Installing SharePoint web part dll files in GAC can cause
some security implications. By default all the web parts will be installed in
the GAC with full trusts. We can install web parts in web application dedicated
bin folder. Web parts in bin folder will run in partial trust and will have
only limited access to the bin folder.
If web part needs additional permission levels, we need to
create custom CAS policies with permissions. By adding custom policies we can
make the code to run in full trust and all the code will run with full trust without
depending on the location where it installed.
Code accessibility Security (CAS) is a policy that limits
the access to an assembly, System resources and operations. By default SharePoint
will have built-in policies from ASP.NET, it will use minimal set of permissions
to protect the server and infrastructure from vulnerable code. If web part
needs greater access will have minimal settings and there are number of ways that we can increase the permissions of
the web part by creating custom CAS policy and increasing the overall trust
level for the server farm in the web.config.
We can have WSS_UserCode, WSS_Minimal, WSS_Medium Built-In
security settings in SharePoint foundation inheriting from ASP.NET trust levels.
By default this built-in SharePoint Foundation policy files located in %ProgramFiles%\Common
Files\Microsoft Shared\web server extensions\14\CONFIG directory named
wss_usercode.config, wss_minimaltrust.config and wss_mediumtrust.config.
By default SharePoint foundation will have WSS_Minimal trust
level. This will supports all the permissions in the ASP.NET minimal trust.
WSS_Minimal policy will restrict accessing all the web parts from advanced
operations. WSS_Medium level allows
accesing SharePoin object model and file operations. This will also allows to
access to environment variables.
We can check security policies in web.config file as
<securityPolicy>
<trustLevel name="WSS_Medium"
policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server
Extensions\14\config\wss_mediumtrust.config" />
<trustLevel name="WSS_Minimal"
policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server
Extensions\14\config\wss_minimaltrust.config" />
</securityPolicy>
We can add custom files to SharePoint and add the tag to in
Security policy tag as
<trustLevel name="WSS_Custom"
policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server
Extensions\14\config\wss_custom_wss_minimaltrust.config" />
