PANVEGA’s Blog

DotNet Development, SharePoint Customizing, Silverlight, MS Infrastructure and other tips and tricks

Posts Tagged ‘Security’

Dual Authentication Providers in SharePoint 2007

Posted by PANVEGA on March 17, 2009

In a production environment, I would opt to install both on to a machine even though it will be primarily Internet\Extranet facing, even if it is using the local directory services.  This gives a backdoor to managing the site should you have problems with the forms authentication mechanism (or other).

In order having many different third party authenticatin providers for your SP application you can solve this problem in SharePoint 2007. In the new version different authentication providers are supported. In fact, different providers can be used together for the same site! A major improvement which will make a lot of people very happy.

A single web application only supports a single authentication provider, such as Windows, Forms, etc. That mean, you can not use one application (Domain namsepace) for 2 or more authentication providers. Read the rest of this entry »

Advertisements

Posted in Administration, ASP.NET, IIS, Infrastructure, MOSS, Security, SQL | Tagged: , , , , , | 2 Comments »

How to apply Digital Signature in a InfoPath formular?

Posted by PANVEGA on March 3, 2009

When creating a InfoPath template you can trust with Digital Signature in 2 ways.

  1. When developing an IP template you can add a certificate to your XSN template and publish and apply it on your server. So that every client knows that the formular comes from a trusted location.
  2. The other Certification procedure is a client site created certificate which should be send to the  server CA (Certificate Authority). This is very usefully when many e.g. employees travel and work remotely, the forms must be available to be completed and signed in a Web browser or IP CLient form. Read the rest of this entry »

Posted in Administration, InfoPath, MOSS, Security | Tagged: , , , | 3 Comments »

Changing the My Links Policy and customize the QuickLinks.aspx PageLayout

Posted by PANVEGA on January 26, 2009

the goal is to make in the custom quicklinks.aspx the fields Privacy and Grouping invisible by customizing the aspx offline. Howver you can not delete these two fileds, because they are mandatory fileds when creating a new QuickLink instance in the SP Object Model. See the Screen below. In the next step I wanna change the default Privacy value from Everyone to Only Me.

Customizing the quicklinks.aspx view

Eg.  QuickLink ql = qlm.Create(title, sLinkUrl, QuickLinkGroupType.General, strGroup, Privacy.Private);

You find the page in the http://legal.litwareinc.com/_layouts/myquicklinks.aspx and add a new Link. You will be navigated to the quicklinks..aspx (see below). Read the rest of this entry »

Posted in Administration, MOSS, My Links, My Site, Security | Tagged: , , , , | Leave a Comment »

SharePoint Exception Handling and Logging

Posted by PANVEGA on January 21, 2009

Error and exception handling is very important in creating a robust and high quality system and more importantly for trouble shooting. Error and exception handling must be done correctly so that potential issues with the system can be diagnosed quickly.

The Basics

  • Always display a high level abstract message to the user when an error occurs or an exception is thrown rather than a low level exception message that the user will not understand. The low level specific error message should be written to the log file.
  • Check objects, values, properties etc before using them so that unexpected exceptions are not thrown.  For example
    • When obtaining an object always check the object is not null before using it.
    • Always check strings to make sure they are not empty or null i.e. String.IsNullOrEmpty(“aString”)
  • Never use try catch blocks to control the logic of your code, it is more efficient to use if/else statements and only throw exceptions when nothing else can be done.
  • When casting always check the object can be cast to the particular object. For example:

if(MyObject is String)

{

// Cast object your object

} Read the rest of this entry »

Posted in ASP.NET, C#, Deployment, DotNet, MOSS | Tagged: , , , | Leave a Comment »

MyLinks without MySite

Posted by PANVEGA on December 1, 2008

In this post I am gonna show you how to manage the global MyLinks for users without activating the MySite.

The goal is that every user can admin his own custom links (Like in the MyLinks) without having access to the MySite. In addition the user should see all his personal links in a webpart in the Startpage.

Read the rest of this entry »

Posted in Administration, MOSS, My Links, My Site, Security | Tagged: , , , | Leave a Comment »

Sharepoint Authentication Button

Posted by PANVEGA on July 16, 2008

Sometimes it is not wished that the logion button can be seen on the startpage or on any other Sharepoint page. You can handle this problem by making the logion invisible in your master page. Authenticated user have to add the /_layouts/Authenticate.aspx after the domain name in order to get the login prompt. This is sometimes very useful, especially when you have publishing pages.

However you have to remember an other security issue. By default the user authenication values are send to the server in cleartext which nobody really wants.

The first possibilty is to write some JavaScript code with redirect the lofion by usinf SSL for the Sharepoint authentication and the user information is send encrypted to the server. Another solution, however a litle bit more offer is to develope a custom webpart which replaces the default logion scenario. It does not matter which way you decided, always set the authentication over Secure Sockets Layer.

Links:

http://www.andrewconnell.com/blog/articles/HowToConfigPublishingSiteWithDualAuthProvidersAndAnonAccess.aspx

http://forums.msdn.microsoft.com/en-US/sharepointcustomization/thread/99b01bd4-9f09-4941-9551-cc42e534c70e/

Posted in Infrastructure, MOSS, Security | Tagged: , , | Leave a Comment »

Deploy dlls to the webApplications bin rather than GAC

Posted by PANVEGA on May 14, 2008

Background information

Let’s first discuss some topics related to the GAC. The GAC is the centralrepository for assemblies which are installed on a Windows machine (including all important .NET system assemblies implementing the Framework Class Library). By the way, all assemblies which are stored in the GAC must be strong named.

The primary purpose of the GAC is to eliminate problems of sharing DLL code. There are several ways to interact with the GAC, for instance via the gacutil tool or ShFusion.dll, which is a Windows Explorer shell extension that provides a user-friendly interface to the GAC.

Read the rest of this entry »

Posted in Deployment, Infrastructure, MOSS | Tagged: , , | 2 Comments »