Thursday, December 20, 2007

A Tool to Help with CAS Policies

When adding Code Access Security policies to a manifest file in a SharePoint feature, determining which permissions to apply can be a hit and miss affair. Add some permissions, activate the feature and read the SecurityException to get an idea of what else is needed.

But help is already on your development machine, in the guise of PERMCALC (official known as the "Minimum Grant Set Determination tool"), a visual studio command line tool that is run from the Visual Studio Command window.

This tool is run against one or more assemblies, and generates an XML file listing the "estimated" permissions that must be granted to access that assembly. It attempts to trace all code paths through the named assembly, and through the libraries called by the assembly. So even if it doesn't give a comprehensive view, it can be a useful check before you start debugging those CAS issues.

An overview of the tool is available on the Microsoft site..

No comments: