Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Webpart with usercontrol and CAS

  Asked By: Nicholas    Date: Dec 01    Category: Sharepoint    Views: 1694

I have been attempting to follow best practice and deploy a webpart
solution to the bin with only the minimal required code access security.
I use a usercontrol in the webpart that is deployed to

My issues appear to stem from the line of code that loads the control.

this.Page.LoadControl(_controltemplates /Custom/MyUsercontrol.aspx)

System.Security.SecurityExceptions were being thrown and I determined
the proper permissions that I needed to include by catching it and
viewing the stack trace to see what it was demanding.

I needed:




FileIOPermission permission for Read and PathDiscovery to the
The exception that I can't figure out is:

The action that failed was: Demand

The type of the first permission that failed was:

The demand was for: <PermissionSet class="System.Security.PermissionSet"
version="1" Unrestricted="true"/>

If I go into the config file and change the NamedPermissionSet to
include Unrestricted="true" it works just fine. That's
giving it full trust and defeating the purpose of the bin deployment,
right? Another thing is in the solution manifest you can't include
PermissionSet Unrestricted="true". So then when deploying the solution
you still would need to go and manually edit the config files on every
front end web. So then we're back to the GAC.

Any suggestions would be appreciated.



3 Answers Found

Answer #1    Answered By: Corina Duran     Answered On: Dec 01

The recommended solution  is to add a <CodeAccessSecurity> element to the
solution manifest. When deployed, the entries in this element are merged
with the current policy in use on the web  application.

Answer #2    Answered By: Irving Hurley     Answered On: Dec 01

Consuming a User Control from a 12\TEMPLATE\CONTROLTEMPLATES\Custom\
folder from within a Web Part using Page.LoadControl should only require
CAS SPRestricted plus SharePointPermission and FileIOPermission.

No other demands should be made.

Answer #3    Answered By: Trevor Davis     Answered On: Dec 01

Thanks for your input. I finally got a chance to troubleshoot the
issue. It turns out there were two reasons it was not working with CAS

1. The ascx file  had CodeFile="CASWepart.ascx.cs" when it needs
CodeBehind=" CASWepart.ascx.cs"
2. The ascx file was deployed  to CONTROLTEMPLATES/Custom/, when I
moved it into CONTROLTEMPLATES/ it worked fine.

We would prefer to have our custom controls in a custom folder  and
not comingle our controls with the OOB controls.
I noticed in the web.config that there is a safe control  entry
<SafeControl Src="~/_controltemplates/*" IncludeSubFolders="True"
Safe="True" AllowRemoteDesigner="True" />

I would have assumed that the IncludeSubFolders="True" would allow
additional subfolders to be safe as well. Doesn't seem to be the
case. I added an additional entry
<SafeControl Src="~/_controltemplates/Custom/*"
IncludeSubFolders="True" Safe="True" AllowRemoteDesigner="True" />

That did not seem to work either. Any suggestions?

Didn't find what you were looking for? Find more on Webpart with usercontrol and CAS Or get search suggestion and latest updates.