locked
Web Part calling HTTP RRS feed

  • Question

  • I am trying to make an HTTP call (external to the SharePoint server) which returns XML data.  When I put this into a Web Part, I get the following error:
        
    The "MinimalPart" Web Part appears to be causing a problem. Request for the permission of type 'System.Net.WebPermission,     System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    Web Parts Maintenance Page: If you have permission, you can use this page to temporarily close Web Parts or remove personal settings. For more information, contact your site administrator.


    If I change trust level = 'Full' in the web.config, it works.   This seems like very bad practice and I want to be able to set this up as securly as possible.  Can anyone help me?

    Thanks
     
    Wednesday, February 25, 2009 8:17 PM

Answers

  •  Microsoft has three possible scenarios to fix this solution:
    1. Run your site in Full Trust. (which you did)
    2. Put the webpart in the GAC.
    3. Create your own Custom Code Access Security Policy.


    But, if you require a secure solution then you will need to create a custom security policy file.

    1. First, goto the CONFIG folder in your 12 Hive.  There you will see the two standard security config files:
    wss_mediumtrust.config and wss_minimaltrust.config. 

    2. copy the WSS_Minimal policy file stored at "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_minimaltrust.config"

    3. rename to MyCustomPolicy_Minimal.config

    4. open and added the following entries under the code group section:

    5.First, locate the NamedPermissionSets section.  At the bottom of this section, add the following:

    <PermissionSet class="NamedPermissionSet" version="1" Description="Permission set for my control" Name="MyCustomPermissionSet">
    <IPermission class="AspNetHostingPermission" version="1" Level="Unrestricted" />
    <IPermission class="SecurityPermission" version="1" Flags="Execution,ControlThread,UnmanagedCode,ControlPrincipal" />
    <IPermission class="System.Security.Permissions.EnvironmentPermission" version="1" Unrestricted="true" />
    <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" UnsafeSaveOnGet="True" />
    <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Unrestricted="true" />
    </PermissionSet>

    6. In the config file, find the CodeGroup tags.  There may be a few of them.  The first one will be something like:
    <CodeGroup class="FirstMatchCodeGroup" ... />.

    Below it are other CodeGroups.  We are going to add a new CodeGroup in this section for our assembly. 

    So copy the following code:

    <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="MyCustomPermissionSet">
    <IMembershipCondition class="UrlMembershipCondition" version="1" Url="$AppDirUrl$/bin/MyCustomAssembly1.dll" />
    </CodeGroup>

    Paste this just after the FirstMatchCodeGroup CodeGroup.  This is important that you paste it after the "FirstMatchCodeGroup" since all of the other CodeGroups are "UnionCodeGroups".  This is worth noting because depending on the type of UnionCodeGroup, its criteria may be broad enough to encompass your new assembly and once it is accepted by a CodeGroup it stops looking.  So if you put your new CodeGroup last, odds are that your changes will never be seen.  So, make sure it's the first CodeGroup. 

    7. Save your config file cause we're done with it.
     
    8. In the web.config, add

    <trustLevel name="MyCustomPolicy_Minimal" policyFile=" C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\ MyCustomPolicy_Minimal.config" />

    to the securityPolicy section and change
     
    <trust level="Full" originUrl="" />

    To

    <trust level="MyCustomPolicy_Minimal" originUrl="" />

    9. Save the web.config and do issreset





    • Proposed as answer by Dhirendra Yadav Thursday, February 26, 2009 10:15 AM
    • Marked as answer by adnarimtian Thursday, February 26, 2009 10:36 PM
    Thursday, February 26, 2009 9:52 AM

All replies

  •  Microsoft has three possible scenarios to fix this solution:
    1. Run your site in Full Trust. (which you did)
    2. Put the webpart in the GAC.
    3. Create your own Custom Code Access Security Policy.


    But, if you require a secure solution then you will need to create a custom security policy file.

    1. First, goto the CONFIG folder in your 12 Hive.  There you will see the two standard security config files:
    wss_mediumtrust.config and wss_minimaltrust.config. 

    2. copy the WSS_Minimal policy file stored at "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_minimaltrust.config"

    3. rename to MyCustomPolicy_Minimal.config

    4. open and added the following entries under the code group section:

    5.First, locate the NamedPermissionSets section.  At the bottom of this section, add the following:

    <PermissionSet class="NamedPermissionSet" version="1" Description="Permission set for my control" Name="MyCustomPermissionSet">
    <IPermission class="AspNetHostingPermission" version="1" Level="Unrestricted" />
    <IPermission class="SecurityPermission" version="1" Flags="Execution,ControlThread,UnmanagedCode,ControlPrincipal" />
    <IPermission class="System.Security.Permissions.EnvironmentPermission" version="1" Unrestricted="true" />
    <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" UnsafeSaveOnGet="True" />
    <IPermission class="System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Unrestricted="true" />
    </PermissionSet>

    6. In the config file, find the CodeGroup tags.  There may be a few of them.  The first one will be something like:
    <CodeGroup class="FirstMatchCodeGroup" ... />.

    Below it are other CodeGroups.  We are going to add a new CodeGroup in this section for our assembly. 

    So copy the following code:

    <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="MyCustomPermissionSet">
    <IMembershipCondition class="UrlMembershipCondition" version="1" Url="$AppDirUrl$/bin/MyCustomAssembly1.dll" />
    </CodeGroup>

    Paste this just after the FirstMatchCodeGroup CodeGroup.  This is important that you paste it after the "FirstMatchCodeGroup" since all of the other CodeGroups are "UnionCodeGroups".  This is worth noting because depending on the type of UnionCodeGroup, its criteria may be broad enough to encompass your new assembly and once it is accepted by a CodeGroup it stops looking.  So if you put your new CodeGroup last, odds are that your changes will never be seen.  So, make sure it's the first CodeGroup. 

    7. Save your config file cause we're done with it.
     
    8. In the web.config, add

    <trustLevel name="MyCustomPolicy_Minimal" policyFile=" C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\ MyCustomPolicy_Minimal.config" />

    to the securityPolicy section and change
     
    <trust level="Full" originUrl="" />

    To

    <trust level="MyCustomPolicy_Minimal" originUrl="" />

    9. Save the web.config and do issreset





    • Proposed as answer by Dhirendra Yadav Thursday, February 26, 2009 10:15 AM
    • Marked as answer by adnarimtian Thursday, February 26, 2009 10:36 PM
    Thursday, February 26, 2009 9:52 AM
  • Thanks for your help.  The CAS solution will work perfectly for me!
    Thursday, February 26, 2009 10:37 PM