After reading this document:
I implemented a web service to be used by my sharepoint users. the first thing came to my mind was how to apply my own custom authorization to this web service, so it could be called by only an specific user and denied for all other users. I went ahead and changed the web.config of ISAPI folder to load ASP.NET URLAuthorization http module (by default Sharepoint removes urlAuthorization module from web.config of wwwroot):
<add name=”UrlAuthorization” type=”System.Web.Security.UrlAuthorizationModule”/>
I created the folder “MyCustomWebService” in ISAPI folder and moved all of my web service related files to that folder. I created a web.config file in the new folder and added the following lines to it:
<allow users=”win2003-dvadministrator” />
<deny users=”win2003-dvsp_reader” />
Now when I call my web service (uploadfile.asmx) through Internet Explorer (http://portal/_vti_bin/MyCustomWebService/uploadfile.asmx), I will receive access denied for sp_reader and not for administrator (as I expected)
I feel like I was just born yesterday. Office 2007 bata is now released and what it means to office developers (including myself) is couple more years of challange, learning and ofcourse FUN!
As an ASP.NET developer, what really bugs me the most is the security issues related to current web context, in which you do your coding .I have been recently working on an ASP.NET project, which requires me to frequently query Active Directory to obtain necessary information about users, groups and so on. I mostly use System.DirectoryServices and its two famous classes DirectoryEntry and DirectorySearcher. I guess the biggest challenge working with Active Directory from a web context is that fact that AD requires a primary token all the time. As long as IIS server has a user name and password (not just a hash of the password as the result of NTLM authentication) and can hand it over to AD you are fine, otherwise you are toast and soon you will end up receiving various nasty messages from AD. If I can convince my clients to pass credentials to System.DirectoryServices code using the DirectoryEntry class constructor or by using the Username and Password properties, then this method is my preferred one. However you should consider securing your credentials and not leave them in clear text anywhere in your app. For the sake of demonstration, let’s assume that you have written a piece of code to authenticate to AD to do some work:
adSharepointUsers = new DirectoryEntry(“LDAP://mydomain”,”ADUser”,”password“);
Everything works fine on your development machine, but once you have deployed your app to the production ,you will be trapped by “The authentication mechanism is unknown” error. If that’s the case you might try passing username with the domain name at the same time
adSharepointUsers = new DirectoryEntry(“LDAP://MyDomain”,”MyDomain/ADUser”,”password“);
Yes, it does the trick!
The official release of yet another discovery of server virtualization technologies is available for *FREE* download on Microsoft’s web site. Microsoft Virtual Server 2005 R2 caught my eyes soon in a way that I am almost done with transferring all my virtual machines from VMWare to this great product. I have also installed it on my laptop and since my laptop has no physical net connection, I had quite a hard time to configure networking connection between guest and host operating systems. It is fairly easy to do so in VMWare by utilizing VPN connection (Host only –VMNet1), but in virtual server 2005 ,you must follow some steps to properly setup the connection.
1)Log in to the host computer using an administrator account
2)Install Microsoft Loopback adaptor on the host OS only.For more information on how to install Microsoft Loopback adaptor check this link
3)Make sure Virtual Machine Network Services is checked in Microsoft Loopback adaptor
4)Set Internet Protocol (TCP/IP) in the host to use an static IP address from a non-routable range like 192.168.x.y
Note: The tricky part is here. First of all x in host IP address must be exactly same as x in guest IP address (You should set the guest OS to use an static IP address too, you will see it later in this post). Leave the subnet mask to be 255.255.255.0 on the host and do not set a value for default gateway. The most important part is that if your primary Ethernet card or any other adaptor (in my case, my VMWare VPN) is using x ,then you won’t be able to connect host to guest. In that case you must choose a different value for x.
5)Set Internet Protocol (TCP/IP) in the guest to use an static IP address from a non-routable range like 192.168.x.z. As I mentioned above x must be same as the host ,and again no default gateway
6)file and printer sharing must be exempted from the guest’s firewall (if you are planning to remote desktop to the guest computer from the host ,do the same for remote desktop as well)
7) Go to virtual server administration console and change your virtual network to use Microsoft Loopback adaptor . If the option is not there uninstall/reinstall the Virtual Server 2005. restart the guest operating system and you should be good to go!