| |
|
|
|
|
|
|
|
|
| Jonas Nilsson, Bamboo Solutions |
 |
371 Views ::
0 Comments :: Jonas Nillson
|
Jonas Nilsson, Bamboo Solutions
Jonas Nilsson is a Software Architect for Bamboo Solutions Corporation. He has been with Bamboo for 7 years, and prior to his MS SharePoint involvement, his past role includes creating an enterprise collaboration and information management application. His recent role has taken him around the globe teaching Web Part development classes in the Far East. He is an active participant in developer forums supporting .NET and SharePoint development. You can reach Jonas at jonas.nilsson@bamboosolutions.com.
|
|
|
|
|
|
|
|
|
|
|
|
| Jonas Nilsson - SharePoint, CodeAccessSecurity and creating WebParts |
|
3629 Views ::
0 Comments :: Microsoft Office SharePoint Services, Jonas Nillson, 4:15 PM
|
SharePoint, CodeAccessSecurity and creating WebParts
Why do you have to worry about Code Access Security in SharePoint Web Part development? Before the release of ASP.NET 1.1, role-based security was the primary means of protecting access to system resources. This basically means that access to our resources such as the file system, databases, registry, and environment variables were available to our applications as long as the user who runs the program had the appropriate permissions.
This type of role-based security leaves security holes that allow buggy and/or malicious code to potential wreak havoc in the environment once it was able to get behind the firewall, such as scripts that embedded in a body of an email message.
Code Access Security (CAS) is the new feature introduced in ASP.NET 1.1 to prevent this problem. Basically, CAS is an added security model that allows an assembly (Web Part) to execute within its environment.
SharePoint, being based on the ASP.NET framework, interacts with code access security to set the execution permissions on the assemblies code, and grants access only to the resources it needs to execute successfully and no more.
|
|
|
|
|
|
|
|
|
|
21 August, 2008
|
|
|
| |
|
|