代码访问安全策略问题 - 将第三方 dll 部署到 bin

发布于 2024-09-27 19:35:58 字数 7558 浏览 5 评论 0原文

好的,我想你们大多数人都使用 wspbuilder 来构建 wsp 解决方案并部署它。所以这是我的问题。

我正在开发一个 SharePoint 解决方案,该解决方案利用第三方 dll(Telerik for Asp.Net Ajax - Telerik.Web.UI.dll)来获得丰富的经验。由于 Telerik dll 是一个常见的程序集,我必须将其部署到 Web 应用程序的 bin 文件夹而不是 GAC。那么问题来了。

如果 dll 存在于 GAC 文件夹中,WSPBuilder 会自动将该 dll 部署到 gac。为了在 bin 中部署 telerik dll,我创建了文件夹 80\bin 并将 dll 复制到那里。我尝试再次构建 wsp,然后查看创建的 manifest.xml。伟大的。 dll 的部署目标更改为 WebApplication,并且 wspbuilder 很聪明地自行创建了 cas 策略。

<CodeAccessSecurity>
        <PolicyItem>
            <PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated permissionSet" Name="Telerik.Web.UI4a48967c-0673-4c67-a176-ca7c72c30c4d">
                <IPermission class="PrintingPermission" version="1" Level="DefaultPrinting" />
                <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="SerializationFormatter" />
                <IPermission class="SharePointPermission" version="1" ObjectModel="True" />
                <IPermission class="EnvironmentPermission" version="1" Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
                <IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Level="Minimal" />
                <IPermission class="WebPartPermission" version="1" Connections="True" />
                <IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$" />
                <IPermission class="WebPermission" version="1">
                    <ConnectAccess>
                        <URI uri="$OriginHost$" />
                    </ConnectAccess>
                </IPermission>
                <IPermission class="IsolatedStorageFilePermission" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807" />
                <IPermission class="DnsPermission" version="1" Unrestricted="true" />
                <IPermission class="SmtpPermission" version="1" Access="Connect" />
                <IPermission class="SqlClientPermission" version="1" Unrestricted="true" />
            </PermissionSet>
            <Assemblies>
                <Assembly Name="Telerik.Web.UI" Version="2010.2.826.35" PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010069F31F753C891D9F7F9D1CD0B579F61977769A5A48E01247CC2481C8765613854C8DCB5101DD092D5075A7339B4E34D0C9BD417F54972C7554AE480D6B1BB17BE8C1527554644BBD352D9498B174EAFF1090A30E1F7C2C3073669CB3EFC7D9640E82049F5FDA08CA58072C14169091A0BC7092EB6DE9C2A249A3C80F7704E5CF" />
            </Assemblies>
        </PolicyItem>
    </CodeAccessSecurity>

但 Wspbuilder 不够聪明,无法放置 SharePointPermission IPermission 类的四个部分名称。但我了解到 CAS 实际上需要四个部分的名称。因此,我决定使用 wspbuilder.exe 的 -CustomCAS 命令行选项来传递我的自定义 cas 策略文件。

这是我的自定义策略文件 -

<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />

<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" UnsafeSaveOnGet="True" Unrestricted="True" />

<IPermission class="System.Security.Permissions.EnivronmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="UserName" />

因此,在构建 wsp 之后,manifest.xml 的 cas 部分阅读此内容 -

<CodeAccessSecurity>
        <PolicyItem>
            <PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated permissionSet" Name="Telerik.Web.UIa2cbae96-9c52-459e-80f6-3391af7775ae">
                <IPermission class="PrintingPermission" version="1" Level="DefaultPrinting" />
                <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="SerializationFormatter" />
                <IPermission class="SharePointPermission" version="1" ObjectModel="True" />
                <IPermission class="EnvironmentPermission" version="1" Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
                <IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Level="Minimal" />
                <IPermission class="WebPartPermission" version="1" Connections="True" />
                <IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$" />
                <IPermission class="WebPermission" version="1">
                    <ConnectAccess>
                        <URI uri="$OriginHost$" />
                    </ConnectAccess>
                </IPermission>
                <IPermission class="IsolatedStorageFilePermission" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807" />
                <IPermission class="DnsPermission" version="1" Unrestricted="true" />
                <IPermission class="SmtpPermission" version="1" Access="Connect" />
                <IPermission class="SqlClientPermission" version="1" Unrestricted="true" />
                <IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />

                <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />

                <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" UnsafeSaveOnGet="True" Unrestricted="True" />

                <IPermission class="System.Security.Permissions.EnivronmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="UserName" />
            </PermissionSet>
            <Assemblies>
                <Assembly Name="Telerik.Web.UI" Version="2010.2.826.35" PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010069F31F753C891D9F7F9D1CD0B579F61977769A5A48E01247CC2481C8765613854C8DCB5101DD092D5075A7339B4E34D0C9BD417F54972C7554AE480D6B1BB17BE8C1527554644BBD352D9498B174EAFF1090A30E1F7C2C3073669CB3EFC7D9640E82049F5FDA08CA58072C14169091A0BC7092EB6DE9C2A249A3C80F7704E5CF" />
            </Assemblies>
        </PolicyItem>
    </CodeAccessSecurity>

在我部署了 wsp 后,我进行了验证

* the dlls going to bin
* the trust level changed to custom trust level
* custom policy file being added to config folder

但是当我运行页面时,出现以下错误 -

屏幕截图 -

alt text

错误 -

执行权限被拒绝

堆栈跟踪 -

请告诉我您是否需要堆栈跟踪。它有点大得令人烦恼。

我已经检查了整个应用程序中是否有该 dll 的任何程序集引用。但我没能找到。有什么想法吗?

Okay, i think most of you guys out there use wspbuilder to build the wsp solutions and to deploy it. So here is my problem.

I'm working on a SharePoint solution which makes use of a third party dll (Telerik for Asp.Net Ajax - Telerik.Web.UI.dll) for rich experience. Since Telerik dll is a common assembly i have to deploy it to the bin folder of the webapplication instead of GAC. So here comes the problem.

WSPBuilder automatically deploys the dll to gac if the dll presents in the GAC folder. To deploy the telerik dll in bin i created the folder 80\bin and copied the dll there. I tried to build the wsp again and then went through the manifest.xml created. Great. The deployment target for the dll changed to WebApplication and wspbuilder was smart to create the cas policy itself.

<CodeAccessSecurity>
        <PolicyItem>
            <PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated permissionSet" Name="Telerik.Web.UI4a48967c-0673-4c67-a176-ca7c72c30c4d">
                <IPermission class="PrintingPermission" version="1" Level="DefaultPrinting" />
                <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="SerializationFormatter" />
                <IPermission class="SharePointPermission" version="1" ObjectModel="True" />
                <IPermission class="EnvironmentPermission" version="1" Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
                <IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Level="Minimal" />
                <IPermission class="WebPartPermission" version="1" Connections="True" />
                <IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$" />
                <IPermission class="WebPermission" version="1">
                    <ConnectAccess>
                        <URI uri="$OriginHost$" />
                    </ConnectAccess>
                </IPermission>
                <IPermission class="IsolatedStorageFilePermission" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807" />
                <IPermission class="DnsPermission" version="1" Unrestricted="true" />
                <IPermission class="SmtpPermission" version="1" Access="Connect" />
                <IPermission class="SqlClientPermission" version="1" Unrestricted="true" />
            </PermissionSet>
            <Assemblies>
                <Assembly Name="Telerik.Web.UI" Version="2010.2.826.35" PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010069F31F753C891D9F7F9D1CD0B579F61977769A5A48E01247CC2481C8765613854C8DCB5101DD092D5075A7339B4E34D0C9BD417F54972C7554AE480D6B1BB17BE8C1527554644BBD352D9498B174EAFF1090A30E1F7C2C3073669CB3EFC7D9640E82049F5FDA08CA58072C14169091A0BC7092EB6DE9C2A249A3C80F7704E5CF" />
            </Assemblies>
        </PolicyItem>
    </CodeAccessSecurity>

But Wspbuilder was not smart enough to put the four part name of SharePointPermission IPermission class. But i learnt that CAS actually requires the four part name. So i decided to make use of the -CustomCAS command line option of wspbuilder.exe to pass my custom cas policy file.

Here is my custom policy file -

<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />

<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" UnsafeSaveOnGet="True" Unrestricted="True" />

<IPermission class="System.Security.Permissions.EnivronmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="UserName" />

So after building the wsp the cas section of the manifest.xml read this -

<CodeAccessSecurity>
        <PolicyItem>
            <PermissionSet class="NamedPermissionSet" version="1" Description="WSPBuilder generated permissionSet" Name="Telerik.Web.UIa2cbae96-9c52-459e-80f6-3391af7775ae">
                <IPermission class="PrintingPermission" version="1" Level="DefaultPrinting" />
                <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="SerializationFormatter" />
                <IPermission class="SharePointPermission" version="1" ObjectModel="True" />
                <IPermission class="EnvironmentPermission" version="1" Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" />
                <IPermission class="System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Level="Minimal" />
                <IPermission class="WebPartPermission" version="1" Connections="True" />
                <IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$" />
                <IPermission class="WebPermission" version="1">
                    <ConnectAccess>
                        <URI uri="$OriginHost$" />
                    </ConnectAccess>
                </IPermission>
                <IPermission class="IsolatedStorageFilePermission" version="1" Allowed="AssemblyIsolationByUser" UserQuota="9223372036854775807" />
                <IPermission class="DnsPermission" version="1" Unrestricted="true" />
                <IPermission class="SmtpPermission" version="1" Access="Connect" />
                <IPermission class="SqlClientPermission" version="1" Unrestricted="true" />
                <IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />

                <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />

                <IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" UnsafeSaveOnGet="True" Unrestricted="True" />

                <IPermission class="System.Security.Permissions.EnivronmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Read="UserName" />
            </PermissionSet>
            <Assemblies>
                <Assembly Name="Telerik.Web.UI" Version="2010.2.826.35" PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010069F31F753C891D9F7F9D1CD0B579F61977769A5A48E01247CC2481C8765613854C8DCB5101DD092D5075A7339B4E34D0C9BD417F54972C7554AE480D6B1BB17BE8C1527554644BBD352D9498B174EAFF1090A30E1F7C2C3073669CB3EFC7D9640E82049F5FDA08CA58072C14169091A0BC7092EB6DE9C2A249A3C80F7704E5CF" />
            </Assemblies>
        </PolicyItem>
    </CodeAccessSecurity>

After i deployed the wsp i verified

* the dlls going to bin
* the trust level changed to custom trust level
* custom policy file being added to config folder

But when i run the page i get the following error -

screen shot -

alt text

Error -

Execution Permission Denied

Stack Trace -

Tell me if you want the stack trace. It is kind of annoyingly big.

I've checked my entire application for any assembly references of the dll. But i was not able to find one. Any ideas?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

可遇━不可求 2024-10-04 19:35:58

我认为您的 CAS 策略中有一个拼写错误:

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />

它应该是 Flags="Execution" 而不是 "Execute"

I think you just have a typo in your CAS policy:

<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execute" />

It should be Flags="Execution" not "Execute"

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文