Fortunately Windows SharePoint Services V3 (SharePoint 2007) Object model offers a high level of backward compatibility with its predecessor(V2) , so we expect that most of our code written for previous version just work fine in new version as well. Microsoft has introduced a new class in Windows SharePoint Services V3 (SharePoint 2007) called SPContext. I have seen that some developers are having difficulty understanding the concept of CONTEXT in web applications particularly in SharePoint. SPContext in WSS V3 is not a new concept. It basically does what we used to do using SPControl in WSS V2, except it is a cleaner way of getting an entry point to a site or site collection in V3.
WSS V2:
SPSite siteCollect= SPControl.GetContextSite(this.context); //returns the site collection in which current site exists
SPWeb site= SPControl.GetContextWeb(this.context); //returns the site in which your code is executing
WSS V3:
SPSite siteCollect= SPControl.GetContextSite(this.context); //returns the site collection in which current site exists
SPSite siteCollect= SPContext.Current.Site //returns the site collection in which current context exists
SPWeb site= SPControl.GetContextWeb(this.context); //returns the site in which your code is executing
SPWeb site= SPContext.Current.Web; //returns the site in which current context exists
One important thing to remember is that all above statements work only if your code is running in the context of a SharePoint site. If your code is running in another IIS web site different than the IIS web site in which SharePoint site exists, none of the above statement works properly and you have to use the following piece of code in both WSS V2 and V3:
SPSite sc2= new SPSite(“http://localhost“); //returns the site collection exists in localhost virtual server(IIS WebSite)
As you see, here we have to explicitly state which context we are working with since we are outside of the SharePoint site context.
Categories: Uncategorized Tags:
I have been repeatedly asked about how to prevent users from clicking submit button more than once. If you have ever faced such a problem, you would probably know that there are many ways suggested by folks to handle this, things like using two buttons, disabling submit button using JavaScript and so on. Regrettably I never did find anything that worked like they said it would and more importantly some of those methods causes your server side events not to fire. The way I deal with this issue is not just disabling the button by greying it out, but not letting the form to be posted back using the code below:
1) Put this in between the HEAD tags of your page:
<HEAD>
…
<SCRIPT language=javascript>
var isSubmittedFlag= false;
</SCRIPT>
…
</HEAD>
2) Add the following java script code to the button attributes collection in Page_Load() event of your page
btnSubmit.Attributes.Add(“onclick”, “javascript:if(isSubmittedFlag){alert(‘Your first request is still being processed’);return false;}else{isSubmittedFlag=true;return true;}”)
Categories: Uncategorized Tags:
After reading this document:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/odc_SP2003_ta/html/ODC_WritingCustomWebServicesforSPPT.asp
I implemented a web service to be used by my sharepoint users. the first thing came to my mind was how to apply my own custom authorization to this web service, so it could be called by only an specific user and denied for all other users. I went ahead and changed the web.config of ISAPI folder to load ASP.NET URLAuthorization http module (by default Sharepoint removes urlAuthorization module from web.config of wwwroot):
<location allowOverride=”false”>
<system.web>
<httpModules>
<add name=”UrlAuthorization” type=”System.Web.Security.UrlAuthorizationModule”/>
</httpModules>
</system.web>
</location>
I created the folder “MyCustomWebService” in ISAPI folder and moved all of my web service related files to that folder. I created a web.config file in the new folder and added the following lines to it:
<authorization>
<allow users=”win2003-dvadministrator” />
<deny users=”win2003-dvsp_reader” />
</authorization>
Now when I call my web service (uploadfile.asmx) through Internet Explorer (http://portal/_vti_bin/MyCustomWebService/uploadfile.asmx), I will receive access denied for sp_reader and not for administrator (as I expected)
Categories: Uncategorized Tags:
I feel like I was just born yesterday. Office 2007 bata is now released and what it means to office developers (including myself) is couple more years of challange, learning and ofcourse FUN!
http://www.microsoft.com/office/preview/beta/getthebeta.mspx
Categories: Uncategorized Tags:
As an ASP.NET developer, what really bugs me the most is the security issues related to current web context, in which you do your coding .I have been recently working on an ASP.NET project, which requires me to frequently query Active Directory to obtain necessary information about users, groups and so on. I mostly use System.DirectoryServices and its two famous classes DirectoryEntry and DirectorySearcher. I guess the biggest challenge working with Active Directory from a web context is that fact that AD requires a primary token all the time. As long as IIS server has a user name and password (not just a hash of the password as the result of NTLM authentication) and can hand it over to AD you are fine, otherwise you are toast and soon you will end up receiving various nasty messages from AD. If I can convince my clients to pass credentials to System.DirectoryServices code using the DirectoryEntry class constructor or by using the Username and Password properties, then this method is my preferred one. However you should consider securing your credentials and not leave them in clear text anywhere in your app. For the sake of demonstration, let’s assume that you have written a piece of code to authenticate to AD to do some work:
DirectoryEntry adSharepointUsers=null;
try
{
adSharepointUsers = new DirectoryEntry(“LDAP://mydomain”,”ADUser”,”password“);
……..
}
catch(Exception ex)
{
throw ex;
}
Everything works fine on your development machine, but once you have deployed your app to the production ,you will be trapped by “The authentication mechanism is unknown” error. If that’s the case you might try passing username with the domain name at the same time
ie: MyDomain/ADUser.
DirectoryEntry adSharepointUsers=null;
try
{
adSharepointUsers = new DirectoryEntry(“LDAP://MyDomain”,”MyDomain/ADUser”,”password“);
……..
}
catch(Exception ex)
{
throw ex;
}
Yes, it does the trick!
Categories: Uncategorized Tags:
