Security Exception: That assembly does not allow partially trusted callers

Scenario:

1. We wanted our SharePoint webpart to do some complex logic that took time.
2. We decided to implement it as an AJAX call to an AJAX WCF Service (see earlier post)
3. To avoid cross-domain issues, we decided to host the WCF Service under SharePoint root.

The bigger picture looked like this:

• SharePoint root: http://server/
• WCF hosted on http://server/wcf.service/service.svc 
  Which we configure as a Web Application in IIS.
• We build the WCF service separately and tested it to be working.
• When we deployed to the SharePoint box however, we hit a snag when our WCF service calls an underlying API:
  
  Security Exception: That assembly does not allow partially trusted callers.

The cause:

What we understood of the problem basically was that the web.config for SharePoint http://server/web.config specified trust policies that mean anything under http://server/... was running with partial trust.

This isn't necessarily a bad thing, but because the API's we were calling demanded full trust, we couldn't proceed without granting the service full trust.

The fix:

There are many ways to grant the service full trust, we decided to do this by placing the service assembly into the GAC on the SharePoint server.

1. Put assembly (strong-named) into the GAC
2. Add <assembly> line into the web.config

If this option isn't available for you, check out caspol or the .NET configuration tools to elevate permission for your assembly.

Thoughts:

The deployment ended up to be very nice and tight:

• Configure http://server/wcf.service/ as an web application, we put the service on a different AppPool from the SharePoint one.
• 1 service.svc file that goes into http://server/wcf.service
• 1 web.config file that goes into http://server/wcf.service
• 1 assembly dll that goes into the GAC

SharePoint talks to the service via a SmartPart + jQuery.ajax

Done!