Archive for July, 2006

Different security contexts in SharePoint 2007

July 29th, 2006 No comments

1) string ProcessIdentity = WindowsIdentity.GetCurrent().Name;

  • It has nothing to do with ASP.NET. In fact this is the lowest level of windows security programming that you can do. It basically tells you who is this thread running as?
  • No matter which authentication mechanism you use in your ASP.NET applications (Windows Integrated,Forms,Basic,Digest and etc), whether you impersonate or you use anonymous access, at the end of the day they all resolve in a windows account. The above statement returns the name of that account.
  • The windows account which is returned is a process identity (App pool identity, Machine identity, etc) OR impersonated user (if impersonation is used) OR anonymous access identity (if anonymous access is enabled). Bear in mind that the security context which is the result of enabling the anonymous access is ONLY used when your web parts interact with local or network resources and SharePoint is still using Process Identity to call content or configurations database, regardless of whether web application is set to use Form or Windows Integrated Authentication.

2) string ASPNetUser = Context.User.Identity.Name;
This is an ASP.NET technique to get the owner of the HTTP context. Based on authentication type, impersonation settings it might be different from one environment to another one.

3) string WssUser = SPContext.Current.Web.CurrentUser.Name;
AS mentioned din my previous blog post , this is a new class in SharePoint 2007 to extract the WSS user which gives u a more friendly name than the ASP.NET user.

Categories: Uncategorized Tags:

SPContext class in WSS V3

July 16th, 2006 No comments

Fortunately Windows SharePoint Services V3 (SharePoint 2007) Object model offers a high level of backward compatibility with its predecessor(V2) , so we expect that most of our code written for previous version just work fine in new version as well. Microsoft has introduced a new class in Windows SharePoint Services V3 (SharePoint 2007) called SPContext. I have seen that some developers are having difficulty understanding the concept of CONTEXT in web applications particularly in SharePoint. SPContext in WSS V3 is not a new concept. It basically does what we used to do using SPControl in WSS V2, except it is a cleaner way of getting an entry point to a site or site collection in V3.

SPSite siteCollect= SPControl.GetContextSite(this.context);      //returns the site collection in which current site exists
SPWeb site= SPControl.GetContextWeb(this.context);             //returns the site in which your code is executing

SPSite siteCollect= SPControl.GetContextSite(this.context);    //returns the site collection in which current site exists
SPSite siteCollect= SPContext.Current.Site                            //returns the site collection in which current context exists
SPWeb site= SPControl.GetContextWeb(this.context);           //returns the site in which your code is executing
SPWeb site= SPContext.Current.Web;                                  //returns the site in which current context exists

One important thing to remember is that all above statements work only if your code is running in the context of a SharePoint site. If your code is running in another IIS web site different than the IIS web site in which SharePoint site exists, none of the above statement works properly and you have to use the following piece of code in both WSS V2 and V3:
SPSite sc2= new SPSite(“http://localhost“);                            //returns the site collection exists in localhost virtual server(IIS WebSite)

As you see, here we have to explicitly state which context we are working with since we are outside of the SharePoint site context.


Categories: Uncategorized Tags:

How to prevent users from multiple submissions

July 7th, 2006 No comments

I have been repeatedly asked about how to prevent users from clicking submit button more than once. If you have ever faced such a problem, you would probably know that there are many ways suggested by folks to handle this, things like using two buttons, disabling submit button using JavaScript and so on. Regrettably I never did find anything that worked like they said it would and more importantly some of those methods causes your server side events not to fire. The way I deal with this issue is not just disabling the button by greying it out, but not letting the form to be posted back using the code below:
1) Put this in between the HEAD tags of your page:


  <SCRIPT language=javascript>
     var isSubmittedFlag= false;


2) Add the following java script code to the button attributes collection in  Page_Load() event of your page

btnSubmit.Attributes.Add(“onclick”, “javascript:if(isSubmittedFlag){alert(‘Your first request is still being processed’);return false;}else{isSubmittedFlag=true;return true;}”)

Categories: Uncategorized Tags: