I have a MVC5 application, which uses the n-layer pattern.
On my website I have a search engine which allows the user to search for companies matching the query string.
The list of retreived companies is filtered depending on the role of the user.
What is the best way to manage this in data access? I mean how can I get the user role in my data access? Do you think that is a bad idea to reference the current user in the data access layer?
Thanks in advance.
Related
I have a layered application of invoices management, the presentation layer is a asp.net mvc 4 project,i use entity framework for database access. the invoices are stored in oracle database. and i want to apply LDAP authentication on that application,i haven't any idea, i want from you to guide me ,please, to implement an authorization so that:
the user that have role admin can view/ create/ edit/delete all
invoices.
and the other authenticated users, every one, can only view /create
/edit/ delete the invoices that belong of its Department or
subordinated Departments of its Department.
any help? i would appreciate that.
I am building a WebApi project where we have to go beyond the simple role authorization.
Basically, the user logged in should only view the data he / she has created. Data could be images, posts, documents and more.
I had a look at claims from WIF, but i dont seem to understand how i can used them to implement this sort of authorization. All implementations I have seen almost exclusively focus on action authorizations and do not touch the data access part.
I have the feeling that this is a common problem for all APIs out there.
How can I go about doing this?
It is actually very simple
Find out the Logged-in user (get the user Principal attached to the request/thread)
Use the User's ID to filter any data requests your API is making (pass the user ID as a parameter to your data queries
How can we take the user's details from active directory in SharePoint 2010. I have one requirement, which has the functionality to send the mail to all the users who are listed in particular column in share point list. These column has the type of Single line of text (displaying display-name of the User). I need to retrieve each users information from AD by passing this display name without adding any LDAP connection string anywhere. Is it possible? if it possible, please help me to sort out this issue.
In my opinion the best way to achieve this is to use User Profile Synchronization. First you will need to configure user profile synchronization with AD. Then you can use SharePoint API (UserProfileManager class of server object model) to access user properties imported from AD.
I want to understand how best tables should be designed to map Active Directory (AD) user groups.
I am implementing an asp.net application in which users will log in and execute actions or view pages.
I want to add permissions i.e. user can add a record, user can delete other users from system, user can view a webpage into SQL Server database.
My aim is to create AD user groups and map permissions for the user groups in the database but, I want to understand how to use parent-child structure of AD in my database such that if we have a user group that has access to perform permissions such as add record and delete record and if another user group inherits this user group but restricts access to delete a record then we would want to not allow the child user group to delete a record but it should allow adding of the record.
How should this be mapped?
thanks. Any help points are appreciated.
I would strongly suggest looking at a technology such as MS Authorization Manager (AzMan), which will provide this functionality for you. It can use a database to hold the security configuration, or XML, or Active Directory itself.
I've an InfoPath form that the filler needs to specify people. A workflow later assigns tasks to these people. What I'm looking for is a people picker like what SharePoint has for user fields, but that I can use in InfoPath. I've already designed a form to do this where the filler can put in a name or email and the form will list results from the site.allusers group.
The problem is, what if the person that needs to be added into the form has never accessed this particular site collection before. Their account isn't going to be listed in the AllUsers list.
Where in the object model can I search for a user that is able to authenticate with SharePoint?
Why not just use the OTB one in InfoPath and configure it to point to your SharePoint environment?
http://www.sharepointassist.com/2009/02/27/adding-a-contact-selectorpeople-picker-to-an-infopath-form/
If your running MOSS with AD integration, then it should automatically retrieve everyone that's in your domain if AD synch is enabled.
I think that the problem here is that even if you do find a list of users, the workflows won't trigger any actions if the users don't exist in the User Information List.
If the users don't exist in the User Information List, then you won't be able to find them via the SharePoint object model because they don't exist in SharePoint. You will have to find them some other way.
So basically, it depends on how the authentication is configured on your SharePoint server :
If you are using FBA, then the users who can authenticate with SharePoint must exist in a SQL database somewhere. Membership.Provider will give you a hook on your FBA membership provider (whether it's a SqlMembershipProvider or something else). You can then use methods like
Membership.Provider.GetUser(username)
to see if a user exists. You can also loop through your users or find all the existing usernames which you could then display in your people picker.
If you are using windows authentication, you will have to look in your AD to find the potential users. The DirectoryEntry object is what you'll need. I imagine that only users from a certain AD group can access SharePoint? If so, then isolate that group with the DirectoryEntry object, loop through the users and you will have your data source for the people picker.
As I said above though, either method will give you the possible users, but it won't make the workflow work if the users have not logged in. Workflows will only work properly with users that do exist in the User Information List.
When someone picks a user that doesn't exist in SharePoint, you will probably have to create it via code. A safe way to do this is with the SPWeb.EnsureUser.
Checks whether the specified login
name belongs to a valid user of the
Web site, and if the login name does
not already exist, adds it to the Web
site.site.
So really, to answer your question, nowhere. You need to look for them where they could be coming from.