Sunday, 28 August 2011

How to create new custom Trust Level and Code Access Security inSharePoint

Step 1: Create a custom policy file wss_custom.config by copying the out-of-box policy file
  •  Open directory “C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG”. The directory contains the out-of-box policy files defining Wss_Medium and Wss_Minimal trust levels of SharePoint.
  • Make a copy wss_minimaltrust.config in the same directory and rename it to wss_custom.config.

Step 2: Refer to the “wss_custom.config” policy file from the web.config
  • Add a new trustLevel entry to the web.config. The trustLevel points to the new policy file  wss_custom.config your created in step 1.

    <securityPolicy>
    ......
    <trustLevel name="WSS_Custom" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_custom.config" />
    </securityPolicy>

  • Change <trust level="WSS_Minimal" originUrl="" /> to <trust level="WSS_Custom" originUrl="" />
    <trust level="WSS_Custom" originUrl="" />

    After the first two steps, your sharepoint web application starts to use the custom poplicy file, wss_custom.config. Rememeber the “wss_custom.config” is just a copy of the out-of-box “wss_minimaltrust.config”. Now, we need to modify the file.

Step 3: Modify the “wss_custom.config” policy file so the Dlls in bin directory of the sharepoint web application have CAS SharepointPermission. You just need to add one IPermission element to an existing permissionset element as the follows:
<PermissionSet  class="NamedPermissionSet"  version="1" Name="SPRestricted">
<!-- add the following element -->
<IPermission
class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
version="1"
ObjectModel="True"
/>
<!-- end of the element -->
</PermissionSet>

How did I figure out to add the SharePointPermission to the SPRestricted permissionset? First, the exception message already tells you that we need to add SharePointPermission. So, you need to add IPermission element with SharePointPermission as its class.You can just use Version=”1”. The real catch is how to figure out adding ObjectModel=”true”. Go to http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.security.sharepointpermission_properties.aspx. You notice the SharePointPermission is a .NET class with three public properties. ObjectModel is one of them. What I did was to try each property and assign them to true. After a few tries, ObjectModel=”True” is the only one that really matters.
 Why I choose to add it to SPRestricted PermissionSet?. This requires a basic understanding of the structure of the CAS Policy file. Do a search for “SPRestricted” in the WSS_custom.config file. You will find the following element:
<CodeGroup class="UnionCodeGroup"  version="1" PermissionSetName="SPRestricted">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/*"
/>
</CodeGroup>

This is the code group that dictates the CAS permission for all the Dlls under "$AppDirUrl$ directory, which includes the bin directory. This code group uses “SPRestricted” permission set. That is why to add the IPermission element to the “SPRestricted” permissionset.

Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Sharepoint Webpart/Infopath Form

Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed
A Web part/InfoPath form with managed code causes the above error.

Cause: DLL's that access databases require at least the WSS_Medium security policy in the web.config file. If you receive a security message from the web part, it's usually the trust element in the web.config file.
You could also have a dll outside the GAC that's trying to access some part of the SharePoint Object Model.
Fix: There's a couple of ways to resolve this issue.

  1. Put you dll in the GAC. I don't like putting limited use web parts in there and managed code for InfoPath doesn't like it.

  2. Open wss_mediumtrust.config & wss_minimaltrust.config usually (C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\) look in your web.config file for the exact path. Find in wss_mediumtrust.config: Copy and paste it in to the node of wss_minimaltrust.config.
    In the PermissionSet section of this configuration file, add the following: Find in wss_mediumtrust.config:
    Copy and paste it in to the a node of wss_minimaltrust.config. That about covers it

  3. You could also set the trust level to "wss_mediumtrust" or create a custom trust level. To create custom trust level see the post How to create cutom trust level in sharepoint

Wednesday, 24 August 2011

Can't able to save Office File to SharePoint Document Library onWindows Server 2008

Using SharePoint 2007 on Windows Server 2008 might bring additional steps to configuration that didn't exist in Windows Server 2003. On of the most questioned area is "why I can't able to save Office Document to the SharePoint Document Library"?

On Windows Server 2003 you can create new Office document via Document Library toolbar and save this document back to Library directly from the Office. However, in the SharePoint instance on Windows Server 2008 you will be asked to save the document to the File System(hard drive). You won't see SharePoint Lists and typing the url of the sharepoint server in the "Save" dialog box will generate the error "Path doesnt hot found".

The issue of this is that WebDav access and functionality to browser the site structure is incorporated to "Desktop Experience" feature of Windows Server 2008. It's a new feature and not enabled by default. So, to have ability save document to SharePoint from Office you need to add  "Desktop Experience" feature to Windows Server 2008 manually (unfortunately, server restart is required).

SharePoint 2010 is affected as well.

Steps To install Desktop Experience in Windows Server 2008
  1. go to server manager
  2. features--> Add Feature
  3. select Desktop Experience
  4. Click on Install
Note: Make sure that you remove the WebDAV module in IIS 7.5 also if you're on Windows Server 2008 R2

Thursday, 11 August 2011

SQL Server does not handle comparison of NText, Text, Xml, or Imagedata types.

When insert XML to an XML field in SQL server via Linq to SQL it all works fine, But  when you try  to update this XML field using LINQ, you will  get this exception:
System.NotSupportedException: SQL Server does not handle comparison of NText, Text, Xml, or Image data types
Inorder to fix this issue just open the dbml file with xml editor and set the updatecheck to false as follows:
<column canbenull="true" dbtype="Xml" name="PermissionsXml" type="System.Xml.Linq.XElement" updatecheck="Never"></column>

Your personal site cannot be created because Self-Service Site Creationis not enabled. Contact your site administrator for more information

Sometimes, even after personalizing your permissions in Shared Services, and after going to mysite it prompts:
“Your personal site cannot be created because Self-Service Site Creation is not enabled. Contact your site administrator for more information”
In order to fix this,
  1. Go to Central Administration,
  2. Application Management
  3. go to the categorySite Security
  4. click Self-service site management.
  5. Enable it (ensuring that the mysite web application is selected)

the problem is fixed (not really a problem, it’s due to diable MySite creation)

Enjoy!