Don’t place your Web Part assembly in the bin directory…

Just got bitten by this. Spent the better portion of an hour trying to figure out why I was getting cryptic “That assembly does not allow partially trusted callers” errors in my SharePoint logs. Was following some MSDN documentation about this, and placed my assembly in the bin directory of SharePoint. Once I moved my assembly to the GAC, the errors went away (assemblies in the GAC cannot be loaded with partial trust, if my memory serves me right).

The error seemed to stem from me trying to access the ExcelWebRenderer.WokbookUri property – the code would just not run and SP would give me one of the wonderful generic error pages. Other properties on the same control worked okay.

I swear, sometimes debugging SharePoint stuff is like trying to use a rolled piece of paper to hammer a 4 inch steel nail into a concrete wall while blindfolded, with both arms tied behind your back and with the actual nail & said piece of rolled paper located in Texas while you are snugly situated inside a collapsed ice-cave in the Himalayas with only 6 hours of air left, while you are getting overly stressed because you can hear your best friend gulping copious amounts of air.

The drawback of putting it in the GAC, of course, is that it does not get shadowed and thus you cannot overwrite the DLL w/o restarting the SharePoint app-domain. Better the devil I know…

Comments (4)

  1. Assuming the assembly is strong named, open the AssemblyInfo.cs file and add the attribute [assembly: System.Security.AllowPartiallyTrustedCallers()]. Of course you may need to up the trust level in web.config depending on what you are doing.

  2. I should have mentioned this in the previous post but adding AllowPartiallyTrustedCallers to AssemblyInfo.cs will allow you to deploy your web parts to the bin directory.

  3. Shahar says:

    Thanks for the information Steve. One thing to keep in mind though.

    I am no security expert by any stretch of the imagination.. However, APTCAs are considered (at least here in MS) to be dangerous beasts. We have a whole process in place one needs to go through for releasing assemblies with that specific attribute applied.

    The idea is that if something is somehow wrong with your assembly (security wise), it will be possible for hackers who gain untrusted execution rights on your machine to use that assembly to cause harm (as opposed for when something is in the GAC, at full trust, and it would not be usable by such assemblies).

  4. Hey Shahar. Thanks for the information. It’s good to know. Wish there was a best practice document describing it. I know most SharePoint books mention using APTCA so you don’t have to deploy to the bin directory. Other solutions though are required to go to the GAC.