GAC or bin directory
GAC or bin directory
Question
-
Hi all,
I developped a c# class and I want to use it in my solution package. In the manifest.xml I tried the two solutions:- <Assembly DeploymentTarget="GlobalAssemblyCache" Location="MyCompiledClass.dll"> -> added MyCompiledClass as assembly to GAC
- <Assembly DeploymentTarget=" WebApplication" Location="MyCompiledClass.dll"> -> added MyCompiledClass.dll to bin directory
Thank you for your help. Rafaa.Thursday, August 13, 2009 3:37 PM
Answers
-
Hi,
Assemblies deployed to the GAC have full trust, while the assemblies deployed to the bin folder runs with the trust level specified for the web application (standard or custom CAS policy).
Assemblies deployed to the GAC available to all of the web applications, while while the assemblies deployed to the bin folder are local to the given web application.
I don't think there is considerably difference in the performance.
Peter- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 3:40 PM![Avatar of Peter Holpar, MVP]()
Peter Holpar, MVP![Avatar of Peter Holpar, MVP]( "Go to Peter Holpar, MVP's profile")
12,260PointsTop 0.5Peter Holpar, MVP MCC, Partner, MVP Joined Jan 2007 1
5
14
adesso Austria GmbH(MCC, Partner, MVP)12,260 Points
-
Hi,
If you deploy to bin (and reference it from your SP project), it will be only visible to your SP project. If you deploy to GAC, it would be visible to 'all' on the server.
Example: If you code a SharePoint timer job, it should be deployed to GAC, not bin, because SharePoint timer service runs outside your SP application. Hence, it needs to 'globally' (as in Global Assembly Cache) access your assembly.
Regards, Hristo Yankov
My blog - http://blog.myitechnology.com
(Was my post helpful? If so, please indicate)- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 3:41 PM![Avatar of Hristo Yankov]()
Hristo Yankov![Avatar of Hristo Yankov]( "Go to Hristo Yankov's profile")
850PointsTop 5Hristo Yankov Partner Joined Jul 2009 1
10
BulPros Consulting(Partner)850 Points
-
Hi,
These links may help you to understand the difference: Microsoft Windows SharePoint Services and Code Access Security http://msdn.microsoft.com/en-us/library/dd583158(office.11).aspx Deploying Assemblies to BIN Versus GAC http://www.elumenotion.com/Blog/Lists/Posts/Post.aspx?ID=22 Deploy dlls to the webApplications bin rather than GAC http://panvega.wordpress.com/2008/05/14/deploy-dlls-to-the-webapplications-bin-rather-than-gac/
Peter- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 3:43 PM![Avatar of Peter Holpar, MVP]()
Peter Holpar, MVP![Avatar of Peter Holpar, MVP]( "Go to Peter Holpar, MVP's profile")
12,260PointsTop 0.5Peter Holpar, MVP MCC, Partner, MVP Joined Jan 2007 1
5
14
adesso Austria GmbH(MCC, Partner, MVP)12,260 Points
-
Hi,
As Hristo wrote, there are special assemblies that should be deployed to GAC. He mentioned custom timer job implementation, but more common sample may be event receiver assemblies.
Otherwise, deploying assemblies to the bin folder, and having a custom CAS policy is the "official" way, although I think it is more typical to configure full trust or deploy to GAC, as CAS is really not trivial to use correctly.
Peter- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 3:47 PM![Avatar of Peter Holpar, MVP]()
Peter Holpar, MVP![Avatar of Peter Holpar, MVP]( "Go to Peter Holpar, MVP's profile")
12,260PointsTop 0.5Peter Holpar, MVP MCC, Partner, MVP Joined Jan 2007 1
5
14
adesso Austria GmbH(MCC, Partner, MVP)12,260 Points
-
Code Access Security may be a pain but its the recommended approach to deploy custom webparts, user controls and custom server controls in the bin folder and is required to elevate the trusted rights for those particular assemblies to perform specific actions (such as ADO.NET or web services interaction). If you allow full trust you will be allowing any assembly deployed to your environment to run unrestricted.
If you use WSPBuilder to create your WSPs then this helps you creating the CAS policy http://wspbuilder.codeplex.com/Thread/View.aspx?ThreadId=24555
My SharePoint Blog - http://www.davehunter.co.uk/blog- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 4:11 PM![Avatar of Dave Hunter]()
Dave Hunter![Avatar of Dave Hunter]( "Go to Dave Hunter's profile")
20,465PointsTop 0.5Dave Hunter Partner Joined Aug 2007 1
4
11
Portaltech Consulting Li...(Partner)20,465 Points
-
Great question. 1.) Deploying a DLL to the bin directory means that whatever features your solution included will only be available for the particular web application you deployed it to, since by definition you only deployed it to a particular web application. If you deploy a dll to the GAC, it's available for all your web applications to use. 2.) The bigger difference is in regards to security. Any dll deployed to the GAC operates with full rights to do anything, essentially. DLLs in the bin directory operate with minimal permissions. Putting a dll in the bin directory is more secure, but there are times when you might have to explicitly grant your code permission to do various things. We refer to this concept as "Code Access Security" or CAS. Take a look at this article on MSDN: http://msdn.microsoft.com/en-us/library/dd583158(office.11).aspx. It was written for SharePoint 2003 but applies to 2007 as well.
Visit my blog at blog.beckybertram.com or follow me on Twitter: @beckybertram- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 5:36 PM
-
Since a web part could do virtually anything, there's always the risk that someone could come along and try to insert inline code into a web part or do something similar. By forcing this setting in the web.config it ensures that any code that runs in a web part was explicitly authorized by the administrator of the site.
If you deploy a solution package, you don't need to manually edit the web.config; as you probably already know, you can add a <SafeControls> setting to the Manifest.xml file and SharePoint will add that line of code for you.
Visit my blog at blog.beckybertram.com or follow me on Twitter: @beckybertram- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 5:40 PM
-
As Becky said above SharePoint has a safe mode processing which enables only code that is marked as safe by the SharePoint administrator (by editing the web.config or modification via WSP deployment) to execute in the SharePoint run time.
My SharePoint Blog - http://www.davehunter.co.uk/blog- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 5:44 PM![Avatar of Dave Hunter]()
Dave Hunter![Avatar of Dave Hunter]( "Go to Dave Hunter's profile")
20,465PointsTop 0.5Dave Hunter Partner Joined Aug 2007 1
4
11
Portaltech Consulting Li...(Partner)20,465 Points
All replies
-
Hi,
Assemblies deployed to the GAC have full trust, while the assemblies deployed to the bin folder runs with the trust level specified for the web application (standard or custom CAS policy).
Assemblies deployed to the GAC available to all of the web applications, while while the assemblies deployed to the bin folder are local to the given web application.
I don't think there is considerably difference in the performance.
Peter- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 3:40 PM![Avatar of Peter Holpar, MVP]()
Peter Holpar, MVP![Avatar of Peter Holpar, MVP]( "Go to Peter Holpar, MVP's profile")
12,260PointsTop 0.5Peter Holpar, MVP MCC, Partner, MVP Joined Jan 2007 1
5
14
adesso Austria GmbH(MCC, Partner, MVP)12,260 Points
-
Hi,
If you deploy to bin (and reference it from your SP project), it will be only visible to your SP project. If you deploy to GAC, it would be visible to 'all' on the server.
Example: If you code a SharePoint timer job, it should be deployed to GAC, not bin, because SharePoint timer service runs outside your SP application. Hence, it needs to 'globally' (as in Global Assembly Cache) access your assembly.
Regards, Hristo Yankov
My blog - http://blog.myitechnology.com
(Was my post helpful? If so, please indicate)- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 3:41 PM![Avatar of Hristo Yankov]()
Hristo Yankov![Avatar of Hristo Yankov]( "Go to Hristo Yankov's profile")
850PointsTop 5Hristo Yankov Partner Joined Jul 2009 1
10
BulPros Consulting(Partner)850 Points
-
Hi,
These links may help you to understand the difference: Microsoft Windows SharePoint Services and Code Access Security http://msdn.microsoft.com/en-us/library/dd583158(office.11).aspx Deploying Assemblies to BIN Versus GAC http://www.elumenotion.com/Blog/Lists/Posts/Post.aspx?ID=22 Deploy dlls to the webApplications bin rather than GAC http://panvega.wordpress.com/2008/05/14/deploy-dlls-to-the-webapplications-bin-rather-than-gac/
Peter- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 3:43 PM![Avatar of Peter Holpar, MVP]()
Peter Holpar, MVP![Avatar of Peter Holpar, MVP]( "Go to Peter Holpar, MVP's profile")
12,260PointsTop 0.5Peter Holpar, MVP MCC, Partner, MVP Joined Jan 2007 1
5
14
adesso Austria GmbH(MCC, Partner, MVP)12,260 Points
-
Hi,
As Hristo wrote, there are special assemblies that should be deployed to GAC. He mentioned custom timer job implementation, but more common sample may be event receiver assemblies.
Otherwise, deploying assemblies to the bin folder, and having a custom CAS policy is the "official" way, although I think it is more typical to configure full trust or deploy to GAC, as CAS is really not trivial to use correctly.
Peter- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 3:47 PM![Avatar of Peter Holpar, MVP]()
Peter Holpar, MVP![Avatar of Peter Holpar, MVP]( "Go to Peter Holpar, MVP's profile")
12,260PointsTop 0.5Peter Holpar, MVP MCC, Partner, MVP Joined Jan 2007 1
5
14
adesso Austria GmbH(MCC, Partner, MVP)12,260 Points
-
Code Access Security may be a pain but its the recommended approach to deploy custom webparts, user controls and custom server controls in the bin folder and is required to elevate the trusted rights for those particular assemblies to perform specific actions (such as ADO.NET or web services interaction). If you allow full trust you will be allowing any assembly deployed to your environment to run unrestricted.
If you use WSPBuilder to create your WSPs then this helps you creating the CAS policy http://wspbuilder.codeplex.com/Thread/View.aspx?ThreadId=24555
My SharePoint Blog - http://www.davehunter.co.uk/blog- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 4:11 PM![Avatar of Dave Hunter]()
Dave Hunter![Avatar of Dave Hunter]( "Go to Dave Hunter's profile")
20,465PointsTop 0.5Dave Hunter Partner Joined Aug 2007 1
4
11
Portaltech Consulting Li...(Partner)20,465 Points
-
Thank you very much for all of you, just one more question: why do we need to add a safe control into the web.config <SafeControls> <SafeControl Assembly="MyCompiledClass, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9c7aad7f231506d9" Namespace="MyCompiledClass" TypeName="*" Safe="True" /> </SafeControls>Thursday, August 13, 2009 5:20 PM
-
Great question. 1.) Deploying a DLL to the bin directory means that whatever features your solution included will only be available for the particular web application you deployed it to, since by definition you only deployed it to a particular web application. If you deploy a dll to the GAC, it's available for all your web applications to use. 2.) The bigger difference is in regards to security. Any dll deployed to the GAC operates with full rights to do anything, essentially. DLLs in the bin directory operate with minimal permissions. Putting a dll in the bin directory is more secure, but there are times when you might have to explicitly grant your code permission to do various things. We refer to this concept as "Code Access Security" or CAS. Take a look at this article on MSDN: http://msdn.microsoft.com/en-us/library/dd583158(office.11).aspx. It was written for SharePoint 2003 but applies to 2007 as well.
Visit my blog at blog.beckybertram.com or follow me on Twitter: @beckybertram- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 5:36 PM
-
Since a web part could do virtually anything, there's always the risk that someone could come along and try to insert inline code into a web part or do something similar. By forcing this setting in the web.config it ensures that any code that runs in a web part was explicitly authorized by the administrator of the site.
If you deploy a solution package, you don't need to manually edit the web.config; as you probably already know, you can add a <SafeControls> setting to the Manifest.xml file and SharePoint will add that line of code for you.
Visit my blog at blog.beckybertram.com or follow me on Twitter: @beckybertram- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 5:40 PM
-
As Becky said above SharePoint has a safe mode processing which enables only code that is marked as safe by the SharePoint administrator (by editing the web.config or modification via WSP deployment) to execute in the SharePoint run time.
My SharePoint Blog - http://www.davehunter.co.uk/blog- Marked as answer by Chengyi Wu Monday, August 17, 2009 1:42 AM
Thursday, August 13, 2009 5:44 PM![Avatar of Dave Hunter]()
Dave Hunter![Avatar of Dave Hunter]( "Go to Dave Hunter's profile")
20,465PointsTop 0.5Dave Hunter Partner Joined Aug 2007 1
4
11
Portaltech Consulting Li...(Partner)20,465 Points
浙公网安备 33010602011771号