Monday, September 08, 2008

Silverlight web part - Code Access Security and Startup Permissions

I built a web part based upon the Silverlight 2 beta 2 guidance and encountered an interesting situation. If a user that did not have administrative privileges on the web server was the first to browse the portal hosting the web part, the user would simply receive a 403 (Forbidden) error page.

I had been working with a web part installer based upon the SharePoint Solution Installer (an excellent project to simplify installation of web part packages), and my WSP specified a custom code access security policy. Additionally, my web part referenced Enterprise Library 4.0 assemblies that I had built and signed. So my troubleshooting initially focused around the following:
  • Changing the custom code access security policy to grant unrestricted access to the web part (no effect);
  • Changing the trust level for the entire WSS site to Full (no effect);
  • Registering the Ent Lib assemblies via InstallUtil (no effect);
  • Adding the Ent Lib assemblies to the GAC (they were running in bin before--no effect);
  • Removing all reference to Ent Lib from my web part assembly (no effect).
Finally, I added System.Web.Silverlight.dll to the GAC, and voila--the site started working. I backed out all other changes and it continued working.

In case it helps, I believe this is the minimal CAS policy for a web part that hosts an application via Silverlight:

<PermissionSet Name="Web Part Permission Set" class="NamedPermissionSet" version="1" Description="Permission set for Silverlight-hosting web part">
<IPermission class="AspNetHostingPermission" version="1" Level="Medium" />
<IPermission class="SecurityPermission" version="1" Flags="Execution" />
<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
version="1" ObjectModel="True" />
<Assembly Name="My.WebPart" Version="" PublicKeyBlob="---insert long encoded public key blob extracted with sn -Tp here ---" />

No comments:

Post a Comment