Help needed with strong name web part

Discussion in 'ASP .Net Web Controls' started by Philip Colmer, Jul 10, 2004.

  1. I'm trying to create a very simple web part that makes use of an external
    DLL. The DLL tries to communicate with an external web site and I'm getting
    a permissions exception when I try to add the web part to a SharePoint page.
    From the research I've done, I think that this is because I've installed the
    web part into the bin folder where the trust level is low and access to
    external sites is not permitted.

    I therefore want to rebuild the part with a strong name so that I can
    install it into the GAC. Adding a strong name to my own code is
    straight-forward enough but the Interop DLL that Visual Studio built for the
    external DLL does not have a strong name and I can't figure out how to add
    one.

    So that is my problem. I'm using a DLL that I did not build. Visual Studio
    has built an Interop DLL and I need to ensure that it is built with a strong
    name.

    Can someone please tell me what steps I need to take?

    Thanks.

    --Philip
     
    Philip Colmer, Jul 10, 2004
    #1
    1. Advertising

  2. Philip Colmer

    [MSFT] Guest

    Hi Philip,

    You can grant proper trust level on this assembly in ".NET configration
    wizard". Additionally, you need to check the ASP.NET security also. The
    external DLL will use the ASP .NET application's account to communicate
    with external web site. This account may not have enough permission to do
    this.

    Luke
     
    [MSFT], Jul 12, 2004
    #2
    1. Advertising

  3. "[MSFT]" <> wrote in message
    news:...
    > Hi Philip,
    >
    > You can grant proper trust level on this assembly in ".NET configration
    > wizard". Additionally, you need to check the ASP.NET security also. The
    > external DLL will use the ASP .NET application's account to communicate
    > with external web site. This account may not have enough permission to do
    > this.


    Are you suggesting, then, that I should leave my web part in /bin and not
    try to install it in the GAC?

    If that is your recommendation, then I'll go with that and change the trust
    level. However, I thought that best practice was to strongly-name web parts,
    which is where I was getting stuck. Not on my own web part, mind, but on the
    Interop DLL that Visual Studio created.

    --Philip
     
    Philip Colmer, Jul 12, 2004
    #3
  4. Philip Colmer

    [MSFT] Guest

    [MSFT], Jul 13, 2004
    #4
  5. "[MSFT]" <> wrote in message
    news:V%...
    > Hi Philip,
    >
    > Assemblies in GAC may not be full trust. I would like suggest to grant
    > trust for an assembly With .NET Configaration Wizard. You may refer to
    > following article:
    >
    >

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
    > l/cpconadministrationwithcodegroupattributes.asp


    Luke

    Unless I am misunderstanding something, the .NET Configuration Wizard
    controls assemblies in the GAC, yes? It does NOT alter the security
    permissions for assemblies in the local /bin folder - correct?

    If I have understood that correctly, then I am still stuck with my original
    problem - how do I take the Interop DLL that Visual Studio 2003 has built
    for me from a COM DLL and strongly name it so that I can install it into the
    GAC? The MSDN documentation on installing an assembly into the GAC only
    references strong-named assemblies:

    http://msdn.microsoft.com/library/d...installingassemblyintoglobalassemblycache.asp

    As I stated in my previous posting, it was my understanding that it is best
    practice to strongly-name assemblies and it is THIS that I'm stuck on, not
    altering the permissions applied to the assembly.

    Regards

    Philip
     
    Philip Colmer, Jul 13, 2004
    #5
  6. Philip Colmer

    [MSFT] Guest

    Hi Philips,

    You may open Administrator tools\microsoft .NET framework 1.1 wizard. In
    the wizard, you can trust any .NET assembly even it wasn't in GAC.

    Luke,
     
    [MSFT], Jul 14, 2004
    #6
  7. "[MSFT]" <> wrote in message
    news:...
    > Hi Philips,
    >
    > You may open Administrator tools\microsoft .NET framework 1.1 wizard. In
    > the wizard, you can trust any .NET assembly even it wasn't in GAC.


    Using the wizard, I have granted full trust to both my web part DLL and the
    Interop DLL. I'm still getting a
    System.Security.Permissions.SecurityPermission exception. I have restarted
    IIS after changing the trust level.

    --Philip
     
    Philip Colmer, Jul 15, 2004
    #7
  8. Philip Colmer

    [MSFT] Guest

    [MSFT], Jul 16, 2004
    #8
  9. Philip Colmer

    [MSFT] Guest

    Hello Philip,

    Does SuppressUnmanagedCodeSecurity Attribute work for the issue?

    Luke
     
    [MSFT], Jul 19, 2004
    #9
  10. "[MSFT]" <> wrote in message
    news:%23ey%...
    > Hello Philip,
    >
    > Does SuppressUnmanagedCodeSecurity Attribute work for the issue?


    Unfortunately I cannot find a way of adding this to my code. I'm writing the
    code in VB.Net and all of the examples of using this attribute are in C#.
    I've tried lots of permutations but the compiler just rejects it. I guess
    I'm getting the syntax wrong somewhere but, as I say, I can't find a VB
    example of how to incorporate this.

    --Philip
     
    Philip Colmer, Jul 20, 2004
    #10
  11. Philip Colmer

    [MSFT] Guest

    Hi Philip,

    I think there is no much difference between C# and VB.NET when using
    SuppressUnmanagedCodeSecurity, you can just put below line above a method
    or class in your VB .NET code:

    <System.Security.SuppressUnmanagedCodeSecurity()>

    For exmaple:

    <System.Security.SuppressUnmanagedCodeSecurity()> Private Declare Function
    QueryPerformanceFrequency Lib "kernel32" (ByRef PerformanceFrequency As
    Long) As Boolean

    Luke
     
    [MSFT], Jul 21, 2004
    #11
  12. "[MSFT]" <> wrote in message
    news:...
    > Hi Philip,
    >
    > I think there is no much difference between C# and VB.NET when using
    > SuppressUnmanagedCodeSecurity, you can just put below line above a method
    > or class in your VB .NET code:
    >
    > <System.Security.SuppressUnmanagedCodeSecurity()>
    >
    > For exmaple:
    >
    > <System.Security.SuppressUnmanagedCodeSecurity()> Private Declare Function
    > QueryPerformanceFrequency Lib "kernel32" (ByRef PerformanceFrequency As
    > Long) As Boolean


    Thank you for that clarification.

    I have now implemented that but it hasn't worked. Just in case I've made a
    mistake, here is the snippet of code:

    <System.Security.SuppressUnmanagedCodeSecurity()> Private Function
    GetChart() As String
    Dim value As String

    Try
    Dim hm As New HighlandMedia.Stocks
    value = hm.GetSmallChart("MSFT", "yr")
    Catch ex As Exception
    value = "<p>Exception: " + ex.Message + "</p>"
    End Try

    Return value
    End Function

    I continue to get the Exception text when the web part renders.

    --Philip
     
    Philip Colmer, Jul 21, 2004
    #12
  13. Philip Colmer

    [MSFT] Guest

    What is the exact exception you get ? Thanks.

    Luke
     
    [MSFT], Jul 22, 2004
    #13
  14. "[MSFT]" <> wrote in message
    news:...
    > What is the exact exception you get ? Thanks.


    System.Security.Permissions.SecurityPermission.

    --Philip
     
    Philip Colmer, Jul 22, 2004
    #14
  15. Philip Colmer

    [MSFT] Guest

    Is the SharePoint run under a user account with local administrator
    permission?

    Luke
     
    [MSFT], Jul 23, 2004
    #15
  16. "[MSFT]" <> wrote in message
    news:...
    > Is the SharePoint run under a user account with local administrator
    > permission?


    Yes.

    --Philip
     
    Philip Colmer, Jul 23, 2004
    #16
  17. Philip Colmer

    [MSFT] Guest

    If you tested the externalDLL. in a Win Form application or an ASP.NET
    application. Will it also generate the error?

    Luke
     
    [MSFT], Jul 26, 2004
    #17
  18. "[MSFT]" <> wrote in message
    news:gXRB$...
    > If you tested the externalDLL. in a Win Form application or an ASP.NET
    > application. Will it also generate the error?


    It works in an ASP.NET application.

    --Philip
     
    Philip Colmer, Jul 26, 2004
    #18
  19. Hi Philip,

    Could you be so kind to tell me whether you have configured the web.config
    file to set this interop-dll as safe control?

    If not, after you add the component into GAC, you will need to add one line
    in the web.config of your SPS/WSS site as below:
    <SafeControl Assembly="SingleSignon, Version=1.0.0.0, Culture=neutral,
    PublicKeyToken=8d17a0a8981505ba"
    Namespace="Microsoft.SharePoint.Portal.SSOSample" TypeName="*" />

    Please specify the Full name of the interop-dll in the GAC and then give
    the name space with all the type.

    Please feel free to let me know if you have any question.

    Best Regards,
    Wei-Dong Xu
    Microsoft Product Support Services
    Get Secure! - www.microsoft.com/security
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Wei-Dong XU [MSFT], Jul 27, 2004
    #19
  20. "Wei-Dong XU [MSFT]" <> wrote in message
    news:...
    > Hi Philip,
    >
    > Could you be so kind to tell me whether you have configured the web.config
    > file to set this interop-dll as safe control?
    >
    > If not, after you add the component into GAC, you will need to add one

    line
    > in the web.config of your SPS/WSS site as below:
    > <SafeControl Assembly="SingleSignon, Version=1.0.0.0, Culture=neutral,
    > PublicKeyToken=8d17a0a8981505ba"
    > Namespace="Microsoft.SharePoint.Portal.SSOSample" TypeName="*" />
    >
    > Please specify the Full name of the interop-dll in the GAC and then give
    > the name space with all the type.


    I've tried adding this and, unless I've made a mistake in the line, it
    hasn't solved the problem.

    This is the entry I added:

    <SafeControl Assembly="Interop.HighlandMedia"
    Namespace="HighlandMedia" TypeName="*" Safe="True" />

    There was already an entry for my own web part DLL:

    <SafeControl Assembly="MyStock" Namespace="MyStock" TypeName="*"
    Safe="True" />

    I think I've got the namespace correct even though it is different from the
    assembly name.

    --Philip
     
    Philip Colmer, Jul 28, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gopal Krish

    Strong name a ASPX web Page --- Question

    Gopal Krish, Nov 4, 2004, in forum: ASP .Net
    Replies:
    5
    Views:
    410
    Kevin Spencer
    Nov 5, 2004
  2. Bobby Chamness
    Replies:
    2
    Views:
    2,426
    Joe Smith
    Apr 22, 2007
  3. namekuseijin

    Re: "Strong typing vs. strong testing"

    namekuseijin, Sep 27, 2010, in forum: C Programming
    Replies:
    214
    Views:
    3,455
    Nick Keighley
    Oct 17, 2010
  4. namekuseijin

    Re: "Strong typing vs. strong testing"

    namekuseijin, Sep 27, 2010, in forum: Python
    Replies:
    229
    Views:
    3,549
    Gregory Ewing
    Oct 29, 2010
  5. Gopal Krish

    How to Strong name a aspx web page?

    Gopal Krish, Nov 4, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    116
    Gopal Krish
    Nov 4, 2004
Loading...

Share This Page