This documentation is archived and is not being maintained.

Security for SharePoint Solutions

Visual Studio incorporates the following features to help enhance the security of SharePoint applications.

Every SharePoint project item created in Visual Studio has a Safe Control Entries property that represents a safe controls collection. Its Safe subproperty enables you to specify the controls that you consider secure. For more information, see Providing Packaging and Deployment Information in Project Items and Specifying Safe Web Parts.

By default, only applications that are fully trusted by the runtime code access security (CAS) system can access a shared managed code assembly. Marking a fully trusted assembly with the AllowPartiallyTrustedCallers attribute allows partially trusted assemblies to access it.

The AllowPartiallyTrustedCallers attribute is added to any SharePoint solution that is not deployed to the system global assembly cache (GAC). This includes sandboxed solutions or solutions deployed to the SharePoint application Bin directory. For more information, see Version 1 Security Changes for the Microsoft .NET Framework and Deploying Web Parts in SharePoint Foundation.

Script injection is the insertion of potentially malicious code into controls or Web pages. To help protect SharePoint 2010 sites against script injection, contributors cannot view or edit Web parts or their properties by default. This behavior is controlled by a SafeControl attribute called SafeAgainstScript. In Visual Studio, set this attribute in a project item's Safe Control Entries subproperty Safe Against Script. For more information, see Providing Packaging and Deployment Information in Project Items and How to: Mark Controls as Safe Controls.

Windows Vista and Windows 7 incorporate a security feature known as User Account Control (UAC). To develop SharePoint solutions in Visual Studio on Windows Vista and Windows 7 systems, UAC requires that you run Visual Studio as a system administrator. Right-click the Visual Studio shortcut on the desktop and then click Run as administrator.

To configure the desktop shortcut to always run as administrator, right-click the shortcut, click Properties, click the Advanced button, and then select Run as administrator.

For more information, see Understanding and Configuring User Account Control in Windows Vista. and Windows 7 User Account Control.

To develop SharePoint solutions, you must have sufficient permissions to run and debug SharePoint solutions. Before you can test a SharePoint solution, take the following steps to ensure that you have the necessary permissions:

  1. Add your user account as an Administrator on the system.

  2. Add your user account as a Farm Administrator for the SharePoint server.

    1. In SharePoint Central Administration, click the Manage the farm administrators group link.

    2. On the Farm Administrators page, click the New button on the menu.

  3. Add your user account to the to the WSS_ADMIN_WPG group.