<IMembershipCondition class="UrlMembershipCondition" version="1"
Url="$AppDirUrl$/*" />
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="FullTrust">
<IMembershipCondition class="UrlMembershipCondition" version="1"
Url="$CodeGen$/*" />
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="Nothing">
<IMembershipCondition class="ZoneMembershipCondition" version="1"
Zone="MyComputer" />
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="FullTrust" Name="Microsoft_Strong_Name" Description="This
code group grants code signed with the Microsoft strong name full trust. ">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001000\
7D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1D\
D9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F16\
45C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206\
DC093344D5AD293" />
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1"
PermissionSetName="FullTrust" Name="Ecma_Strong_Name" Description="This code
group grants code signed with the ECMA strong name full trust. ">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1" PublicKeyBlob="00000000000000000400000000000000" />
</CodeGroup>
</CodeGroup>
</CodeGroup>
</PolicyLevel>
</policy>
</security>
</mscorlib>
</configuration>

and set the trust level in the web.config to WSS_Custom - but somewhere in this
function - I am not giving it some right that it needs because I get a
SPPermissions exception.

Is there a tool out there that I can use that will tell me what "right" I have
missed?

Share: 

 

1 Answer Found

 
Answer #1    Answered By: Harvey Blankenship     Answered On: Nov 29

From a quick look at the security  file it looks like you use the Public Key
Blob twice in the file, once to assign a permission set  called
Sterling.wsp-GUID and once to assign WebPartBinTrust. As I understand CAS
only one of these will be processed. In your case I suspect its the wrong
one. double check which should contain the right permissions and make sure
that is the only entry referencing the dlls PublicKeyBlob.

 
Didn't find what you were looking for? Find more on Rights Security Or get search suggestion and latest updates.




Tagged: