System.Security.Permissions.FileIOPermission

From: Eric Phetteplace (eric.phetteplace_at_nextivr.com)
Date: 06/11/04


Date: Fri, 11 Jun 2004 10:20:24 -0400

Hello,

This seems to be a common question, but all the posts I see do not have a
clear answer.

Here's an excerpt of my WebPart code:
************
Imports System.IO

Dim oFS As FileStream
oFS = File.Open([PermPath], FileMode.Open)
If Err.Number > 0 Then ...
************
It compiles fine.

The only way I can get this to work is by modifying the web.config file
************
    <trust level="Full" originUrl="" />
************

EVERYTHING ELSE I TRIED DID NOT WORK, AS STATED BELOW:

I tried asserting permissions, but this seems undesirable, and it doesn't
work without trust level= "full"
I would hope the .Net security wouldn't allow coders to automatically bypass
security, as I think this is what happens here.
*******************
        Dim f As System.Security.Permissions.FileIOPermission

        f = New
System.Security.Permissions.FileIOPermission(Security.Permissions.Permission
State.Unrestricted)

        f.AddPathList(Security.Permissions.FileIOPermissionAccess.Read,
[PermPath])

        f.Assert()

*******************

I tried modifying the wss_mediumtrust.config policy file
removing the Flags attribute and adding the Unrestricted attribute (I'm
guessing this was the att name)
I believe this is undesirable too, since it opens a gaping security hole.
***********************

                            <IPermission
                                    class="SecurityPermission"
                                    version="1"
                                    Unrestricted = "true"
                            />

***********************

I saw another suggestion to use WPPackager and add the IPermission for the
web part package. That sounds like the proper way.

My questions are:

1. How do I allow my Web part to have file access, without setting the
trust level to "full?"
2. Is the WPPackager the proper way to grant file access to this individual
web part?

Thanks,

Eric