Avoid Comments in a SharePoint Deployment Manifest

Posted Thursday, July 5, 2007 12:42 PM by C-Dog's .NET Tip of the Day

In order to properly install a web part with Code Access Security, it is necessary to create a deployment solution. My next post will cover these and the proper way to specify code access security for a web part. In the meantime though, I wanted to post on a bug I discovered to hopefully help out some other poor *** like myself. Here is an example of some PermissionSets specified in a solutoin manifest (note: the details of the actual permissions are not important).

<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
<IPermission class="SecurityPermission" version="1" 
Flags="Execution, ControlPrincipal,ControlAppDomain, ControlDomainPolicy, ControlEvidence" />
<!-- Chage this you lazy *** - unrestricted is bad -->
Microsoft.SharePoint.Security, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    version="1" ObjectModel="True" Impersonate="True" UnsafeSaveOnGet="True" Unrestricted="True" />
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, 
Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" 
Flags="ControlThread, UnmanagedCode, Execution" />

Notice the comment in this example. I added a comment like this becaues I wanted to make note of something. I came in after the holiday weekend, deployed my solution and I ended up getting an error "Unable to set required permissions...". An hour or two later, I finally bothered to check the folder with the trust configuration and I noticed that the last line was missing in the merged configuration file. I went back and removed the comment from my manifest file and all the sudden everything started working. So what this tells me is there is a bug in whatever parses the manifest file. Avoid comments in there and you should be safe.

My next post will cover CAS in great detail and will provide you with what the exact permission requirements are for a typical web part.

Read the complete post at http://www.dotnettipoftheday.com/blog.aspx?id=370