Web part dll in Gac or bin using sharepoint 2007

Question

What is best practice, in sharepoint 2007 web part deployment. Deploying the dll's to GAC or bin?

Answer 1

As usual with best practices, it depends on your situation. Putting the dll's into the GAC means that they must be strong named, and will get full trust. This makes it nice and simple to deploy, but there will be no Code Access Security (CAS) checks on the code at all, it will be fully trusted. Assemblies in the GAC can also be re-used on other sites on the server without the need to deploy multiple copies.

Deploying to bin means that you need to understand the CAS requirements for your webpart, and if you need to do something that is not allowed in the trust level set in web.config, you need to either elevate the trust level to full trust (not recommended), or create a custom trust level with the appropriate configuration. More details on this can be found here: http://msdn.microsoft.com/en-us/library/cc768613.aspx

Back to the question, for intranet sites, where there are no external access to the site, and the data the web part is working with is not sensitive (salaries for example), I would deploy to the GAC, in order to keep things simple.

For an application that will be accessible from the web, or an internal applicaiton handling sensitive data, I would generally go with bin deployment for security reasons.