A solution to Cannot Import this Web Part with missing SharePointPermission

After spending several hours of debugging, I finally found out what was causing SharePoint 2007 not being able to import my custom Web Part. Following error message was shown:

Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' failed.

There are a few ways to remediate this SharePoint error.

First thing is related to your custom assembly. It needs to be trusted.

  1. The first is to install the assembly into the GAC. It will then get full trust, but you have to install it in the GAC, strong name it, etc. I checked with the deployment engineer and it was confirmed that the
  2. The second option is to go into the web.config of your web application and add it to the trusted list.
  3. The third option is to drop the assembly in the C:\inetpub\wwwroot\wss\VirtualDirectories[port]_app_bin folder. This is set in the global SharePoint config to fully trust any assemblies in there.
  4. Additionally your TypeName and Namespace need to match. These are case sensitive. Be careful for spelling mistakes!

If neither of these work, the most common workaround/fix presented to check if the assembly is trusted, is to set the trust level to Full in the web.config of your Web Application.

When you are working in a big SharePoint farm however, most likely the above fixes (full trust and/or GAC) will not be allowed. You are developing a custom application, so custom changes do not need to be populated across the farm, unless it is really required of course.

The recommend approach is to come up with your own trust policy which will update the Minimal or Custom TrustLevel done by its Code Access Security (CAS) Policy WSS_Custom, which resides in the manifest.xml in the package.

In order for your entire custom assembly to be trusted, also your referenced assemblies need the right security levels.
Security levels need to be added to the manifest for the assemblies in the package that are deployed at BIN.

In my case, initially the security levels were defined as below. Most likely the below will work with trust level set to Full.

[code language=”xml”]
<PermissionSet class="NamedPermissionSet" version="1" Description="the description" Name="Name">
<IPermission class="SecurityPermission" version="1" Flags="Execution" />
<IPermission class="WebPartPermission" version="1" Connections="True" />
<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
<IPermission class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" version="1" ObjectModel="True" />
</PermissionSet>
[/code]

By default, AspNethOstingPermission is needed for enabling the Web Part on a Page. SecurityPermission needs the flag set to Execution only.

Eventually the security levels that were required were the following:

[code language=”xml”]
<PermissionSet class="NamedPermissionSet" version="1" Description="the description" Name="Name">
<IPermission class="SecurityPermission" version="1" Flags="Execution" />
<IPermission class="SharePointPermission" version="1" ObjectModel="True" />
<IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
<IPermission version="1" Unrestricted="True" class="Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
</PermissionSet>
[/code]

The bottomline is that for the SharePointPermission you need the ObjectModel set to True. Also, the Unrestricted needs to be set to True too. I was missing this. The WebPartPermission class is not required in order to import the Web Part on a page.

Note also that when you updated the manifest you do not need to repopulate your Web Parts as there is no change to the Web Part code itself.

The Web Part can then be imported when you add it to the screen.

Leave a Reply

Your email address will not be published. Required fields are marked *