Security for SharePoint solutions

Visual Studio incorporates the following features to help enhance the security of SharePoint applications.

Safe control entries

Every SharePoint project item created in Visual Studio has a Safe Control Entries property that represents a safe controls collection. Its Safe subproperty enables you to specify the controls that you consider secure. For more information, see Provide package and deployment information in project items and Specifying Safe Web Parts.

AllowPartiallyTrustedCallers attribute

By default, only applications that are fully trusted by the runtime code access security (CAS) system can access a shared managed code assembly. Marking a fully trusted assembly with the AllowPartiallyTrustedCallers attribute allows partially trusted assemblies to access it.

The AllowPartiallyTrustedCallers attribute is added to any SharePoint solution that is not deployed to the system global assembly cache ( GAC ). This includes sandboxed solutions or solutions deployed to the SharePoint application Bin directory. For more information, see Version 1 Security Changes for the Microsoft .NET Framework and Deploying Web Parts in SharePoint Foundation.

Safe against script property

Script injection is the insertion of potentially malicious code into controls or Web pages. To help protect SharePoint 2010 sites against script injection, contributors cannot view or edit Web parts or their properties by default. This behavior is controlled by a SafeControl attribute called SafeAgainstScript. In Visual Studio, set this attribute in a project item's Safe Control Entries subproperty Safe Against Script. For more information, see Provide package and deployment information in project items and How to: Mark controls as safe controls.

Vista and Windows 7 User Account Control

Windows Vista and Windows 7 incorporate a security feature known as User Account Control (UAC). To develop SharePoint solutions in Visual Studio on Windows Vista and Windows 7 systems, UAC requires that you run Visual Studio as a system administrator. From the Start menu, open the shortcut menu for Visual Studio, and then choose Run as administrator.

To configure the Visual Studio shortcut to always run as administrator, open its shortcut menu, choose Properties, choose the Advanced button in the Properties dialog box, and then select the Run as administrator check box.

For more information, see Understanding and Configuring User Account Control in Windows Vista. and Windows 7 User Account Control.

SharePoint permissions considerations

To develop SharePoint solutions, you must have sufficient permissions to run and debug SharePoint solutions. Before you can test a SharePoint solution, take the following steps to ensure that you have the necessary permissions:

1. Add your user account as an Administrator on the system.

2. Add your user account as a Farm Administrator for the SharePoint server.

   1. In SharePoint 2010 Central Administration, choose the Manage the farm administrators group link.

   2. On the Farm Administrators page, choose the New menu option

3. Add your user account to the to the WSS_ADMIN_WPG group.

Additional security resources

For more information about security issues, see the following.

Visual Studio security

• Security and User Permissions

• Security in Native and .NET Framework Code

• Security in the .NET Framework

SharePoint security

• SharePoint Foundation Administration and Security

• SharePoint Security Resource Center

• Securing Web Parts in SharePoint Foundation

• Improving Web Application Security: Threats and Countermeasures

General security

• MSDN Security Development Lifecycle

• Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

Related content

• Develop SharePoint solutions