This document discusses partially trusted code in SharePoint and how to deploy binaries to the bin folder while using partial trust. It provides an overview of what partial trust is and why it should be used. It also demonstrates how to implement partial trust by adding an assembly attribute, modifying the web.config, and defining a security policy. The document explains how solutions can be deployed using CAS policies and how to determine the required CAS policies.

1. Deploying binaries to the bin folder Partially Trusted Code in SharePoint Corey Roth Stonebridge Twitter: @coreyroth Blog: www.dotnetmafia.com

2. Corey Roth Consultant for Stonebridge in Tulsa, OK Worked in Consumer Electronics, Travel, Advertising, and Energy industries Currently doing SharePoint development specializing in Enterprise Search Microsoft Solutions Advocate Microsoft Award for Customer Excellence (ACE) Winner E-mail: coreyroth@gmail.com Twitter: @coreyroth Blog: www.dotnetmafia.com

3. What is Partial Trust?

4. Why use Partial Trust? More Secure Allows deployment of assemblies to bin folder Deployment doesn’t require an Application Pool reset Doesn’t require giving every deployed DLL full trust

5. Demo

6. Implementing Partial Trust Add [Assembly: AllowParitallyTrustedCallers()] to AssemblyInfo.cs Set <trust Level=“Minimal” originUrl=“” /> in web.config Define Security Policy in Trust configuration file Security policy can be deployed via solution package (.wsp) using manifest.xml PowerShell: Install with Install-SPSolution and –CASPolicies parameter WSS3: Install with stsadm and –allowCasPolicies parameter

7. Visual Studio 2010 CAS policies configured in Package Editor manifest tab Still must configure permissions manually Set Assembly Deployment Target to WebApplication on project properties

8. Demo

9. How do I determine CAS policy? Google Reflector Exceptions DotNetMafia.com

10. <CodeAccessSecurity> Element in trust configuration file that defines which CAS Policies apply to each assembly <IPermission> element defines individual rights to resources such as ASP.NET, SharePoint, EventLog, Configuration, SQL Server, File I/O Can be copied to configuration file manually or deployed via solution package (wsp)

11. <IPermission> AspNetHostingPermission (Level=“Minimal”) – Required for ASP.NET Controls SharePointPermission (ObjectModel=“True”) – Required to use SharePoint API FileIOPermission (Read, Write, PathDiscovery, Append) – Specifies files the code can access - $AppDir$ by default SqlClientPermission – Required to access SQL Server ReflectionPermission – Required for LINQ SecurityPermission – Required for most basic operations EnvironmentPermission – Provides access to environment variables

12. What the solution package does Backs up your web.config Changes the trust element to WSS_Custom in web.config Backs up trust configuration file – wss_minimaltrust.config becomes wss_custom_wss_minimaltrust.config Changes the path to the trust configuration file in the web.config <trustLevel> element Adds code access security settings from manifest.xml

13. Demo

14. Sandboxed Solutions Variation of Code Access Security but more restrictive Permissions configured in wss_UserCode.xml in the 14ONFIG folder Only allows use of ASP.NET controls and some of the SharePoint object model

15. Demo

16. What requires full trust? Event Receivers Visual Web Parts Timer Jobs PowerShell commandlets STSADM Commands

17. Questions?

18. Thank you sponsors!!

19. 2 HP Netbook’s Also Tons of books 2 thinkgeekgiftcards for $100 Telerikrad controls set 2 licenses of essential user interface studio 1 webcast from critical path Microsoft Zune

20. Thanks Corey Roth E-mail: coreyroth@gmail.com Twitter: @coreyroth Blog: www.dotnetmafia.com