Setting the Security Policy

Previous page
Table of content
Next page

The Microsoft SSO service uses a SQL Server database to store application credentials, and web parts attempting to access this data store are subject to code access security restrictions determined by the active policy. By default, WSS_Minimal and WSS_Medium do not allow access to SSO functionality. In order to grant access, you must modify the policy files or create a custom policy file.

SSO uses a ticketing system for accessing credentials. Web parts can request a ticket from SSO that can subsequently be used to access credentials within the data store. Permission to access SSO is determined by the SingleSignonPermission class. This class accepts an enumerated value that determines the level of access the code is granted. Table 6-1 lists the possible values for the SingleSignonPermission class.

Table 6-1: The SingleSignonPermission Class

PERMISSION

DESCRIPTION

Minimal

The web part can reserve a ticket to redeem credentials later but cannot access credential information.

Credentials

The web part can redeem a ticket for credentials and access credential information.

Administer

The web part has full access to SSO for credential information and application administration.

Whether you choose to modify an existing policy file or create a new one, you must make an appropriate entry in both the <SecurityClasses> and <PermissionSets> sections of the file. In the <SecurityClasses> section, you must add a reference to the SingleSignonPermission class. The following code shows the appropriate entry. 

 <SecurityClass Name="SingleSignonPermission" Description= "Microsoft.SharePoint.Portal.SingleSignon.Security.SingleSignonPermission, Microsoft.SharePoint.Portal.SingleSignon.Security, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"/>

Once the entry is made to reference the SingleSignonPermission class, you must add an entry to the ASP.NET <PermissionSet> to grant the appropriate level of permission. As with all other permissions, you grant the access using the <IPermission> element setting Minimal , Credentials , or Administer as the value. Additionally, the specific permission grant must appear within the permission set for ASP.NET. As always, remember to restart Internet Information Server (IIS) once your policy changes are complete. The following code shows the entry for granting access to SSO within the ASP.NET permission set. 

 <PermissionSet     class="NamedPermissionSet"     version="1"     Name="ASP.Net">     <IPermission         class="SingleSignonPermission"         version="1"         Access="Credentials"     />


Previous page
Table of content
Next page
Microsoft SharePoint[c] Building Office 2003 Solutions
Microsoft SharePoint[c] Building Office 2003 Solutions
ISBN: 1590593383
EAN: N/A
Year: 2006
Pages: 92
BUY ON AMAZON
CISSP Exam Cram 2
Inside Network Security Assessment: Guarding Your IT Infrastructure
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Ruby Cookbook (Cookbooks (OReilly))
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy