none
Sharepoint permission issue

    Question

  • I have deployed a web service interacts with the sharepoint server on the server in default web root folder c:\inetpub\wwwroot\<webservicename>

     

    while running the below code in the webmethod, i am able to create SPSite object and SPWeb object but when i try to get a file from the sharepoint site it is throwing me security error.

     

    SPSite site = new SPSite(<sitecollection>);
    SPWeb web = site.OpenWeb(<subsite>);
    SPFile viperDocument = web.GetFile(folderPath + "\\" + fileName);
    Stream viperDocumentStream = viperDocument.OpenBinaryStream();

     

    I have checked CAS and provided the WSS_Medium permission to have permission on the object model. Could anyone help me what i am missing in the configuration?

     

     

    System.Security.SecurityException: Request for ConfigurationPermission failed while attempting to access configuration section 'system.web/authentication'. To allow all callers to access the data for this section, set section attribute 'requirePermission' equal 'false' in the configuration file where this section is declared. ---> System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed. at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.CodeAccessPermission.Demand() at System.Configuration.BaseConfigurationRecord.CheckPermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca) The action that failed was: Demand The type of the first permission that failed was: System.Configuration.ConfigurationPermission The first permission that failed was: <IPermission class="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Unrestricted="true"/> The demand was for: <IPermission class="System.Configuration.ConfigurationPermission, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Unrestricted="true"/> The granted set of the failing assembly was: <PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME"/> <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="c:\inetpub\wwwroot\ViperDMSTest" Write="c:\inetpub\wwwroot\ViperDMSTest" Append="c:\inetpub\wwwroot\ViperDMSTest" PathDiscovery="c:\inetpub\wwwroot\ViperDMSTest"/> <IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807"/> <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration"/> <IPermission class="System.Security.Permissions.UrlIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Url="file:///c:/inetpub/wwwroot/ViperDMSTest/bin/App_Code.DLL"/> <IPermission class="System.Security.Permissions.ZoneIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Zone="MyComputer"/> <IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Level="Medium"/> <IPermission class="System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true"/> <IPermission class="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Level="DefaultPrinting"/> <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True"/> <IPermission class="System.Net.Mail.SmtpPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Access="Connect"/> <IPermission class="System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true"/> <IPermission class="Microsoft.SharePoint.Security.WebPartPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" Connections="True"/> <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"> <ConnectAccess> <URI uri=""/> </ConnectAccess> </IPermission> </PermissionSet> The assembly or AppDomain that failed was: App_Code, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null The method that caused the failure was: System.String DownloadTest(System.String, System.String, System.String) The Zone of the assembly that failed was: MyComputer The Url of the assembly that failed was: file:///c:/inetpub/wwwroot/ViperDMSTest/bin/App_Code.DLL --- End of inner exception stack trace --- at System.Configuration.BaseConfigurationRecord.CheckPermissionAllowed(String configKey, Boolean requirePermission, Boolean isTrustedWithoutAptca) at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) at System.Configuration.BaseConfigurationRecord.GetSection(String configKey, Boolean getLkg, Boolean checkPermission) at System.Configuration.BaseConfigurationRecord.GetSection(String configKey) at System.Web.Configuration.WebConfigurationManager.GetSection(String sectionName, String path) at Microsoft.SharePoint.SPSecurity.<InitWebConfig>b__0() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.InitWebConfig() at Microsoft.SharePoint.SPSecurity.get_AuthenticationMode() at Microsoft.SharePoint.SPSecurity.GetRolesForUser(UInt32& roleCount, String& roles) at Microsoft.SharePoint.SPSecurity.GetRolesForUser() at Microsoft.SharePoint.SPGlobal.CreateSPRequestAndSetIdentity(Boolean bNotGlobalAdminCode, String strUrl, Boolean bNotAddToContext, Byte[] UserToken, Boolean bIgnoreTokenTimeout, Boolean bAsAnonymous) at Microsoft.SharePoint.SPWeb.InitializeSPRequest() at Microsoft.SharePoint.SPWeb.EnsureSPRequest() at Microsoft.SharePoint.SPWeb.get_Request() at Microsoft.SharePoint.SPFile.GetFileStream() at Microsoft.SharePoint.SPFile.OpenBinaryStream() at DMSSharepointService.DownloadTest(String connectToSP, String folderPath, String fileName) The Zone of the assembly that failed was: MyComputer
    Wednesday, March 19, 2008 11:55 AM

Answers

  • I guess the quick solution to this problem is to set the trust to Full in your web.config...

     

        <trust level="Full" originUrl="" />

    otherwise add your DLL to the GAC.

     

    --Vince

    http://blog.thekid.me.uk

     

     

    Wednesday, March 19, 2008 12:36 PM
  • Where did you deploy your web service exactly??


    Normally web services are deployed so you can access the like this:

    http://MyServer/_vti_bin/MyCustomWebService.asmx

    By doing so, the web service code will automatically use the callers identity to access SharePoint data.

     

    There is an article describing all the steps you need to go through to accomplish this:

    http://msdn2.microsoft.com/en-us/library/ms464040.aspx

     

    mvg

    Jan

    Wednesday, March 19, 2008 12:39 PM
  • To be honest CAS is one of the areas I try to avoid. I have always found writing a CAS policy confusing and occasionally impossible (try using LoadControl() in a CAS controlled SharePoint assembly).

     

    Full trust is the same as having the DLL in the GAC, not recommended for live but fine for development if your DLL will ultimately live in the GAC.

     

    WSS_Medium is just another custom CAS policy defined by SharePoint, personally I have never found a use for it and so cannot tell you what it gives you.

     

    --Vince

     

    http://blog.thekid.me.uk

     

     

    Wednesday, March 19, 2008 2:31 PM

All replies

  • I guess the quick solution to this problem is to set the trust to Full in your web.config...

     

        <trust level="Full" originUrl="" />

    otherwise add your DLL to the GAC.

     

    --Vince

    http://blog.thekid.me.uk

     

     

    Wednesday, March 19, 2008 12:36 PM
  • Where did you deploy your web service exactly??


    Normally web services are deployed so you can access the like this:

    http://MyServer/_vti_bin/MyCustomWebService.asmx

    By doing so, the web service code will automatically use the callers identity to access SharePoint data.

     

    There is an article describing all the steps you need to go through to accomplish this:

    http://msdn2.microsoft.com/en-us/library/ms464040.aspx

     

    mvg

    Jan

    Wednesday, March 19, 2008 12:39 PM
  • It worked. Thanks you very much.

     

    what are the differentiating factors between WSS_Medium and Full trust levels.

    With trust level WSS_Medium the process should be having the access to the Object Model right.

    What are the other factors that are different.

    Wednesday, March 19, 2008 1:20 PM
  •  

    Where did you deploy your web service exactly??

     

     

    we have deployed the web service in web root folder c:\inetpub\wwwroot


    Normally web services are deployed so you can access the like this:

    http://MyServer/_vti_bin/MyCustomWebService.asmx

    By doing so, the web service code will automatically use the callers identity to access SharePoint data.

     

     

    I didn't tried deploying the web service at http://myserver/_vti_bin and i will try to deploy in the server bin and see the results. Is CAS different when we deploy http://myserver/_vti_bin path?

     

    There is an article describing all the steps you need to go through to accomplish this:

    http://msdn2.microsoft.com/en-us/library/ms464040.aspx

     

    Thank you so much for the quick reply.

    Wednesday, March 19, 2008 1:28 PM
  • To be honest CAS is one of the areas I try to avoid. I have always found writing a CAS policy confusing and occasionally impossible (try using LoadControl() in a CAS controlled SharePoint assembly).

     

    Full trust is the same as having the DLL in the GAC, not recommended for live but fine for development if your DLL will ultimately live in the GAC.

     

    WSS_Medium is just another custom CAS policy defined by SharePoint, personally I have never found a use for it and so cannot tell you what it gives you.

     

    --Vince

     

    http://blog.thekid.me.uk

     

     

    Wednesday, March 19, 2008 2:31 PM