Home/ Questions/Q 749409
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T14:25:53+00:00

I’ve an ASCX control (WebParts aren’t used in this solution) which interrogates CRM 4’s

  • 0

I’ve an ASCX control (WebParts aren’t used in this solution) which interrogates CRM 4’s data via the API provided by Microsoft.Crm.Sdk and Microsoft.Crm.SdkTypeProxy.

The solution works until it’s deployed to Sharepoint.

Initially I received the following error:

[SecurityException: That assembly does not allow partially trusted callers.]
   MyApp.SharePoint.Web.Applications.MyAppUtilities.RefreshUserFromCrm(String login) +0
   MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +30
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111

Then I tried wrapping the calling code in the ASCX with SPSecurity.RunWithElevatedPrivileges:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
   // FBA user may not exist yet or require refreshing
   MyAppUtilities.RefreshUserFromCrm(txtUser.Text);
});

But this resulted in the following error (I’m thinking RunWithElevatedPrivileges isn’t for this sort of thing anyway, but someone suggested it):

[SecurityException: Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' failed.]
   MyApp.SharePoint.Web.Applications.MyApp_LoginForm.btnLogin_Click(Object sender, EventArgs e) +0
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111

When I elevate the trust level in the Sharepoint site to full everything works fine, however I need to come up with a solution that uses minimal trust (or a customised minimal trust). I’m also trying to stay clear of adding anything to the GAC. Any ideas?

I assume the issue is occuring when trying to call functionality from Microsoft.Crm.*.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would use the GAC.

    I understand where you are coming from. I tried to avoid using the GAC when I first started with SharePoint development. But it’s really the way to go.

    Add the following into the manifest.xml of your solution package:

    <Assemblies>
    <Assembly Location="MyApp.SharePoint.Web.Applications.dll" DeploymentTarget="GlobalAssemblyCache" />
</Assemblies>

    And then deploy your package using:

    stsadm.exe -o deploysolution -name MyApp.wsp -immediate -allowgacdeployment -force

    If you still want to stay out of the GAC, you can try adding the following to AssemblyInfo.cs:

    [assembly: AllowPartiallyTrustedCallers]

    But if you are then going to call DLLs (like Microsoft.Crm) and if those DLLs don’t allow Partially Trusted Callers, then you are stuck.

    In addition, if you haven’t already, you will probably need to create a custom policy file. It was the manual creation and registration of a custom policy file that granted privileges too broadly that finally convinced me to move to the GAC. Haven’t looked back since.

    • 0