{"id":1124,"date":"2006-05-25T19:33:00","date_gmt":"2006-05-26T00:33:00","guid":{"rendered":"http:\/\/blogs.devhorizon.com\/reza\/?p=1124"},"modified":"2006-05-25T19:33:00","modified_gmt":"2006-05-26T00:33:00","slug":"how-to-apply-authorization-on-custom-web-services-written-for-sharepoint","status":"publish","type":"post","link":"https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/","title":{"rendered":"How to apply authorization on custom web services written for sharepoint"},"content":{"rendered":"

After reading this document:<\/P>
\n

http:\/\/msdn.microsoft.com\/library\/default.asp?url=\/library\/en-us\/odc_SP2003_ta\/html\/ODC_WritingCustomWebServicesforSPPT.asp<\/A><\/P>
\n

I implemented a web service to be used by my sharepoint users. the first thing came to my mind was how to apply my own custom authorization to this web service, so it could be called by only an specific user and denied for all other users. I went ahead and changed the web.config of ISAPI folder to load ASP.NET URLAuthorization http module (by default Sharepoint removes urlAuthorization module from web.config of wwwroot):
 <location allowOverride=”false”>
       <system.web>     
                <httpModules>
                        <add name=”UrlAuthorization” type=”System.Web.Security.UrlAuthorizationModule”\/>                    
            <\/httpModules>
            <\/system.web>
 <\/location>
I created the folder “MyCustomWebService” in ISAPI folder and moved all of my web service related files to that folder. I created a web.config file in the new folder and added the following lines to it:
  <authorization><\/P>
\n

              <allow  users=”win2003-dvadministrator” \/>
              <deny  users=”win2003-dvsp_reader” \/><\/P>
\n

 <\/authorization>
 Now when I call my web service (uploadfile.asmx) through Internet Explorer (http:\/\/portal\/_vti_bin\/MyCustomWebService\/uploadfile.asmx<\/A>), I will receive access denied for sp_reader and not for administrator (as I expected)<\/P>
\n

<\/P>

<\/p>\n","protected":false},"excerpt":{"rendered":"

After reading this document: http:\/\/msdn.microsoft.com\/library\/default.asp?url=\/library\/en-us\/odc_SP2003_ta\/html\/ODC_WritingCustomWebServicesforSPPT.asp I implemented a web service to be used by my sharepoint users. the first thing came to my mind was how to apply my own custom authorization to this web service, so it could be called by only an specific user and denied for all other users. I went ahead […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-1124","post","type-post","status-publish","format-standard","hentry"],"yoast_head":"\nHow to apply authorization on custom web services written for sharepoint - Reza Alirezaei's Blog %<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Reza Alirezaei\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2006\\\/05\\\/25\\\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2006\\\/05\\\/25\\\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\\\/\"},\"author\":{\"name\":\"Reza Alirezaei\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#\\\/schema\\\/person\\\/cdbb24d283697a65951cb4a14e474938\"},\"headline\":\"How to apply authorization on custom web services written for sharepoint\",\"datePublished\":\"2006-05-26T00:33:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2006\\\/05\\\/25\\\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\\\/\"},\"wordCount\":354,\"commentCount\":0,\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2006\\\/05\\\/25\\\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2006\\\/05\\\/25\\\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\\\/\",\"url\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2006\\\/05\\\/25\\\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\\\/\",\"name\":\"How to apply authorization on custom web services written for sharepoint - Reza Alirezaei's Blog %\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#website\"},\"datePublished\":\"2006-05-26T00:33:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#\\\/schema\\\/person\\\/cdbb24d283697a65951cb4a14e474938\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/2006\\\/05\\\/25\\\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#website\",\"url\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/\",\"name\":\"Reza Alirezaei's Blog\",\"description\":\"Blogging from the field!\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/#\\\/schema\\\/person\\\/cdbb24d283697a65951cb4a14e474938\",\"name\":\"Reza Alirezaei\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g\",\"caption\":\"Reza Alirezaei\"},\"url\":\"https:\\\/\\\/blogs.devhorizon.com\\\/reza\\\/author\\\/rezaa\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to apply authorization on custom web services written for sharepoint - Reza Alirezaei's Blog %","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/","twitter_misc":{"Written by":"Reza Alirezaei","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/#article","isPartOf":{"@id":"https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/"},"author":{"name":"Reza Alirezaei","@id":"https:\/\/blogs.devhorizon.com\/reza\/#\/schema\/person\/cdbb24d283697a65951cb4a14e474938"},"headline":"How to apply authorization on custom web services written for sharepoint","datePublished":"2006-05-26T00:33:00+00:00","mainEntityOfPage":{"@id":"https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/"},"wordCount":354,"commentCount":0,"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/","url":"https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/","name":"How to apply authorization on custom web services written for sharepoint - Reza Alirezaei's Blog %","isPartOf":{"@id":"https:\/\/blogs.devhorizon.com\/reza\/#website"},"datePublished":"2006-05-26T00:33:00+00:00","author":{"@id":"https:\/\/blogs.devhorizon.com\/reza\/#\/schema\/person\/cdbb24d283697a65951cb4a14e474938"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.devhorizon.com\/reza\/2006\/05\/25\/how-to-apply-authorization-on-custom-web-services-written-for-sharepoint\/"]}]},{"@type":"WebSite","@id":"https:\/\/blogs.devhorizon.com\/reza\/#website","url":"https:\/\/blogs.devhorizon.com\/reza\/","name":"Reza Alirezaei's Blog","description":"Blogging from the field!","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.devhorizon.com\/reza\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blogs.devhorizon.com\/reza\/#\/schema\/person\/cdbb24d283697a65951cb4a14e474938","name":"Reza Alirezaei","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3ba940d84e0ecb909e62e93df4c56daf0395c7e53c914467ab2ee73124a7d7b6?s=96&d=mm&r=g","caption":"Reza Alirezaei"},"url":"https:\/\/blogs.devhorizon.com\/reza\/author\/rezaa\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/posts\/1124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/comments?post=1124"}],"version-history":[{"count":0,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/posts\/1124\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/media?parent=1124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/categories?post=1124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.devhorizon.com\/reza\/wp-json\/wp\/v2\/tags?post=1124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}