Thursday, 28 August 2008

Host ASP.NET UserControls in MOSS

I got an interesting change request from my client manager, where they want to host the ASP.NET user control as is in MOSS(This has DLL available). I googled around and found five different ways to do and one mukiway(my way)
1. Deploy the Usercontrol using Smart Part
2. Wrap the UserControl with webpart
3. Modify the UserControl as Webcontrol and deploy the control
4. Recreate this UserControl as new Webpart
5. Deploy this control into 12 hive controltemplates folder along with .cs file

Mukiway:
1. Copy the control and its files into _Layouts/MukiControl/
2. Create a test page in ASP.NET and host the UserControl in that test page
<% Register src="UserControl.ascx" tagname="mukicontrol" tagprefix="muki" %>
In the body tag
<muki:UserControl ID="UserControl" runat="server"/>
save this page as test.aspx

3. GAC the UserControl DLL
3. Mark that DLL as safe entry in web.config file of the hosting site collection
4. Perform IISReset.
5. Add a PageViewer Webpart
6. Select Web Page as option and in the URL field give /_Layouts/MukiControl/test.aspx

Cheers! you are done.

Friday, 15 August 2008

Prevent users from viewing Application Pages

As a part of security measure, we have been asked to restrict the people accessing the default application pages like /Forms/Allitems.aspx,/_layouts/mcontent.aspx, Userdisp.aspx.
I ve heard about viewlockdownfeature but also heard that there are some issues with that. So I thought we can do this task by a custom http handler.
In order to make this handler configurable instead of hardcoding the URL's I made an entry in node of web.config file and redirect those URL's to desired page.
The code for Http Handler goes like this :

******************************************************************
// Description:
// This HTTP handler redirects the Application pages to desired page defined in <AppSettings>node in web.config file
//
// Implementation :
//<httpModules>
//<add name="ReRoutePages" type="muki.ReRouteAppPages, ForceSSL,Version=1.0.0.0, Culture=neutral,PublicKeyToken=XXXXX" />
//</httpModules>
//<appsettings>
//<add key ="ApplicationPages" value="/Forms/AllItems.aspx,/_layouts/settings.aspx"/>
//<add key ="AdminPagesReRoutedURL" value ="http://servername/Pages/DontSeethosePages.aspx"/>
//</appsettings>

*******Code begins***********************
namespace muki
{
class ReRouteAppPages : System.Web.IHttpModule
{
#region IHttpModule Members

public void Dispose()
{
throw new NotImplementedException();
}

public void Init(System.Web.HttpApplication context)
{
context.BeginRequest += new EventHandler(context_BeginRequest);
}

#endregion
void context_BeginRequest(object sender, EventArgs e)
{
ReRoutePages(System.Web.HttpContext.Current.Request.Url.PathAndQuery);
}
public void ReRoutePages(string pageURL)
{
//check for the current page exists in the group of pages requiring ReRouting
//if page is found in ReRoute group then redirect page to desired page as per web.config entry
try
{
bool found = false;
string AppPages = System.Configuration.ConfigurationSettings.AppSettings["ApplicationPages"];
string destURL = System.Configuration.ConfigurationSettings.AppSettings["AdminPagesReRoutedURL"];
char[] separator;
separator = new char[] { ',' };
string[] pages;
pages = AppPages.Split(separator);

for (int i = 0; i < pages.Length; i++)
{
if (pageURL.ToLower().Contains(pages[i].ToLower()))
{
found = true;
break;
}
}
if (found)
{
HttpContext.Current.Response.Redirect(destURL);
}

}
catch (Exception ex)
{

HttpContext.Current.Response.Write("An error has occured in ReRouting Application Pages" + ex.InnerException.ToString());
}

}
}
}

******************************************************************

2.Strong Name the assembly and GAC it.
3.Refer the Implementation
4.Perform IISReset.

We are done right!

Wednesday, 6 August 2008

Restrict access to MOSS Web Services

As a part of Security measure, we need to block the access to MOSS Web Services.
Every MOSS Developer knows how to access the exposed web services of MOSS.
http://servername/_vti_bin/Lists.asmx ...
This would open up the entire webservice and available methods in that.

In order to restrict that we can add an entry in web.config file of that Site Collections web application.

Add the following block

<location path="_vti_bin">
<system.web>
<authorization>
<allow users="mossserver\Myuser" />
<deny users="*" />
</authorization>
</system.web>
</location>

Its blocked!! Right?

*** But beware, you cannot open the Site in SharePoint designer if you block webservices for all users. So please allow atleast one account for accessing webservices.**

Restrict Access to MOSS Customizations

If we need to make sure that a user is logged in before accessing our customizations in MOSS and then redirected back after login, I found a inbuilt way

Microsoft.SharePoint.Utilities.SPUtility.EnsureAuthentication();
This will redirect unauthenticated users to the login screen and show users access denied screens if applicable.

It's that simple.