Adding custom Code Access Security (CAS) policy in SharePoint


While writing some code behind (aside) for our custom SharePoint pages, we often run into the Security Exception error after placing the dlls in the bin folder in the site’s virtual directory. This is because of the trust level provided to the dlls and we fix it by simply changing the trust level to full in the web.config file. Even though it fixes the issue it opens up a security whole in your application by providing access to all the dlls to execute. The best way is to create our own custom policy file and hooking it up in the web.config file. Follow the below steps to create you own CAS policy.

1. Open the 12 hive and navigate to the config folder.

2. Copy the contents of the wss_mediumtrus.config to another file with your custom name custom_policy.config.

3. Now create your code group and add your dll with PermissionSetName set to FullTrust. Add all your dlls in the same way in the file. Below is a part of my custom policy file with codegroups defined for the dlls.

<CodeGroup version="1" PermissionSetName="FullTrust">
<IMembershipCondition version="1" Url="$AppDirUrl$/bin/App_Web_activation.aspx.cdcab7d2.dll"/>
</CodeGroup>

<CodeGroup version="1" PermissionSetName="FullTrust">
<IMembershipCondition version="1" Url="$AppDirUrl$/bin/App_Web_registration.aspx.cdcab7d2.dll"/>
</CodeGroup>

<CodeGroup version="1" PermissionSetName="FullTrust">
<IMembershipCondition version="1" Url="$AppDirUrl$/bin/App_Web_fpassword.aspx.cdcab7d2.dll"/>
</CodeGroup>

<CodeGroup version="1" PermissionSetName="FullTrust">
<IMembershipCondition version="1" Url="$AppDirUrl$/bin/App_Web_myaccount.aspx.cdcab7d2.dll"/>
</CodeGroup>

<CodeGroup version="1" PermissionSetName="FullTrust">
<IMembershipCondition version="1" Url="$AppDirUrl$/bin/App_Web_myprofile.aspx.cdcab7d2.dll"/>
</CodeGroup>

<CodeGroup version="1" PermissionSetName="FullTrust">
<IMembershipCondition version="1" Url="$AppDirUrl$/bin/App_Web_purchasehistory.aspx.cdcab7d2.dll"/>
</CodeGroup>

<CodeGroup version="1" PermissionSetName="FullTrust">
<IMembershipCondition version="1" Url="$AppDirUrl$/_app_bin/*">
</CodeGroup>

4. Navigate to your site’s virtual directory and open the web.config file.

5. Add the custom policy file as follows.

<securityPolicy>
<trustLevel name="WSS_Medium" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_mediumtrust.config" />
<trustLevel name="WSS_Minimal" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_minimaltrust.config" />
<trustLevel name="Custom_Minimal" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\Custom_minimal.config" />
</securityPolicy>

6. Set the trustlevel to point to your custom policy.

<trust level="Custom_Minimal" originUrl="" />

7. Do an IISRESET.

As simple as that :). Note that i’ve specified each and every dll separately in the policy file. If you want all the dlls in the bin folder to be added in the policy simply give it as bin/* in the code group.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s