.Net framework security

Posted on 2011-05-12
Last Modified: 2012-05-11

I have a Sharepoint webpart which calls webservice.  The Sharepoint site is being migrated to new servers and from Sharepoint 2003 to 2007.  I have to update the webparts.  The question isn't really about Sharepoint though!

The Web service is a .Net 1 assembly.  The web parts are .Net 2 (I could rebuild them in 3.5 if it helps but not 4!).  The web service needs to be enabled using machine level code access security and the is done with a Full Trust URL group.

The new server is Windows 2008 and I'm struggling to put the code access security on.  The .Net 1 configuration tools aren't in control panel and the .mrc (?) control app isn't in the framework 1.* folders.  Caspol is in the framework 2 folders and so I can create some scripts.  Unfortunately I can't test them as the business security seems to stop me running them (I can test them on my XP machine but not on a test server).  This means I want to double check I'm doing the right thing before I get someone to run them.  

Can anyone tell me if
  1) Caspol is the way to go...
  2) I may have a problem because the caspol file is in the framework 2 structure but the web service is a framework 1 app?  (I assume this needs framework 1 security even though it is remote and accessed through a URL?!)

Thanks in advance for any assistance.

Question by:gringogordo
    LVL 19

    Expert Comment

    by:Daniel Van Der Werken
    I believe CASPOL is the way to go.  I set up code access security for an assembly I wrote back in 2005 in .NET 1.1, but I'm pretty sure that if you use a .NET 2 CASPOL you'll be okay with a .NET 1.1 assembly.  I don't think the specific version of the assembly has any direct correlation on how CAS works.

    Accepted Solution

    Caspol didn't seem to solve the problem, which definately seems to be a security problem.  I'm wondering if I should try to get the .Net 1 config tools copied over ?

    Author Comment

    Hi, Sorry I can't work out how to cancel the close.  I thought I had accepted the 'solution' and awarderd points.  I'm happy to award points between all responders.


    Author Closing Comment

    Actually my issue wasn't a runtime security problem !

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    It seems a simple enough task, yet I see repeated questions asking how to do it: how to pass data between two forms. In this article, I will show you the different mechanisms available for you to do just that. This article is directed towards the .N…
    Welcome my friends to the second instalment and follow-up to our Minify and Concatenate Your Scripts and Stylesheets (…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now