将 Dynamics CRM 与 Sharepoint ASCX 集成安全异常问题
我有一个 ASCX 控件(此解决方案中未使用 WebParts),它通过 Microsoft.Crm.Sdk
和 Microsoft.Crm.SdkTypeProxy
。
该解决方案在部署到 Sharepoint 之前一直有效。
最初我收到以下错误:
[SecurityException: That assembly does not allow partially trusted callers.]
MyApp.SharePoint.Web.Applications.MyAppUtilities.RefreshUserFromCrm(String login) +0
MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +30
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
然后我尝试使用 SPSecurity.RunWithElevatedPrivileges 将调用代码包装在 ASCX 中:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// FBA user may not exist yet or require refreshing
MyAppUtilities.RefreshUserFromCrm(txtUser.Text);
});
但这导致了以下错误(我认为 RunWithElevatedPrivileges 无论如何都不适合这种事情,但有人建议这样做) :
[SecurityException: Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' failed.]
MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +0
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
当我将 Sharepoint 站点中的信任级别提升到完全时,一切正常,但我需要提出一个使用最小信任(或自定义最小信任)的解决方案。我还试图避免向 GAC 中添加任何内容。有什么想法吗?
我假设尝试从 Microsoft.Crm.*
调用功能时会出现此问题。
I've an ASCX control (WebParts aren't used in this solution) which interrogates CRM 4's data via the API provided by Microsoft.Crm.Sdk
and Microsoft.Crm.SdkTypeProxy
.
The solution works until it's deployed to Sharepoint.
Initially I received the following error:
[SecurityException: That assembly does not allow partially trusted callers.]
MyApp.SharePoint.Web.Applications.MyAppUtilities.RefreshUserFromCrm(String login) +0
MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +30
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
Then I tried wrapping the calling code in the ASCX with SPSecurity.RunWithElevatedPrivileges:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// FBA user may not exist yet or require refreshing
MyAppUtilities.RefreshUserFromCrm(txtUser.Text);
});
But this resulted in the following error (I'm thinking RunWithElevatedPrivileges isn't for this sort of thing anyway, but someone suggested it):
[SecurityException: Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' failed.]
MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +0
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
When I elevate the trust level in the Sharepoint site to full everything works fine, however I need to come up with a solution that uses minimal trust (or a customised minimal trust). I'm also trying to stay clear of adding anything to the GAC. Any ideas?
I assume the issue is occuring when trying to call functionality from Microsoft.Crm.*
.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我会使用 GAC。
我明白你来自哪里。当我第一次开始 SharePoint 开发时,我试图避免使用 GAC。但这确实是必经之路。
将以下内容添加到解决方案包的 Manifest.xml 中:
然后使用以下方式部署包:
如果您仍想远离 GAC,则可以尝试将以下内容添加到 AssemblyInfo.cs 中:
但如果您随后要调用DLL(如 Microsoft.Crm),如果这些 DLL 不允许部分受信任的调用者,那么您就会陷入困境。
此外,如果您还没有这样做,您可能需要 创建自定义策略文件。手动创建和注册自定义策略文件授予的权限过于广泛,最终说服我转向 GAC。从那以后就没有回头过。
I would use the GAC.
I understand where you are coming from. I tried to avoid using the GAC when I first started with SharePoint development. But it's really the way to go.
Add the following into the manifest.xml of your solution package:
And then deploy your package using:
If you still want to stay out of the GAC, you can try adding the following to AssemblyInfo.cs:
But if you are then going to call DLLs (like Microsoft.Crm) and if those DLLs don't allow Partially Trusted Callers, then you are stuck.
In addition, if you haven't already, you will probably need to create a custom policy file. It was the manual creation and registration of a custom policy file that granted privileges too broadly that finally convinced me to move to the GAC. Haven't looked back since.
Microsoft.Crm.Sdk 中的哪个方法准确地抛出 SecurityException?查一下MSDN,看看调用需要什么权限。
关于RunWithElevatedPrivileges,可以查看文档 它需要
并且评论中的用户提供了 CAS 权限集的示例来启用这些权限:
否则,如果程序集不完全受信任,则您没有必要的权限来调用代码。 Microsoft.Crm.Sdk 中的某些方法可能也是如此
Which method from Microsoft.Crm.Sdk exactly throws SecurityException? Check on MSDN and see what permissions does it need to be called.
Regarding to RunWithElevatedPrivileges, you can see from documentation that it needs
And the user in comments provided an example of CAS permission set to enable those permissions:
Otherwise you don't have necessary permissions to call the code if assembly is not fully trusted. The same probably goes with some method from Microsoft.Crm.Sdk