SharePoint User Group UK

I'm using the Return of SmartPart to embed a user control into a web part in a MOSS page, and the user control is going and calling a web service method.  I set it all up on a virtual server instance of MOSS and it works OK.  I then tried deploying it over to a real server and get a .NET error.  The error happens at the point when the web service method is called. 

I can deploy to the server a different and simple user control (that doesn't talk to a web service) as a user control in SmartPart and it works OK. 

Also I can deploy the original user control added to a regular ASPX page on the server (ie completely outside of MOSS) and it works OK and is able to talk to the web service. 

There's an entry in the event viewer on the server is below.  It appears to be permissions related because the stack trace is coming out at a code access error.  Anyone got any suggestions? 

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 06/03/2008 10:20:33
Event time (UTC): 06/03/2008 10:20:33
Event ID: 23cdb79a58cd41cba8227ddad701dba9
Event sequence: 183
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1379361544/Root-2-128492723612816087
    Trust level: WSS_Minimal
    Application Virtual Path: /
    Application Path: C:\Inetpub\wwwroot\wss\VirtualDirectories\19342\
    Machine name: TWC116
 
Process information:
    Process ID: 8120
    Process name: w3wp.exe
    Account name: BTW\SharePointAppPool
 
Exception information:
    Exception type: FileLoadException
    Exception message: The given assembly name or codebase was invalid. (Exception from HRESULT: 0x80131047)
 
Request information:
    Request URL: http://twc116:19342/Consultation/AppPages/SelectConsultation.aspx
    Request path: /Consultation/AppPages/SelectConsultation.aspx
    User host address: 172.20.10.30
    User: BTW\xxxxxxx 
    Is authenticated: True
    Authentication Type: NTLM
    Thread account name: BTW\SharePointAppPool
 
Thread information:
    Thread ID: 7
    Thread account name: BTW\SharePointAppPool
    Is impersonating: False
    Stack trace:    at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint)
   at System.Net.HttpRequestCreator.Create(Uri Uri)
   at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
   at System.Web.Services.Protocols.WebClientProtocol.GetWebRequest(Uri uri)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebRequest(Uri uri)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.GetWebRequest(Uri uri)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at ConsultationUI.ConsultationWS.Consultation.GetStatusList()
   at ConsultationUI.SelectConsultation.PopulateScreenFromBusinessLayer()
   at ConsultationUI.SelectConsultation.FormatPage()
   at ConsultationUI.BaseControl.Page_Load(Object sender, EventArgs e)
   at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
   at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
   at System.Web.UI.Control.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.AddedControl(Control control, Int32 index)
   at SmartPart.SmartPart.CreateChildControls()
   at System.Web.UI.Control.EnsureChildControls()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 
 
Custom event details:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Lars,

I notice that your stack trace mentions using NTLM. This is possibly due to the double hop issue with NTLM authentication when the SmartPart attempts to connect to the web service on behalf of the client and this might be corrected by swtching to Kerberos.

Not sure why it doesn't affect your ASP page though, I'd have expected similar behaviour.

Paul.

We finally fixed this in the end, well found a temp workaround anyway.  We had to set the trust level to Full in the web.config of the site it's in

Inetpub\wwwroot\wss\virtualdirectories\sitename

by modifying the Trust node to:

<trust level="Full" originUrl="" />

This blog gave us a clue:

http://mindsharpblogs.com/Aaron/archive/2008/01/31/4246.aspx

Is it a security problem to be running as full trust like this?

hey u should not have done that

running at trust level full is the worst idea u can expect

u may need to

 define the permission requests

configure the CAS policy for the assembly

etc

move in this drection

I agree with the above, running your entire farm at full trust is probably far from ideal. But you have to weigh this up with, "Who has access to place webparts etc on the site? What audience does it have etc?"

If you're going anywhere near the internet or have a farm with multiple admins, then I would recommend that you return the site to WSS_Minimal which is probably how it was configured, and then look at configuring CAS policies for your web parts.

I found a fairly good web page about CAS over the weekend as I was having some access permissions errors and it might be worth taking a look at.

http://store.bamboosolutions.com/kb/article.aspx?id=10405

Paul.

OK thanks for your advice and that link. 

The web part we're using is the Return of SmartPart, and then we also deploy the DLL's for the user controls.  Should I be looking at the CAS for the SmartPart web part itself, or at the DLL's for the user controls that are embedded in it, or both?

The CAS policy applies to the assembly that references it, so in your case it'll be the DLLs that house the code for the user controls.

You'll need to find out what security actions each dll is trying to do, and set the most appropriate CAS policy. The link I posted previously gives some tips on how to find out what is happening by improving the information given in the security exception.

Paul.

Actually, I just found that Combined Knowledge have a White paper on CAS for SharePoint on their website written by one of their Development tutors. Wish I'd taken a look there at the weekend when I was trying to sort out my file IO issues.

http://www.combined-knowledge.com/Downloads%202007.htm

Hi Royce

I ended up putting the required DLL's into the GAC (use Visual Studio's gacutil command) and adding a SafeControls entry in the web.config.  It may not be the best solution but it does seem to be a compromise that many developers end up using when using the SmartPart, and at least that way you don't need to change the trust level for the whole application in the web.config.

Hope this helps.