Partially Trusted Callers


If a strong-named assembly is added to the GAC, it is granted the FullTrust permission set and is available for use by any unknown and potentially malicious client. To prevent security problems, .NET enforces a rule specifying that strong-named assemblies can be called only by client assemblies that are granted the FullTrust permission set. By default, strong-named assemblies cannot be called by partially trusted assemblies, such as the assemblies located in the Bin folder of your SharePoint virtual directory. This is because the .NET JIT compiler adds link-time demands for the FullTrust permission set on every public or protected method on every public class in the assembly. If you need more information about link-time demands, refer to the "Declarative Security" section earlier in the chapter. The following code listing shows a sample method called Test():

 public void Test() {} 

The .NET JIT compiler converts this method definition to the following code:

 [PermissionSet(SecurityAction.LinkDemand, Name = "FullTrust")] public void Test() {} 

If you do want to allow the calling of strong-named assemblies from within a partially trusted environment, you need to add the AllowPartiallyTrustedCallersAttribute assembly attribute located in the System.Security namespace to a strong-named assembly. This is also known as decorating a strong-named assembly with the AllowPartiallyTrustedCallersAttribute attribute. This attribute is also known as APTCA. In a C# project, you can do this by adding the following line of code to the image from book AssemblyInfo.cs class of an assembly:

 [assembly:AllowPartiallyTrustedCallers] 




Microsoft Office Sharepoint Server 2007 Administrator's Companion
MicrosoftВ® Office SharePointВ® Server 2007 Administrators Companion
ISBN: 0735622825
EAN: 2147483647
Year: 2004
Pages: 299

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net