I'm building a business app where read and write access permissions are important.
The project is a Provider hosted MVC 5 / SharePoint app built in Visual Studio 2012.
Johnny needs to be able to Read and Write content on SharePoint App A AND SharePoint App B
Dave needs to only be able to Read content on SharePoint App A
I've looked over a lot of documentation including this tutorial:
http://www.itunity.com/article/sharepoint-permissions-manage-access-sql-data-709
The problem is if I give Dave Read access at the site level he is allowed to access SharePoint App A but also SharePoint App B.
How do I effectively use SharePoint permissions to stop this unintended behaviour?
Should I even be using SharePoint permissions?
2nd example:
I am building an app for project management, there will be an Engineer who is able to create, read and edit projects, there is also an Accountant who views the projects billables.
If I give Read permissions to Engineer and Read permissions to Accountant, how do I know which can view the project details and which can view the project's billables?
I read the article you linked to, and I am not sure that this is "authorization", the right word is "authentication", in sharepoint you set what a user can do, authorization means- which data user can read or write
so a simple solution for you is creating Group in sharepoint, for any authorization type you have, for example, a group called "Engineer", and gives it the permissions you need, your engineers will be members in this group.
in your MVC attribute, accept the group as parameter and check if user is member in this group, show the user the relevant data according to its group
public SharePointPermissionsAuthorizationAttribute( params string group) { _groups = groups; }
[SharePointEffectivePermissionsFilter("Engineer"]
public ActionResult Index() { ... } }
Related
We are Using content search query Webpart to preview site content on SharePoint and when we prevent access to _VTI_BIN for security reason we run the search crawler a new contents doesn't show up in the search query web part.
Prevent _vti_bin folder access is not supported in SharePoint, as SharePoint needs to make calls to this folder eg ListData.svc web service, you should contact with your security coworker to specify this point, here is a similiar question for your reference:
Restricting access to contents in “_vti_bin” for both authenticated as well as anonymous users
Some new fields were create in Dynamics CRM.
Now need to push some data to those new fields from asp.net website.
Need to add those new fields to:
[assembly: Microsoft.Xrm.Sdk.Client.ProxyTypesAssemblyAttribute()]
namespace Xrm
how should this be done? I read that these is a tool that generates this class file (CrmSvcUtil.exe).
But I do not understand how this would work.
Is this something that need to be done through Dynamics CRM admin?
Please advise.
Thanks
This should be done by user which has System Administrator or System Customizer, because this user has to have access to all entities metadata.
Basically you should start with downloading CRM SDK, for your version of CRM. For example the latest SDK can be found here:
https://www.microsoft.com/en-us/download/details.aspx?id=50032
Install the SDK and go to the bin folder inside the folder where you installed it. There you can find crmsvcutil.exe. This tool is something like svcutil.exe - it simply generates proxy classes using CRM metadata service. So instead of referring to Account entity like that:
var account = new Entity("account")
you can simply do:
var account = new Account();
and you will have all the properties that account in your system has.
In order to generate this classes just run crmsvcutil.exe using windows command line with proper credentials (it's very well documented if you run it without any parameters). example usage would be:
crmsvcutil /url:https://orgname.api.crm4.dynamics.com/XRMServices/2011/Organization.svc /u:user#orgname.onmicrosoft.com /p:password /serviceContextName:XrmServiceContext /out:Proxies.cs /n:Xrm
this would generate file Proxies.cs, containing namespace Xrm (the one you have posted in your question) with all the entities and fields. Of course the parameters may vary based on what type of organization you are connecting to. If you have problems with specifying proper values then simply put /il as last command line parameter - it will open an interactive login form, that would make it simpler for you to pass proper connection data.
From a client application, I need to check if a given user has permissions on a given document library using Client object Model.
I want something equivalent of the following Server object function
spList.DoesUserHavePermissions(SPBasePermissions.EditListItems);
spList.DoesUserHavePermissions(SPBasePermissions.ManageLists);
spList.DoesUserHavePermissions(SPBasePermissions.AddListItems);
spList.DoesUserHavePermissions(SPBasePermissions.AddListItems)
Thank you !
I found a solution mentioned in this Blog for listItems permissions, and it worked fine for list.
the solution is as follow:
private static bool DoesUserHasPermission(ClientContext context, List list, PermissionKind permissionKind)
{
context.Load(list, t => t.EffectiveBasePermissions);
context.ExecuteQuery();
return list.EffectiveBasePermissions.Has(permissionKind);
}
From a client application the best approach would be use SharePoint web service. Sharepoint contains a lot of services that are usable for remote development by third-party developers.
In your case, I recommend use SharePoint Permission web service (http:///_vti_bin/permissions.asmx).
You could query Sharepoint about items permissions. Here is a step-by-step tutorial : http://jamestsai.net/Blog/post/Understand-SharePoint-Permissions-Part-2-Check-SharePoint-usergroup-permissions-with-Permissions-web-service-and-JavaScript.aspx
I am building a web application in which there will be a core library and database that is shared by many instances. To give a more concrete example lets say I have a blogging engine and users can sign up to their own blog which will act independently of the others on the system.
Each instance must have their own subdomain eg: http://john.extremeblogging.tld/ and also have the option to have their own domain mapped to it eg: http://jonnyblogger.tld/
The problem I have is not knowing how to notify IIS 7.5 what to do when requests come in from either of those domains. Is it as simple as setting this web application to the default site within IIS and the application can use the request headers to take the appropriate action?
It strikes me that this should be a pretty common task so I don't anticipate this to be too difficult to solve but at the moment I am not sure how to approach it.
Any guidance is appreciated.
Thanks
id
Its been very long this question was asked, but still answering it so it might be helpful to others in need.
I happened to work on a big SaaS based multi-tenant project which involved unique subdomains for each of the users site. User could design and manage the content on his own site.
On the registration of a tenant/user we can add domain binding with the IIS using C# following this link-
http://amitpatelit.com/2013/03/12/enter-iis-binding-entry-by-c-code/
Alongside we need to check the host name from the request headers and get the subdomain name to fetch the subdomain specific data and interface etc.
protected override void OnAuthorization(AuthorizationContext filter_context)
{
var url = Request.Headers["HOST"];
var index = url.IndexOf(".");
if(index > 0)
{
var sub = url.Split('.')[0];
FrontSiteData = CommonService.GetSiteData(sub);
}
}
Please let me know if you require more information.
Regards,
Manik
I am using SharePoint Server 2007 Enterprise with Windows Server 2008 Enterprise. I am publishing a portal template.
I want to develop a WebPart and make some settings configurable (just like we can configure parameters for a console application in app.config)
For example, authorized users could set parameters of WebPart in Edit Page (from browser based UI interface), then Select -> Modify WebPart properties, or edit parameters in SharePoint Designer.
The parameters would be application specific parameters.
How do I go about doing this?
You can make your properties on the webpart and add attributes like so....
[WebBrowsable(true),Category("Calendar Setup"),
WebDisplayName("Starting Date Column"),
WebDescription("column that contains item starting date"),
Personalizable(PersonalizationScope.Shared)]
public DateTime StartDate { get; set; }
You should check here for a full list and a good article on the subject.
Check and see of this helps
Writing custom editors for Sharepoint 2007 and ASP.NET 2.0 WebParts