tea time with meowkins

I have been learning SharePoint from the ground up recently, and one of the hardest problems I have come across is deploying a custom Code Access Security (CAS) policy with my solution package. I'll explain the problem that I encountered, and how I solved it.

First, I started off with an extremely simple web part that did absolutely nothing. I created a solution package with no CAS policy in it, installed it on WSS, and deployed it to my test site. Everything worked just fine; I was able to view my web part in the gallery, and add it to web part pages.

Then I added a CodeAccessSecurity node to my solution manifest. In the policy, I gave my web part the SharePointPermission so that it could access the object model. The install went fine, but after the solution was deployed, I got "System.Security.Policy.PolicyException: Execution permission cannot be acquired." I was very confused because in my mind, my CAS policy should have been granting me an additional permission, not removing any permissions. Moreover, I was not even making any privileged calls, the web part was unchanged and did absolutely nothing.

After asking a lot of questions, reading a lot of articles, and then analyzing the changes in my trust configuration files, I finally discovered that when I added the custom CAS policy, it was granting the SharePointPermission, but it was only granting the SharePointPermission. I then added all of the minimum permissions needed to run the web part in the first place, and then everything worked fine.

So, when you create a custom CAS policy, be sure to include ALL of the permissions that you need, not just the additional permissions.

UPDATE: Below is an example of my CodeAccessSecurity node.  It's been a long time since I wrote this and things have changed, but basically I had to add the basic permissions, AspNetHostingPermission, SecurityPermission, and WebPartPermission.

  <CodeAccessSecurity>
    <PolicyItem>
  <PermissionSet class="NamedPermissionSet" version="1" Description="Permissions for ArrowWebParts">
    <IPermission class="AspNetHostingPermission" version="1" Level="Minimal" />
    <IPermission class="SecurityPermission" version="1" Flags="Execution" />
    <IPermission class="WebPartPermission" version="1" Connections="True" />
    <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="true" />
  </PermissionSet>
  <Assemblies>
    <Assembly Name="ArrowWebParts"/>
  </Assemblies>
    </PolicyItem>
  </CodeAccessSecurity>

Here is one of the best tips I've ever heard, "Drill down and figure out what the challenge really entails". I got this out of a white paper about Enterprise Content Management, but it applies to software engineering and really any problem. As the paper stated; when trying to make a decision people often become paralyzed by a fear of making a mistake. To avoid being a victim of this fear sit down and figure out what your problem entails and what needs to happen to solve the problem.

So how do you actually go about figuring out what a challenge entails? For this I go to Steve Maguire, author of Debugging The Development Process. As Steve suggests in his book, when you're working on a software problem you should begin by writing down your goals, and follow up by writing down the tasks that will solve those goals.

I used to think that writing down your goals wasn't that important – obviously, if you already knew your goals you shouldn't need to document them. What I learned is that writing down your goals helps reveal what you might have missed; it can also highlight the minimal requirements necessary for solving your problem. With that, you just need to decide on what steps you'll take to solve that problem – the tasks that need to be done to realize your goals

Writing your tasks takes only a fraction of the time you'll spend implementing your solution, and it streamlines the work you do to solve the problem. If you don't have a set of tasks to follow, then you will have to figure out over and over again what to do next. Without having written your goals and tasks down you'll worry that you're not working in the most efficient manner – paralysis again. Write your tasks down to fight paralysis with confidence!

One caveat – don't get stuck planning every little detail from the start, that just leads to more paralysis. Write the steps to get the first major part of the problem solved. Sometimes it helps to write some of the next major problem's tasks as well, just to make sure that you do the first part most efficiently. Then, just get going on that first chunk of the solution. This process works very well because you feel confident about what you are doing (which makes sense since you did plan this out), and you rapidly identify all the little details that also need to be taken care of.

Lori has debt collectors after her. She is often unable to pay her bills due to a lack of money. She is often unable to buy the things that she wants due to a lack of money. She is unable to move to a better house in a better neighborhood due to a lack of money. These are the financial problems that plague her.

What is the source of these problems? The problem in all of those cases is that she does not have enough money to pay the problem away. She can’t make the debt collectors stop calling unless she pays the debts. She can’t pay the debts because she doesn’t have any money. In all of the cases, if she had an infinite supply of money, the problem would not exist. If she paid all of her debts, no debt collectors would call. If she had money, she could pay her bills, buy the things she wanted, move to a better house in a better neighborhood. So why doesn’t she have any money?

Part of the reason that she doesn’t have any money is because she spends what little she gains on entertainment and pleasures. After doing so, she doesn’t have money left to pay her debts. If she paid her debts instead, and spent no money on entertainment and pleasures, after some period of time, she would have no debts and would be consistently paying her bills, unless of course her income is so low that this is mathematically impossible.

Another reason that she doesn’t have any money is because she has a low income. She does not have a job – her money comes in from government programs. She receives disability income, and she may be receiving some other income related to taking care of her grandson and related to her age. In any case, she receives a very small amount of income. It is possible that the income is so low that it is impossible for her to pay off her debts and pay her minimum bills. It is very likely that the income is low enough that if she paid her bills and debts, she would have absolutely no money left for pleasures.

She probably considers pleasures absolutely necessary for living. She probably considers her bills and debts absolutely necessary for living as well. The reason I believe this is because she puts herself into the painful situation of having debt collectors after her. She knows that will happen if she takes on these bills and fees, yet she takes them on. Even though she knows that she has to take on these bills and fees, she still pays for the pleasures in addition, which suggests that she believes that the pleasures are just as important as the bills. For Lori, all of these things are essential to living, without them she would die. This suggests that we cannot solve her problem by having her get rid of some of the bills or pleasures – she won’t do it.

So there is a set amount of money that she must have, based on these costs. There is also a set amount of money that she has based on her income. She has financial problems whenever her income is less than the amount she needs for her costs. We can solve this problem as long as we implement a system in which her income is never less than her costs.

One system would simply supply her with an unbounded supply of money. Given this unbounded supply of money, she would always have a larger income than cost. This is only feasable to a certain degree, and it may not be feasable at all depending on her psychological condition – that is, if she gains more money, she may feel compelled beyond control to increase her costs beyond the current income.

Another system would reduce the amount of her costs without reducing the items that produce the costs. This is not practically feasable.

Are there any other systems that could solve this problem? The augmented income system is almost feasable, but it is contingent upon her ability to maintain her cost level. I don’t think she will maintain her cost level though. Like a rock star, no matter how much money we throw at her, she will manage to remain in debt. So if we assume that this is the only system that could actually be implemented, then the problem becomes how to fix her psyche so that she does not feel compelled to increase her cost beyond her income. Under such conditions, we could specify a comfortable cost for her to live under, and augment her income so that she can afford it. Then she could be happy.

So, how do we fix Lori’s psyche so that she will be happy with a set cost of living that is manageable by a lower middle-class citizen? I suppose if there were a simple answer to the problem, the world would be a much different place – so is it an unsolvable problem then? I don’t know of a way to manipulate a person’s psyche directly. They have to make the decision themselves. All we can do is influence the person. If our means of persuasion are too oppressive, then they may follow our will, but they will be unhappy, and that simply transforms the problem (although maybe for the better).