Showing posts with label MOSS Security. Show all posts
Showing posts with label MOSS Security. Show all posts

Wednesday, 6 August 2008

Restrict access to MOSS Web Services

As a part of Security measure, we need to block the access to MOSS Web Services.
Every MOSS Developer knows how to access the exposed web services of MOSS.
http://servername/_vti_bin/Lists.asmx ...
This would open up the entire webservice and available methods in that.

In order to restrict that we can add an entry in web.config file of that Site Collections web application.

Add the following block

<location path="_vti_bin">
<system.web>
<authorization>
<allow users="mossserver\Myuser" />
<deny users="*" />
</authorization>
</system.web>
</location>

Its blocked!! Right?

*** But beware, you cannot open the Site in SharePoint designer if you block webservices for all users. So please allow atleast one account for accessing webservices.**

Posted by at 1 comment:
Labels: ,

Restrict Access to MOSS Customizations

If we need to make sure that a user is logged in before accessing our customizations in MOSS and then redirected back after login, I found a inbuilt way

Microsoft.SharePoint.Utilities.SPUtility.EnsureAuthentication();
This will redirect unauthenticated users to the login screen and show users access denied screens if applicable.

It's that simple.
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)