|
1. Go to the following location on the server: LocalDrive:\Program
Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG
2. Make a copy of wss_minimaltrust.config and rename it
wss_customtrust.config.
3. Open wss_customtrust.config file using any text editor.
4. Under the
element, add a reference to the SharePointPermissions class as follows:
<SecurityClass
Name="SharePointPermission"
Description="Microsoft.SharePoint.Security.SharePointPermission,
Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c." />
5. Search for the
tag where the name attribute equals ASP.NET. If you couldn't find that tag, locate the one that has SPRestricted in the name attribute.
6.
Copy the entire tag and all of its children, and paste a copy of it immediately below the one you copied.
7.
Change the name of the PermissionSet element from ASP.NET (or SPRestricted) to CustomTrust.
Before:
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="SPRestricted">
After:
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="CustomTrust">
8-Add the following
node to the
element where the name attribute equals CustomTrust:
<IPermission
class="SharePointPermission"
version="1"
ObjectModel="True" />
Therefore, the resulting customized
will look as
follows:
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="CustomTrust">
<IPermission
class="AspNetHostingPermission"
version="1"
Level="Minimal"
/>
<IPermission
class="SecurityPermission"
version="1"
Flags="Execution"
/>
<IPermission
class="WebPartPermission"
version="1"
Connections="True"
/>
<IPermission
class="SharePointPermission"
version="1"
ObjectModel="True" />
</PermissionSet>
9. Once you define the customized element, you must create a
code group to specify when the CLR should apply the permission set. (For
details, see the original Microsoft article). Locate
tag where the class attribute equals
FirstMatchCodeGroup and copy following CodeGroup immediately
below it:
<CodeGroup class="UnionCodeGroup"
version="1"
PermissionSetName="CustomTrust">
<IMembershipCondition class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/bin/*" />
</CodeGroup>
The membership condition for this new code group is based on URL membership and
the URL points to the bin directory. The permissions will be applied to all the
assemblies in the bin directory of the current application. You can also use
strong name membership but then the permissions will be applied only to one
assembly. For example, if I have written a web service and I wanted to assign
permissions to my assembly only, I would use strong name membership. Copy
following code immediately below the
tag where the class attribute
equals FirstMatchCodeGroup, if you want to use strong name
membership:
<CodeGroup class="UnionCodeGroup"
version="1"
PermissionSetName="CustomTrust">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="0x0024000004800000940000000602000000
2400005253413100040000010001004"
Name="UploadService" />
</CodeGroup>
Replace PublicKeyBlob value with your own value and change the name of the
assembly in the Name attribute. Name attribute contains the name of the
assembly. To retrieve the public key blob for an assembly, use the secutil.exe
tool. Please note that publickeyblob is different from publickeytoken.
Secutil.exe is located in the following folder:
LocalDrive:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin
To retrieve the public key blob for your assembly, either copy the secutil.exe
tool to the folder that contains your assembly else provide exact path to the
assembly in the command, and run the tool as follows: secutil.exe -hex -s
UploadService.dll > blob.txt UploadService.dll is the name of the assembly.
This command will create a text file named blob.txt. Open blob.txt and copy the
public key and paste it in the publickeyblob attribute.
10. Save and close the file. The policy file is ready to use.
11. Open the web.config file for the virtual server where you
have deployed your component and add the following
tag to the SecurityPolicy element:
<trustLevel
name="WSS_Custom" policyFile="LocalDrive:\Program
Files\Common Files\Microsoft Shared\Web Server
Extensions\12\config\wss_customtrust.config" />
Virtual Directories for web applications are located in the following folder:
LocalDrive:\Inetpub\wwwroot\wss\VirtualDirectories
Suppose I want to deploy my web service in the web application configured at
port 17316. The URL of that application would be http://localhost:17316 and its
virtual directory will be:
LocalDrive:\Inetpub\wwwroot\wss\VirtualDirectories\17315
Create a bin folder in this path and copy your assembly to the bin folder. The
web.config for this virtual server will be located in the following folder:
LocalDrive:\Inetpub\wwwroot\wss\VirtualDirectories\17315 In the web.config
file, change the
tag so that it refers to the newly defined trust level.
<trust
level="WSS_Custom" originUrl="" />
Save and close the web.config file. 13. Restart IIS to apply the custom policy
to the specified virtual server.
|