MOSS Code Access Security and Web Parts

Congratulations! You've built a web part and successfully deployed to your MOSS server. Access Denied! What?! (*&*^%

Well, that's what I said when I deployed my MOSS Web Part. Join the club. It turns out that we were blocked by the Code Access Security.

As with any security token changes, you will need to get the Public Key Token as well as your Public Key Blob from your dll assembly. You can do this by running sn.exe –Tp [pathToAssembly]\[assemblyFileName]". There are some nifty things you can do by adding this as a button in your VS IDE as well, but that would be a topic for a later post.

You can find sn.exe in "[Drive]:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\sn.exe"

***Please note you would replace the purple sections with your own key tokens

Approaches

There are quite a few approaches to this problem but as with most things technical, there are best practice approaches.

First – GAC It

Of course the first thing a developer would do would be to throw the DLL into the GAC. This does give full trust and will solve the problem; however, full trust is not always the best thing and is not best practice.

Second - _App_Bin

The second thing you may try to do is throw the DLL into the _app_bin folder. Poof! That worked but some other stuff doesn't work quite right? That is correct ladies and gentlemen because this location is meant for dll's supporting the MOSS _layout applications and is not meant for you.

Third – Medium/Full Trust

While you may read on some posts, just to switch your trust level in web.config to medium or full trust, this will not give you the control you may want and may in fact give too much access.

Fourth – Custom Policy File

What now? Custom Policies are the answer. If you opened the web.config file for the application you are looking to deploy to, you will see a trust level. By default, the trust level for MOSS Apps is WSS_Minimal and for a decent reason. What does this mean? Well, the trust levels are configured in another section of the document and pointed to files in the config section of your MOSS installation.

File Sections

First Section

These are your permission classes pointing to public key tokens. Basically a listing of all possible permissions

Second Section

These are permission groups that will group above sets of permissions and sets the level of permission

Third Section

These code groups for associating what assemblies go to what permission sets

This file is essentially a hierarchal flow of permissions to dll's.

Important:

It is important to note that it is not only best practice but most certainly recommended that you sign your assembly and give it a strong name.

What we are going to do:

• Copy the WSS_Minimaltrust.config to WSS_Custom_Minimaltrust.config
  (drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config).
• You are then going to Add a new key to the Trust levels that will look like:

• Let's also make sure to rename the trust level in the web.config of your application to your newly created file.

Currently it probably looks like:

We are then going to add the Sharepoint Permission to be able to read the Sharepoint Object Model

• • Do this by copying the medium trust Sharepoint Permission into the second section of the minimum trust file
    
    

    <SecurityClass
    Name="SharePointPermission" Description="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"/>
    

• Create a new Permission Set called SPObjectModelRead:
  
  

  <PermissionSet
  class="NamedPermissionSet" version="1" Name="SPObjectModelRead">
  

  <IPermission
  class="SharePointPermission" version="1" ObjectModel="True" />
  

  <IPermission
  class="AspNetHostingPermission" version="1" Level="Minimal" />
  

  <IPermission
  class="SecurityPermission" version="1" Flags="Execution" />
  

  <IPermission
  class="WebPartPermission" version="1" Connections="True" />
  

  </PermissionSet>
  

• Create a new Code Group to map your newly created Permission set to your Assembly:
  
  

  <CodeGroup
  

  class="UnionCodeGroup"
  

  
  version="1"
  

  
  PermissionSetName="SPObjectModelRead"
  

  
  Name="Rotating Image Web Part"
  

  
  Description="This
  code group grants the Rotating Image Web Part SPObjectModelRead permissions.">
  

  
  <IMembershipCondition
  

  class="StrongNameMembershipCondition"
  

  
  version="1"
  

  PublicKeyBlob="0024000004800000940000000602000000240000525341310004000001000100af8c04c7f1100d8af5aa7792388fee59f8e07dba7ff313d5fc9cf694aa8dcc394e0db13f96d699c8f6c5a6fe155a0123d817a1363f4cc2fa1ea90ea4c7971bee26717b116d68346efdea6011baa994aced602761da653781b5eece7045b916d4e82431ef4467599c5425194bb564664d83a08d269ec6c38031460e0b0047f4d3" />
  

  
  </CodeGroup>

MOSS 2007 Development 101 – Part 1

 

So I have done quite a bit of Googling and would you believe it… There are very few articles on starting MOSS 2007 development. Well perhaps this is due to the fact that many MOSS developers are coming from SharePoint 2003 (SPS 2003). Not I, some of us actually come from the MSFT Content Management Server Background (MCMS), so this article is just an overview for those of us that say we've had enough, let's get MOSS. This article will also provide download links to get some tools that I am using. I am writing this as a series so this will be focused on tools of the trade. In a future post I will begin to write about the actual implementation.

Ok, let's get started…..

First we obviously must have a MOSS server to connect to, this is not the focus of this article but noted as a requirement.

>

Important:

It is important to note that when coding against much of the MOSS 2007 Object Model, that your environment be Windows Server 2003 SP1 or higher! Also at least WSS 3.0 must be installed.

Tools

1. I would recommend Microsoft Office SharePoint Designer. This tool will allow the user to customize master pages, themes, layouts, create new workflows and SharePoint objects and much more. If some of you are old like me, you will remember the good old days of FrontPage. Yup, this is it, but I would say mucho better. Unfortunately, this is not a free download and must be purchased
   
2. Well, you will use this quite often in your development although it is really an admin tool. stsAdm.exe
   will be a lifesaver for you and will allow you to do things such as create new sites, export, import fix mistakes, and other admin tasks. This tool is located on the MOSS server itself in most likely "c:\program files\common files\microsoft shared\web server extensions\12\bin".
   
3. .NET 3.0 is It can be downloaded here: http://www.microsoft.com/downloads/details.aspx?familyid=10CC340B-F857-4A14-83F5-25634C3BF043&displaylang=en
   
4. .NET 3.0 Extensions will allow you to create Windows Presentation Foundation (WPF) http://en.wikipedia.org/wiki/Windows_Presentation_Foundation and Windows Communication Foundation (WCF) http://en.wikipedia.org/wiki/Windows_Communication_Foundation projects. It can be downloaded here: http://www.microsoft.com/downloads/details.aspx?familyid=F54F5537-CC86-4BF5-AE44-F5A1E805680D&displaylang=en
   
   
5. MOSS SDK: This tool will give you the full technical lowdown on MOSS development although it can be tricky to navigate through the hundreds of pages. The MOSS SDK can be downloaded here: http://www.microsoft.com/downloads/thankyou.aspx?familyId=6d94e307-67d9-41ac-b2d6-0074d6286fa9&displayLang=en
   
   
6. Log Viewer is a great external tool to view the SharePoint logs. These will be extremely helpful to you in diagnosing issues. It can be downloaded here: http://www.codeplex.com/features/Release/ProjectReleases.aspx?ReleaseId=2502
   

   In this location you can also download other features such as debugging
   

7. Visual Studio 2005 – Who could forget MSFT's core IDE for development… apparently me because it's way down here. Most of the tools above will have hooks into the VS 2005 IDE. As with Designer, the VS 2005 must be purchased.
   
8. WSS 3.0 SDK – This will give you the underlying SharePoint Services Framework and can be downloaded here:
   http://www.microsoft.com/downloads/details.aspx?familyid=05E0DD12-8394-402B-8936-A07FE8AFAFFD&displaylang=en
   
9. Web Part Templates – MOSS is extendible through Web Parts and this tool will integrate into the VS 2005 IDE and help to build these parts. Can be downloaded here: http://www.microsoft.com/downloads/details.aspx?familyid=CAC3E0D2-BEC1-494C-A74E-75936B88E3B5&displaylang=en
   
10. MOSS Extensions – Ok, the ever elusive development environment. These can be downloaded here: http://www.microsoft.com/downloads/details.aspx?familyid=19f21e5e-b715-4f0c-b959-8c6dcbdc1057&displaylang=en These will plug into the VS 2005 IDE
    

The next post will focus on utilizing some of these tools and getting started on the actual development.

Cheers

MOSS Authentication Links

The following are great articles related to authentication in MOSS:

LDAP:

http://www.sharepointblogs.com/helloitsliam/archive/2006/08/15/10027.aspx

Custom:

PART 1: http://www.sharepointblogs.com/helloitsliam/archive/2006/12/11/16842.aspx


PART 2: http://www.sharepointblogs.com/helloitsliam/archive/2006/12/12/16887.aspx


PART 3: http://www.sharepointblogs.com/helloitsliam/archive/2006/12/14/16973.aspx


PART 4: http://www.sharepointblogs.com/helloitsliam/archive/2006/12/15/17010.aspx

Master Page/Page Layout Article

If you don't know about Heather, let me tell you that she has been an invaluable resource to me in MOSS Customization. The following article is a great read; however, she is probably best noted for taking the time and stress of decoding the entire CSS class structure for MOSS.

http://heathersolomon.com/blog/articles/5929.aspx

If you are just starting in MOSS customization, take a look at her site.

Creating New Site Definition Using CAML

This post is going to center around creating a new site definition. This is the first in a series of posts centered around Site Definition CAML Modification

Let's begin:

1. We are first going to Copy the existing Definition following the instructions outlined in: http://msdn2.microsoft.com/en-us/library/ms454677.aspx
   
2. Copy the existing site definition folder located in the Local_Drive:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\SiteTemplates\sts directory.
   

For example, to create a custom site definition that derives from the site definition for Microsoft Windows SharePoint Services, copy the sts folder. You can give the folder any name that contains no spaces.

1. Make a copy of the WebTemp.xml file that is located in Local_Drive:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\1033\XML.
   

Give the file a unique name by appending a string to the name of the original file; for example, WebTempAction.xml. At run time, the compiler merges information contained in this file with the information contained in the original file to specify which site templates are available for creating new sites.

1. Customize the contents of the new WebTemp file.
   

Each WebTemp.xml file contains a collection of Template elements and Configuration subelements, which identify to the compiler all the site definitions that can be instantiated. The Configuration element defines, for example, a title, a description, the URL for the image displayed in the user interface (UI), and a display category that specifies the tab on which to display the template in the Template Selection section of the New SharePoint Site page. These properties are common to each Web site created through the site definition.

Important:

In each Template element defined in the WebTemp file, the Name attribute must contain the same name that is assigned to the new folder. Also, to avoid conflict with IDs already used in Windows SharePoint Services, use unique values greater than 10,000 for the ID attribute.

Example

The following example defines a single site definition. The example assumes the existence of an ActionCommittee directory that has been created as previously described.

Copy Code

<?xml version="1.0" encoding="utf-8" ?> <Templates xmlns:ows="Microsoft SharePoint"> <Template Name=" ActionCommittee " ID="10001"> <Configuration ID="0" Title="Action Committee Team Site" Hidden="FALSE" ImageUrl="images/stsprev.jpg" Description="This template provides a forum for the team to create, organize, and share information quickly and easily. It includes a Document Library, and basic lists such as Announcements, Events, Contacts, and Quick Links." DisplayCategory="Collaboration"> </Configuration> </Template> </Templates>

You may need to reset Internet Information Services (IIS) to cause the new template to appear as an option in the UI.

The next post on this topic will focus on adding the publishing features to the site and creating custom web pages on site creation. The one following that will center around user permissions on lists and how to modify within the CAML.

Create Multi-Level Tree View Navigation in MOSS 2007

The purpose of this article is to outline the details necessary to modify the quick launch to use a multi-level ASP.NET 2.0 Tree View control. This will be extremely useful in publishing site applications.

Let's go ahead and begin modifying the master page necessary. What, you don't know about the master page, that's ok, I will post another blog entry outlining this but for now, open your sharepoint designer and browse to the top-level site in question. Remember it is my opinion that it is always good to create your own master page and css styles. The location of the master page is likely to be in _catalogs\masterpage

You can replace the AspMenu control with a TreeView control to display a familiar tree view with nodes that collapse and expand.

To replace the Menu control with the TreeView control

1. Open the master page you are using and find the ContentPlaceHolder container control whose ID is PlaceHolderLeftNavBar.
   
2. In the AspMenu control, find the PlaceHolderLeftNavBar control whose ID is QuickLaunchMenu, and replace SharePoint:AspMenu with ASP:TreeView in both the opening and closing tags.
   
3. Remove the following LevelMenuItemStyles element and its contents from the new TreeView element.
   

   Copy Code
   

   <LevelMenuItemStyles> <asp:MenuItemStyle CssClass="ms-navheader"/> <asp:MenuItemStyle CssClass="ms-navitem"/> </LevelMenuItemStyles> <LevelSubMenuStyles> <asp:SubMenuStyle CssClass="ms-navSubMenu1"/> <asp:SubMenuStyle CssClass="ms-navSubMenu2"/> </LevelSubMenuStyles>
   

4. Edit the web.config
   

   Edit the web.config, look for a named provider definition: "CurrentNavSiteMapProviderNoEncode", add a single property attribute: RequireUniqueKeysForNodes="true"The TreeView control provides properties that allow you to easily customize the control. For more information about Windows SharePoint Services master pages and site customization, see Master Pages.
   

5. Modify master page once more to change datasource
   

   Modify the data source that the Menu/TreeView is hooked up to, it should be immediately beneath it. Change the SiteMapProvider="CurrentNavSiteMapProvider" to SiteMapProvider="CurrentNavSiteMapProviderNoEncode"
   

6. Reset IIS for changes to take effect.
   

   The TreeView control provides properties that allow you to easily customize the control. For more information about Windows SharePoint Services master pages and site customization, see Master Pages.
   

Welcome

Ok, You would think that after 15 years of being in the industry I would already have a blog, but alas, I do not. This is truely my first blog entry. A little about myself: My company Code Integrators is a consulting company which consults in Microsoft Technologies and Enterprise Architecture. I am currently working as a Microsoft Consultant advising in WCM technologies including Microsoft Content Mangement Server and Microsoft Office Sharepoint Server. My intention for this blog will be to center around MS technologies and solve random problems that should be easy but will of course have at least had me thinking. My hope is that more junior programmers will learn and if nothing else, I have a blog!