Understand Code Access Security of SPS

Code access security is implemented by a series of configuration files.

1. The first configuratin file of concern is machine.config located in C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG. This file specifies master settings that will be inherited by all SharePoint Services sites that run on the server.
    The following code shows the <securityPolicy> section of machine.config file associated with an installation of SPS.
    <securityPolicy>
        <trustLevel name="Full" policyFile="internal" />
        <trustLevel name="High" policyFile="web_hightrust.config" />
        <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
        <trustLevel name="Low"  policyFile="web_lowtrust.config" />
        <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
    </securityPolicy>
   
2. In addition, web.config file has a <securityPolicy> section that defines two additional levels of trust known as WSS_Medium and WSS_Minimal. The following code shows a default settings.
    <securityPolicy>
      <trustLevel name="WSS_Medium" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\config\wss_mediumtrust.config" />
      <trustLevel name="WSS_Minimal" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\config\wss_minimaltrust.config" />
    </securityPolicy>
   
Web parts running under WSS_Minimal can not access any database server nor can they access the objects contained in the SharePoint object model.

3. Customize Policy Files
(1) Raise the trust level for all SharePoint Services sites by modifying the web.config file. Change the default settings of web.config from <trust level="WSS_Minimal" originUrl="" /> to
<trust level="WSS_Medium" orginUrl="" />
 Now you set the trust level to WSS_Medium.

(2) The GAC grants the Full level of trust to web parts. So the second option is to deploy all of web parts into the GAC.
As a side note, you'll also have to restart IIS each time you recompile a web part into the GAC.
  gacutil -i [assembly.dll], this command line is used to deploy a web part into the GAC.
 
(3) To Create your own custom policy file is the recommended best practice for production environments. However, this approach requires the most effort. You can refer to other documents if you are insterested in this method.

posted @ 2004-07-20 03:25  Rickie  阅读(1080)  评论(0编辑  收藏  举报