我有一个应用程序页面,我在SharePoint中创建它以在LAYOUTS目录中托管。 Web项目引用访问文件系统的外部程序集以从外部文件共享中获取文件。
我的问题是我想将程序集部署到应用程序BIN目录(而不是GAC),并使用CAS权限策略允许它在SharePoint中执行。但是,此时,每当我部署页面时,我都会遇到此异常:
请求获得类型'System.Security.Permissions.FileIOPermission,mscorlib,Version = 2.0.0.0,Culture = neutral,PublicKeyToken = b77a5c561934e089'的权限失败。
我知道这个问题与CAS有关,因为我在部署到GAC时工作正常。
我当前的CAS权限如下所示:
<SecurityClasses>
<SecurityClass Name="AllMembershipCondition" Description="System.Security.Policy.AllMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="AspNetHostingPermission" Description="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="FirstMatchCodeGroup" Description="System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="NamedPermissionSet" Description="System.Security.NamedPermissionSet"/>
<SecurityClass Name="SecurityPermission" Description="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="StrongNameMembershipCondition" Description="System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UnionCodeGroup" Description="System.Security.Policy.UnionCodeGroup, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="UrlMembershipCondition" Description="System.Security.Policy.UrlMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="WebPartPermission" Description="Microsoft.SharePoint.Security.WebPartPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"/>
<SecurityClass Name="ZoneMembershipCondition" Description="System.Security.Policy.ZoneMembershipCondition, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="SharePointPermission" Description="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<SecurityClass Name="FileIOPermission" Description="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<SecurityClass Name="EnvironmentPermission" Description="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</SecurityClasses>
<NamedPermissionSets>
<PermissionSet
class="NamedPermissionSet"
version="1"
Unrestricted="true"
Name="FullTrust"
Description="Allows full access to all resources"
/>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="Nothing"
Description="Denies all resources, including the right to execute"
/>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="SPRestricted">
<IPermission
class="AspNetHostingPermission"
version="1"
Level="Minimal"
/>
<IPermission
class="SecurityPermission"
version="1"
Flags="Execution"
/>
<IPermission class="WebPartPermission"
version="1"
Connections="True"
/>
</PermissionSet>
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="CustomTrust">
<IPermission
class="AspNetHostingPermission"
version="1"
Level="Medium"
/>
<IPermission class="WebPartPermission"
version="1"
Connections="True"
/>
<IPermission class="SharePointPermission"
version="1"
ObjectModel="True" />
<IPermission
class="FileIOPermission"
version="1"
Unrestricted="true"
Read="$AppDir$"
Write="$AppDir$"
Append="$AppDir$"
PathDiscovery="$AppDir$"
/>
<IPermission
class="SecurityPermission"
version="1"
Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration, ControlEvidence, UnmanagedCode"
Unrestricted="true"
/>
<IPermission
class="EnvironmentPermission"
version="1"
Unrestricted="true"
/>
</PermissionSet>
</NamedPermissionSets>
<CodeGroup
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Nothing">
<IMembershipCondition
class="AllMembershipCondition"
version="1"
/>
<CodeGroup class="UnionCodeGroup"
version="1"
PermissionSetName="CustomTrust">
<IMembershipCondition class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="0x00240000048000009400000006020000002400005253413100040000010001002B54E7863E7D5443ACBF8DD7F18B9D2399FF73AE7C791BDEFA2BF7544DFB5B8DBB5C8DD705374386CD6A729C755ED4478CD9FA0FF912385FA1AE684345E82E793262A2DCEE1DEC1178BE488C18D338CFE62BCC1C06E4B235BBB6A886884889FC854F8CFA149DFCD18CC479229F0956E19A1DC9FDECAE844F850C2A34121546B8"
Name="ConteoPolicy" />
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/_app_bin/*"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="SPRestricted">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/*"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$CodeGen$/*"
/>
</CodeGroup>
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="Nothing">
<IMembershipCondition
class="ZoneMembershipCondition"
version="1"
Zone="MyComputer" />
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Microsoft_Strong_Name"
Description="This code group grants code signed with the Microsoft strong name full trust. ">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Ecma_Strong_Name"
Description="This code group grants code signed with the ECMA strong name full trust. ">
<IMembershipCondition
class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="00000000000000000400000000000000"
/>
</CodeGroup>
</CodeGroup>
</CodeGroup>
我在我的程序集中使用了Microsoft提供的permcalc工具,并添加了它发现的权限,但问题仍未解决。
有没有人在Bin文件夹中部署应用程序页面时遇到此问题?
答案 0 :(得分:3)
我更喜欢部署到bin文件夹,但是在指定所需权限时遇到了问题。
这种方法运行良好,并且仍然位于bin文件夹中,使您的程序集完全信任。
http://blog.tylerholmes.com/2008/11/creating-custom-cas-policy-file-for.html
不幸的是,这是一个手动过程。
答案 1 :(得分:1)
在阅读了Internet和MSDN中的一些文章后,我提出了另一种解决方案,只需制作一个WSP包来安装解决方案,并在清单文件中定义适当的权限。这个解决方案很棒,因为你不必手动修改Web.config和wss_minimaltrust.config,stsadm会自动完成所有这些并在服务器场的所有节点中。
部署解决方案时,不要忘记输入de option -allowCasPolicies。
STSADM -o deploysolution -name Mysolution.wsp -immediate -url http://serverfarm:8083 -allowCasPolicies
我的清单看起来像这样
<Solution
SolutionId="27F5B763-2613-41a7-84D9-458A7206F1BE"
xmlns="http://schemas.microsoft.com/sharepoint/">
<TemplateFiles>
<TemplateFile Location="LAYOUTS\MyAppPage\apppage.aspx" />
</TemplateFiles>
<Assemblies>
<Assembly DeploymentTarget="WebApplication" Location="MyAssembly.dll" >
<SafeControls>
<SafeControl Assembly="MyAssembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=..." Namespace="MyAssembly" TypeName="*" Safe="True" />
</SafeControls>
</Assembly>
</Assemblies>
<CodeAccessSecurity>
<PolicyItem>
<PermissionSet class="NamedPermissionSet" version="1" Description="Permisos para My assembly">
<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
<IPermission class="SecurityPermission" version="1" Flags="Execution,UnmanagedCode,ControlPrincipal,ControlEvidence,Assertion" />
<IPermission class="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Unrestricted="true" />
<IPermission class="System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" />
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" PathDiscovery="*AllFiles*" />
<IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
<IPermission class="System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
<IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
</PermissionSet>
<Assemblies>
<Assembly PublicKeyBlob="..."/>
</Assemblies>
</PolicyItem>
</CodeAccessSecurity>
答案 2 :(得分:0)
我一直遇到BIN文件夹正常工作的问题,因此我总是将我的部署建立到GAC。
Microsoft确实介绍了如何对web.config文件进行正确的设置,该文件应允许程序集以更高的权限运行。
请查看此页面以获取更多信息。我知道该页面是关于WebParts的,但它也应该与你想要做的事情一致。