I created my custom assembly that has a simple HttpModule in it that I'd like to use in my Sharepojnt 2010 site.
I added my module to sharepoint site's web.config/system.webServer/modules section.
I then also copied my DLL directly to bin folder since that's how suual asp.net applications work. I got an exception about failed AspNetHostingPermission.
I copied the same DLL to _app_bin folder and it worked. My module did get initialized and was running.
I then added two permissions to my module class:
[AspNetHostingPermission(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)]
[AspNetHostingPermission(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
and also added these two to assembly
[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution = true)]
[assembly: AllowPartiallyTrustedCallers]
and strongly signed my assembly with a key I created.
Then I copied the DLL back to bin but it still didn't work. Copying it to _app_bin worked.
What do I have to do, to deploy my DLL directly to bin folder?
The problem you're running into is that SharePoint is using Code Access Security (CAS) to make it possible for really well educated Admins to make sure that they don't put their environment to unnecisary risk when adding functionallity to it.
The problem is then that even though CAS has been in .Net since the beginning nearly nobody has used it before SharePoint, so most developers don't know how to deal with it.
Everything in _app_bin is running with full trust, which explains why your dll works there.
Everything in bin is running with a lot less trust depending on the trust level specified in web.config (in fact this is also the one that specifies _app_bin has full trust, but thats common in all of the out of box trust levels).
In order to get your dll to work from bin (without changing trust level to full which is bad) you need to modify the policy file which the trust level is pointing to with the right xml for the right your dll need.
Adding the attributes don't help you directly, initially they in fact just makes the problem worse, because now your dll demands the rights even though it might not call anything which requires them.
Where the attributes help you is if you use WSPBuilder to build your WSP package for deploying to SharePoint (You're using a WSP right), then it'll look for security attributes and make the corresponding entries in manifest.xml which then get SharePoint to add the corresponding entries to the policy file on deployment.
In order for you attributes to work with WSPBuilder I think they have to be changed to SecurityAction.Demand though.
Related
When I publish a ClickOnce application, one of the references that is included in one of my projects is missing.
If I go to my project's Properties -> Application Files, this missing reference is not even listed here.
My bin/Release folder has an .exe.manifest file, and I noticed it that it is also missing from here.
However, when I build the project, the DLL is in fact copied to my bin/Release folder.
How can I ensure it also deploys this required dependency?
I finally found a solution for this problem and I hope it will solve your problem to.
In my case, I'm editing an old application at work which have multiple projects, but the main project and it's back end project are the most important here.
The back end is added in the References section of the main project.
In the back end, a third party dll was imported, but this dll requires 2 other dlls.
So those 3 dlls were added in the References section of the back end project.
At that point, one of the 2 other dlls was not showing in the Application Files section for ClickOnce.
I've come up with a couple of ways of fixing it, but the most elegant one was to add this dll in the Reference section of the main project.
As stated in How to: Specify Which Files Are Published by ClickOnce, change the Copy Local property value on the reference to True.
References to assemblies (.dll files) are designated as follows when you add the reference: If Copy Local is False, it is marked by default as a prerequisite assembly (Prerequisite (Auto)) that must be present in the GAC before the application is installed. If Copy Local is True, the assembly is marked by default as an application assembly (Include (Auto)) and will be copied into the application folder at installation. A COM reference will appear in the Application Files dialog box (as an .ocx file) only if its Isolated property is set to True. By default, it will be included.
I know is this an old question, but for anybody having similar issues. I think this is a cleaner way around the problem.
I had a similar issue and everything I did to get ClickOnce to deploy with the offending .dll failed.
Eventually, I had to deploy manually.
See walk-through here.
That worked for perfectly for me. But, for the life of me, I still wonder why that process can't be added to VS (I'm using 2017 community).
I've got a working hello-world like webpart for my SPS3.0
I can compile, pack and deploy it using VS2008, makecab.exe and stsadm. So I know the theory of deploying sharepoint webparts.
My problem:
After I inserted an additional .webpart file, an elements.xml and a feature.xml to deploy the .webpart file and get knowledge about adding features to my webpart, the deployed webpart is missing its safe control entry in the web.config.
But the dll can be found in the gac and my features are also deployed to the right folders.
I didn't change anything in my manifest.xml especially not in it's -tag, because it definitely worked before i added my additional feature files.
Can anybody help me? Should i provide you some code snippets?
Thanks Stefan
You can try WSPBuilder, it will automate and ease your deployment process.
As far as I can tell, you are trying to find out how to register your web part as a safe control without using any tools, etc. and also without admin rights. I think you will find this impossible since the safe control registration needs to happen in the web.config file and one way or another (WSP Builder, manually, script) this file needs to be modified. Only admins can do this as far as I know.
If you are deploying your solution package using stsadm -o deploysolution, be sure that you are either using the allcontenturls parameter or that the url parameter is pointing to the correct web application. Which parameter you use (and how) will determine which web.config file(s) will have the safe control settings from manifest.xml applied to them.
I recently upgraded my SharePoint development machine to VSeWSS 1.3 and have noticed a behavior that I didn't think existed before. I have two custom web parts that use several common assemblies, and both will live in the same site. I'm trying to create a third 'common' web part that copies these files to the Bin folder and adds safe control entries to web.config so I can remove one of the web part solutions, if needed, without crippling the other one.
With the prior version of VSeWSS I thought it only included assemblies in the manifest if you included them in the given Visual Studio project. I've removed the common assemblies from the two web part projects, but entries for them still end up in their solution manifests. Obviously the extensions are looking at the references for the web part and going by that, even if the file are in another directory alltogether.
Is there any way to tell the extensions to not add assembly entries to the manifest even if they are referenced in the project? Or is there a better way to separate the common code from the web parts that use it?
Yes you could prevent VSeWSS from deploying assemblies. Just select the assembly in the list of referenced assemblies in you VS project and look at its properties. There you can find the option "LocalCopy", which you have set to false to prevent the assembly from being deployed.
As stated here custom field types (and any dlls they have a reference to?) must be deployed to the global assembly cache. Why, and what problems may arise by deploying to the bin directory? I’m trying to secure my code by writing CAS-policies and since my field controls uses a lot of help methods shared by my other code this seems like a show stopper.
So far the only problem I’ve found with a bin deployment is that when the feature is deactivated and then reactivated with STSADM I get an error message stating that my field type is not installed properly. Using the –force switch or activating through the GUI seems to be working just fine.
custom fields are installed farm wide, if you deploy the dll to the bin directory, you must ensure that they are in all web application's bin directories.
I forgot to put one of the interfaces my field type implemented in the GAC, which caused the problem I described above.
Conclusion:
Custom field types can reference dll:s in the bin directory, as long as they are not required to create the object.
What files can we modify so that our solution is still supported by Microsoft?
Is it allowed to customize error pages?
Can we modify the web.config files to use custom HTTPHandlers?
You can certainly edit the web.config file for your sites. The one thing that you should be aware of, however, is that when you start editing files manually on the file system, you will have to remember to manually make those changes across all servers in the farm (assuming a farm exists). In addition to this, when you edit files in the 12 hive, it's important to understand that you will be making a change to all SharePoint sites hosted on the server(s) for which the files were edited.
Personally, if I were going to create a custom error page, I would simply add a <customErrors> section to my web.config. I avoid editing any existing files in the 12 hive, but I have added files (though it's rare).
The customization of the error page is not very easy (or flexible). You can see an example here:
http://blogs.msdn.com/jingmeili/archive/2007/04/08/how-to-create-your-own-custom-404-error-page-and-handle-redirect-in-sharepoint-2007-moss.aspx
The web.config can be changed. I used my own HttpModules in addition to the original ones, but I haven't used custom HttpHandlers. IMO it should work if you don't change the original handler (i.e. if you add your handler for a specific type of file not handled by SP).
do not modify any pre-installed files in the 12 hive (Program Files\Common Files\Microsoft Shared\Web Server Extensions\12)... a service pack may update and overwrite any changes.
Anything in the Content Database (Masterpage, Stylesheets list in ~Catalogs) is available to modify (I would add, instead of update, in case a service pack changes anything) as it sits atop the file system, and is instantly available to any members of the web farm (newly added servers).
Any custom features, added to the 12 hive in the features folder, in a custom/non-microsoft folder (that is, inside the 12\feature folder, do not modify any preinstalled files, but feel free to add a folder for your feature and work within).
Custom features can be developed using the Visual Studio Extensions (VSeWSS), currently available for Visual Studio 2005/2008... benefit being that the output is a feature package (.WSP file) which is designed to be portable across SharePoint. Additionally, the .WSP files are just CAB files with a different extension, offering the ability to be explored by simply renaming them.
For site definitions, Microsoft has a good article about what is supported and unsupported. In short, the only change you can make to the out-of-the-box site definitions is changing the entry in the webtemp.xml file to hidden in order to prevent the site definition from appearing in the site template list. This is something many may be interested in doing.
You may also, of course, copy existing definitions and rename them in order to create new ones.
The complete list of supported and unsupported scenarios for working with custom site definitions can be found here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;898631
Here is the closest I can find to a official response from Microsoft:
http://technet.microsoft.com/en-us/library/cc263010.aspx