SHAREPOINTBlogs.com Mirror

SUGUK session

The SUGUK session (Tuesday 12th) went well! Hopefully everyone found the session informative, the feedback forms show very positive feedback (attendees: feel free to post your thoughts here ). If you missed the session it may be repeated (if there is demand) at future events. Thanks to all who attended, especially those who travelled a distance to listen to me, I hope you found it benificial and enjoyed our hospitality... For those who were after the deck, it's available here Posted to www.sharepointblogs...( read more ) Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

SUGUK Event on Feb 12th

The next midlands based SharePoint User Group Event will be on Feb 12th in Coventry... I am told the guest speaker is very good Sign up here: http://suguk.org/forums/thread/8064.aspx Posted to www.sharepointblogs.com/mattg by Matt Groves (SharePoint Blogger). Posted on SharePoint Blogs...( read more ) Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Using SPWeb.EnsureUser(loginName) to add a new SPUser to a web

It happens quite often that I have to write a piece of code to set user permissions on a SharePoint site. One of the challenges you encounter when doing so is that you need to have a valid SPUser object, that is known in the site collection to be able to do this. If you want to create a new subsite or web you can start out like this: // Open an existing site collection SPSite portalSite = new SPSite(" http://portal "); // Create a new subsite (web) SPWeb newWeb = portalSite.AllWebs.Add(" http://portal/newweb ", "My New WebSite", "This is my new web site", 1033, "STS#0", true, false); // Get the default roledefinitions known on the new web SPRoleDefinitionCollection roleDefinitions = newWeb.RoleDefinitions; // Get the roleassignments collections of the new web SPRoleAssignmentCollection roleAssignments = newWeb.RoleAssignments; Next you want to get an SPUser object, so you can give this person the right permissions on the site. Unfortunately there is no way of telling whether you can get this user from the site collection. If the user is known on the site collection there are three ways to get it: SPUserCollection users = portalSite.RootWeb.AllUsers; The description in the SDK for this function is: "Gets the collection of user objects that represents all users who are either members of the site or who have browsed to the site as authenticated members of a domain group in the site." This means that if you have a site collection...

Paul Gavin on Security Pitfalls

Paul has created a very useful article on Security Pitfalls, including information on Security Fundamentals. Having crashed and burned on a couple of the pitfalls, I’d say this one is definitely worth a read and bookmark. Here’s a quote: “SharePoint Read More......( read more ) Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Edit Sharepoint security in C# -- "The security validation for this page is invalid"

I recently had my fair share of trouble when trying to edit the security of a web site through code. Every time I executed the code, some error came up. Most of the time, it was either "Access Denied" or "The security validation for this page is invalid". Pretty annoying stuff I thought, and searching the web didn't really help all that much ... I ran the code using RunWithElevatedPrivileges, but that didn't help much. Neither did the SPWeb.AllowUnsafeUpdates property. After searching for a REALLY long time, I found the answer in a blog's comment: ( http://spiderwool.blogspot.com/2006/07/security-validation-for-this-page-is.html ) SPSite.WebApplication.FormDigestSettings.Enabled = false Finally I had found the solution. However, after redeploying the code on a new web application, I suddenly got an Access Denied error when trying to set this property. After some searching I found out this was due to the fact I set the application pool to run as Network Service in stead of an administrative account. This did fix my problem, however I did not really found out the actual source of the issue ... So, taking all this into account, here is an example of how to set a web's security through code: public void EditSecurity() { SPSecurity .RunWithElevatedPrivileges( delegate () { using ( SPSite site = new SPSite (url)) { using ( SPWeb web = site.OpenWeb()) { SPWebApplication webApp = web.Site.WebApplication; webApp.FormDigestSettings.Enabled = false ; web...

Setting item level security in an eventhandler

Last week I was building a solution for a customer that involved setting item level security on a document in a document library the moment it is added to the document library. I'm not a big fan of item level security, because it can create chaos from a maintenance perspective, but sometimes it's simply the best, or even the only solution. I started out be creating the feature that will contain the eventhandler. The Feature.xml is very straightforward: <Feature Scope="Web" Title="Set Security Eventhandler" Id="7B2CB0DC-8F27-4252-A4F2-89729DF9331B" xmlns=" http://schemas.microsoft.com/sharepoint/ "> <ElementManifests> <ElementManifest Location="Elements.xml"/> </ElementManifests> </Feature> The Elements.xml looks like this: <Elements xmlns=" http://schemas.microsoft.com/sharepoint/ "> <Receivers ListTemplateId="101"> <Receiver> <Name>AddedEventHandler</Name> <Type>ItemAdded</Type> <SequenceNumber>10000</SequenceNumber> <Assembly>Macaw.Custom.Moss2007.Portal.Business.Components, Version=1.0.0.0, Culture=neutral, PublicKeyToken=6bdc41c2016ac3e3</Assembly> <Class>Macaw.Custom.Moss2007.Portal.Business.Components.SetSecurityEventHandler</Class> <Data></Data> <Filter></Filter> </Receiver> </Receivers> </Elements> So you can see that I created an eventhandler that...

Great Power: Giving Users All the Rope They Need

If I had to name just one thing that impresses the heck out of me about SharePoint, I'd go with the power that SharePoint grants to the end users who manage sites. Sure, publishing, document versioning, the SharePoint object model and so many other features are pretty cool, but what you can do as a site admin or site collection admin is pretty dang impressive. You have the ability to control just about every aspect of your site, from who uses it to what goes into it. You are able to manage all of it from your web browser without any additional tools. And you don't have to be an experience IT professional to be able to do it. In fact, this is so apparent in the current version of SharePoint that Microsoft changed their security model for sites to fully embrace this approach. In WSS v2 and SPS 2003 if you were a SharePoint Admin (someone who had administrative rights to the servers hosting SharePoint and all its administrative resources, such as User Profiles, Search, etc); you had the keys to the castle. You could access any site and make any changes to it you felt like, and no one could stop you. It was definitely an all or nothing proposition; your SharePoint admins could go to any site (such as an executive-only site) and view its contents. All in all, it was quite exhilarating Now in WSS v3 and MOSS 2007, as Lee Corso likes to say, "Not so fast my friend!" SharePoint administrators no longer have default access to your site. Each site collection can have a...

SharePoint 2007 Security Hole?

Get this. Problem User has access to management folder. Setups up alert. Management folder gets locked down and user is removed from all access to content. User gets notification of changes to management folder and can still access modified data. Will someone please test this on their system. Posted on SharePoint Blogs Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

ForeFront Security Blog Launched, when?

Okay maybe I haven’t had a chance to follow ForeFront Security blogosphere as much as SharePoint, but I just noticed that they now have their own blog. Check them out at ForeFront Team Blog. They have had their blog since early September 2007. If Read More......( read more ) Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Create Workflow Feature to Copy Content to New List

This post is part of a two step tutorial that walks through the process of creating a custom workflow to copy abstract or summary text of a list item into a separate list. This could be used when the list item needs to be returned in security-trimmed search results where a user may not be authenticated or may not have permission to the original content list item. After creating the workflow, it will be deployed to MOSS using a feature. Pre-Requisite Installs 1. Install .NET 3.0 (this comes with WSS...( read more ) Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

MOSS 2007 profile import using BDC with Single Sing-On: Permissions

If you want to extend your profiles with data not only coming from an LDAP source, but also from the BDC you have to be aware of some permission settings in order to prevent you from a severe headache. And even more when you connect to your external data source using the Single Sign-On service. Configuring the import's custom datasource is pretty easy, so I won't get into this. But now comes what is not so obvious: How to set the permissions to make this work Make sure you know the account on which the profiles are crawled. This is ususally the default content access account specified for the search (you cannot specifiy a special useraccount for the BDC custom datasource! This account must be member of the group you've specified in the Single Sign-On settings page for the SSO application that is used in the BDC instance of your application definition. Also, this account must have "Execute" rights on the BDC, the application and don't forget the instance itself! (I'm not so sure here, but there are these 3 levels of permission - instance is needed in any case!) Make sure that this account hase the "Manage Audiences" right in "Personalization services permissions". Uff... that's all. Now it should work. Happy trying Posted on SharePoint Blogs Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Using caspol.exe to add assemblies to full trust assembly list

Code Access Security Policy Tool (Caspol.exe) can be used to modify security policy for different policy levels. You can use it to add an assembly to the full trust assembly list for a specific policy level. Security exception is common when you try to run your application from a network share. See following article for more details: http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx You also get stuck sometimes when you try to deploy your application to a local folder. See following article...( read more ) Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Sharepoint cannot authenticate to ISA Server

This gave and gives me a hard time! Imagine MOSS 2007 running in a corporate intranet. Your requirement is to connect to datasources on the internet. There are various scenarios, the most common are to Consume RSS Feeds using the RSSFeed webpart Consume a WebService or Server-Side Script using the SharePoint Designer DataView Webpart When using the DataView WebPart, you'll get the following error message when trying to show the data from the internet source: “The server returned a non-specific error when trying to get data from the data source. …” When connecting using the RSSFeed Webpart, the error message will be even less saying... OK, what can we do? Make sure that you've set the proxy in the web.config of your SharePoint Site Collection, as documented by Microsoft here: http://support.microsoft.com/kb/923173 However, this might still not do the trick! The DataView WebPart still shows the same error message. However, the RSSFeed Webpart is this time a little bit more specific: “ProxyAuthenticationRequired (The ISA Server requires authorization to fulfill the request…)" So wat is the problem? It seems (and some other bloggers mentioned this explicitely) that SharePoint doesn not authenticate itself towards the ISA Server! The only solution to this problem is to allow requests from all the IP addresses of all SharePoint WFE Servers to pass through ISA! (wheew, I hear your customers start to question you louder than normal - at least this is what happened here ;...

Automatically setting custom permissions on new sites

This is the third and final article in a series of three, where I demonstrate how how to perform custom processing in the site creation process. See 'Article series - custom permissions with a site definition' for the full run down on the article Read More......( read more ) Read More... Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks