Friday, February 02, 2007

Configuring URLMembershipCondition for individual assemblies and the $AppDirUrl$/bin/ path for WSS solution.

In a previous post I described how to configure CAS within WSS solution. At the time I used a membership condition based on the key blob. This works fine for signed assemblies and allows us to create one permission set for a group of assemblies. In our deployment however we decided to remove the assembly signatures, since this interferes with other projects. Trying to find out what other conditions we can define I used the name of the assembly only, so that the CAS section in the manifest.xml file looked like this:

...

<CodeAccessSecurity>
<PolicyItem>
<Assemblies>
<Assembly Name="myassembly.dll"/>
</Assemblies>
<PermissionSet class="NamedPermissionSet" Name="MyPermissions" version="1">

...

This works and in the custom configuration file it translates to:

...

<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="solution.wsp-1c4cffbe-f1ed-428e-afde-c82d59516da7-1">
<IMembershipCondition version="1" Name="myassembly" class="UrlMembershipCondition" Url="$AppDirUrl$/bin/myassembly.dll" />
</CodeGroup>

...

This is great, but there is still a lot of typing to create and maintain permission set for each assembly. I wish there was an option to define UrlMembershipCondition for group of assemblies in the $AppDirUrl$/bin/* path. So I created the permission set for the assembly "*" and the result was this membership condition:

...

<IMembershipCondition version="1" Name="*" class="UrlMembershipCondition" Url="$AppDirUrl$/bin/*.dll" />

...

Looks like it will work fine? Unfortunately the config file parser complains about the *.dll part of the URL attribute, so no luck here either.

I guess, I am going back to defining individual permission sets for each assembly.

Dovizhdane!