SharePoint, WCF Service, .NET full/partial trust
Security Exception: That assembly does not allow partially trusted callers
Scenario:
- We wanted our SharePoint webpart to do some complex logic that took time.
- We decided to implement it as an AJAX call to an AJAX WCF Service (see earlier post)
- To avoid cross-domain issues, we decided to host the WCF Service under SharePoint root.
The bigger picture looked like this:
- SharePoint root: http://server/
- WCF hosted on http://server/wcf.service/service.svc
Which we configure as a Web Application in IIS. - We build the WCF service separately and tested it to be working.
- When we deployed to the SharePoint box however, we hit a snag when our WCF service calls an underlying API:
Security Exception: That assembly does not allow partially trusted callers.
The cause:
What we understood of the problem basically was that the web.config for SharePoint http://server/web.config specified trust policies that mean anything under http://server/... was running with partial trust.
This isn't necessarily a bad thing, but because the API's we were calling demanded full trust, we couldn't proceed without granting the service full trust.
The fix:
There are many ways to grant the service full trust, we decided to do this by placing the service assembly into the GAC on the SharePoint server.
- Put assembly (strong-named) into the GAC
- Add <assembly> line into the web.config
If this option isn't available for you, check out caspol or the .NET configuration tools to elevate permission for your assembly.
Thoughts:
The deployment ended up to be very nice and tight:
- Configure http://server/wcf.service/ as an web application, we put the service on a different AppPool from the SharePoint one.
- 1 service.svc file that goes into http://server/wcf.service
- 1 web.config file that goes into http://server/wcf.service
- 1 assembly dll that goes into the GAC
SharePoint talks to the service via a SmartPart + jQuery.ajax
Done!