Webpart security

If the webpart need to access Sharepoint server info, there are 3 options when deploying the webpart in security context:

  1. Deploy to GAC, and no other settings need to be changed. Downside: need to recycle application pool when upgrade; webpart will be available to all sites in same server.
  2. Deploy to \Bin, and change trust level in web.config to at least WSS_Medium. Downside: this grant the whole ASP.NET application higher access rights. This is very convinient in development stage.
  3. Deploy to \Bin, and change trust level in web.config to wss_custom, then change/add the config file in \Program Files\Common Files\Microsoft Shared\web server extensions\12\config. This is safer because it only grant access to specified webparts. Recommended for production environment.

In any case, the webpart need to be signed (obviously) and marked as ‘SafeControl’ in web.config file.

If the webpart doesn’t need to access server resource, only need to mark it as SafeControl in web.config and add this line:

[assembly: AllowPartiallyTrustedCallers]

to the source file.

This entry was posted in Security, Webpart and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s