There is a strong argument against doing things like this, but there are times when you just have to bite the bullet and grant full access permissions to certain web parts without having to install them to the GAC. Here’s how.
The first requirement for this method is that your web parts must be strong named. I would recommend creating a new keyfile specifically for web part assembl
ies that you want to fully trust. Use the following command to do so.
sn.exe -k c:\keyfiles\FullTrustWebParts.snk
Apply this key file in the AssemblyInfo.cs file for your web part project
[assembly: AssemblyKeyFile(@"c:\keyfiles\FullTrustWebParts.snk")]
Build and deploy your project as normal.
Now for the fun part – configuring Sharepoint to accept the signed web parts as fully truted.
In the folder C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\CONFIG copy your wss_mediumtrust.config file to wss_trustsigned.config and then open the new file for editing.
Find the section that starts with the following
<codegroup class="FirstMatchCodeGroup"
version="1"
PermissionSetName="Nothing">
<imembershipcondition class="AllMembershipCondition"
version="1"
/>
and add the following immediately after this code
<codegroup class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<imembershipcondition class="StrongNameMembershipCondition"
version="1"
PublicKeyBlob="...see note below..."
/>
</codegroup>
The test “…see code below…” needs to be replaced with the public key blob from your assembly. To find this string, use the following command
secutil.exe -hex -s <path to assembly>
Important : remove the leading 0x from this string
Save and close the new file.
Next, open up the Web.Config file from the root of your Sharepoint site. In my case, this resides at c:\inetpub\wwwroot\intranet\web.config
In this file, find the “securityPolicy” section. Copy one of the “trustLevel” nodes, and change the “name” attribute to “wss_trustsigned”, and also the policyFile attribute to reflect the path to your new policy file (ie. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\CONFIG\wss_trustsigned.config)
Once you have added the policy setting, you will need to find the “trust” node within the “system.web” section. Change the value of the “level” attribute to “wss_trustsigned”. This is the value you set in the previous step.
Now save the file, and restart IIS. Your web parts should be fine now.
*NOTE* this has not been tested step by step from these instructions. I will chek it all this week, given the chance, and make any changes that might be necessary. I’m afraid that this is due to having to try to remember what a colleague did 12+ months ago. Ho-hum.