Understand Code Access Security of SPS

最新推荐文章于 2024-04-17 16:22:40 发布

weixin_33788244

最新推荐文章于 2024-04-17 16:22:40 发布

阅读量101

点赞数

文章标签：数据库

博客介绍了代码访问安全通过一系列配置文件实现。涉及machine.config文件指定服务器上所有SharePoint服务站点继承的主设置，web.config文件定义额外信任级别。还提到Web部件在不同信任级别下对数据库和对象模型的访问情况，以及自定义策略文件的几种方法。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Code access security is implemented by a series of configuration files.

1. The first configuratin file of concern is machine.config located in C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG. This file specifies master settings that will be inherited by all SharePoint Services sites that run on the server.
    The following code shows the <securityPolicy> section of machine.config file associated with an installation of SPS.
    <securityPolicy>
        <trustLevel name="Full" policyFile="internal" />
        <trustLevel name="High" policyFile="web_hightrust.config" />
        <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
        <trustLevel name="Low" policyFile="web_lowtrust.config" />
        <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
    </securityPolicy>

2. In addition, web.config file has a <securityPolicy> section that defines two additional levels of trust known as WSS_Medium and WSS_Minimal. The following code shows a default settings.
    <securityPolicy>
      <trustLevel name="WSS_Medium" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\config\wss_mediumtrust.config" />
      <trustLevel name="WSS_Minimal" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\config\wss_minimaltrust.config" />
    </securityPolicy>

Web parts running under WSS_Minimal can not access any database server nor can they access the objects contained in the SharePoint object model.

3. Customize Policy Files
(1) Raise the trust level for all SharePoint Services sites by modifying the web.config file. Change the default settings of web.config from <trust level="WSS_Minimal" originUrl="" /> to
<trust level="WSS_Medium" orginUrl="" />
Now you set the trust level to WSS_Medium.

(2) The GAC grants the Full level of trust to web parts. So the second option is to deploy all of web parts into the GAC.
As a side note, you'll also have to restart IIS each time you recompile a web part into the GAC.
gacutil -i [assembly.dll], this command line is used to deploy a web part into the GAC.

(3) To Create your own custom policy file is the recommended best practice for production environments. However, this approach requires the most effort. You can refer to other documents if you are insterested in this method.