将 Dynamics CRM 与 Sharepoint ASCX 集成安全异常问题

发布于 2024-08-28 01:28:18 字数 1417 浏览 7 评论 0原文

我有一个 ASCX 控件(此解决方案中未使用 WebParts),它通过 Microsoft.Crm.SdkMicrosoft.Crm.SdkTypeProxy

该解决方案在部署到 Sharepoint 之前一直有效。

最初我收到以下错误:

[SecurityException: That assembly does not allow partially trusted callers.]
   MyApp.SharePoint.Web.Applications.MyAppUtilities.RefreshUserFromCrm(String login) +0
   MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +30
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111

然后我尝试使用 SPSecurity.RunWithElevatedPrivileges 将调用代码包装在 ASCX 中:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
   // FBA user may not exist yet or require refreshing
   MyAppUtilities.RefreshUserFromCrm(txtUser.Text);
});

但这导致了以下错误(我认为 RunWithElevatedPrivileges 无论如何都不适合这种事情,但有人建议这样做) :

[SecurityException: Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' failed.]
   MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +0
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111

当我将 Sharepoint 站点中的信任级别提升到完全时,一切正常,但我需要提出一个使用最小信任(或自定义最小信任)的解决方案。我还试图避免向 GAC 中添加任何内容。有什么想法吗?

我假设尝试从 Microsoft.Crm.* 调用功能时会出现此问题。

I've an ASCX control (WebParts aren't used in this solution) which interrogates CRM 4's data via the API provided by Microsoft.Crm.Sdk and Microsoft.Crm.SdkTypeProxy.

The solution works until it's deployed to Sharepoint.

Initially I received the following error:

[SecurityException: That assembly does not allow partially trusted callers.]
   MyApp.SharePoint.Web.Applications.MyAppUtilities.RefreshUserFromCrm(String login) +0
   MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +30
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111

Then I tried wrapping the calling code in the ASCX with SPSecurity.RunWithElevatedPrivileges:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
   // FBA user may not exist yet or require refreshing
   MyAppUtilities.RefreshUserFromCrm(txtUser.Text);
});

But this resulted in the following error (I'm thinking RunWithElevatedPrivileges isn't for this sort of thing anyway, but someone suggested it):

[SecurityException: Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' failed.]
   MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +0
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111

When I elevate the trust level in the Sharepoint site to full everything works fine, however I need to come up with a solution that uses minimal trust (or a customised minimal trust). I'm also trying to stay clear of adding anything to the GAC. Any ideas?

I assume the issue is occuring when trying to call functionality from Microsoft.Crm.*.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

烧了回忆取暖 2024-09-04 01:28:18

我会使用 GAC。

我明白你来自哪里。当我第一次开始 SharePoint 开发时,我试图避免使用 GAC。但这确实是必经之路。

将以下内容添加到解决方案包的 Manifest.xml 中:

<Assemblies>
    <Assembly Location="MyApp.SharePoint.Web.Applications.dll" DeploymentTarget="GlobalAssemblyCache" />
</Assemblies>

然后使用以下方式部署包:

stsadm.exe -o deploysolution -name MyApp.wsp -immediate -allowgacdeployment -force

如果您仍想远离 GAC,则可以尝试将以下内容添加到 AssemblyInfo.cs 中:

[assembly: AllowPartiallyTrustedCallers]

但如果您随后要调用DLL(如 Microsoft.Crm),如果这些 DLL 不允许部分受信任的调用者,那么您就会陷入困境。

此外,如果您还没有这样做,您可能需要 创建自定义策略文件。手动创建和注册自定义策略文件授予的权限过于广泛,最终说服我转向 GAC。从那以后就没有回头过。

I would use the GAC.

I understand where you are coming from. I tried to avoid using the GAC when I first started with SharePoint development. But it's really the way to go.

Add the following into the manifest.xml of your solution package:

<Assemblies>
    <Assembly Location="MyApp.SharePoint.Web.Applications.dll" DeploymentTarget="GlobalAssemblyCache" />
</Assemblies>

And then deploy your package using:

stsadm.exe -o deploysolution -name MyApp.wsp -immediate -allowgacdeployment -force

If you still want to stay out of the GAC, you can try adding the following to AssemblyInfo.cs:

[assembly: AllowPartiallyTrustedCallers]

But if you are then going to call DLLs (like Microsoft.Crm) and if those DLLs don't allow Partially Trusted Callers, then you are stuck.

In addition, if you haven't already, you will probably need to create a custom policy file. It was the manual creation and registration of a custom policy file that granted privileges too broadly that finally convinced me to move to the GAC. Haven't looked back since.

暮光沉寂 2024-09-04 01:28:18

Microsoft.Crm.Sdk 中的哪个方法准确地抛出 SecurityException?查一下MSDN,看看调用需要什么权限。

关于RunWithElevatedPrivileges,可以查看文档 它需要

[SharePointPermissionAttribute(SecurityAction.Demand, Impersonate=true)] 
[SharePointPermissionAttribute(SecurityAction.Demand, ObjectModel=true)] 

并且评论中的用户提供了 CAS 权限集的示例来启用这些权限:

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration, UnmanagedCode" />
<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" UnsafeSaveOnGet="True"/>

否则,如果程序集不完全受信任,则您没有必要的权限来调用代码。 Microsoft.Crm.Sdk 中的某些方法可能也是如此

Which method from Microsoft.Crm.Sdk exactly throws SecurityException? Check on MSDN and see what permissions does it need to be called.

Regarding to RunWithElevatedPrivileges, you can see from documentation that it needs

[SharePointPermissionAttribute(SecurityAction.Demand, Impersonate=true)] 
[SharePointPermissionAttribute(SecurityAction.Demand, ObjectModel=true)] 

And the user in comments provided an example of CAS permission set to enable those permissions:

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Assertion, Execution, ControlThread, ControlPrincipal, RemotingConfiguration, UnmanagedCode" />
<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" Impersonate="True" UnsafeSaveOnGet="True"/>

Otherwise you don't have necessary permissions to call the code if assembly is not fully trusted. The same probably goes with some method from Microsoft.Crm.Sdk

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文