Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding & Securing SharePoint Application Pages Oguz Demirel.

Published byMae Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "Understanding & Securing SharePoint Application Pages Oguz Demirel."— Presentation transcript:

1 Understanding & Securing SharePoint Application Pages Oguz Demirel

2 Session Materials In this session, we will have: Presentation Demo Sample Code (Visual Studio Solution)

3 About This Session Description  Securing SharePoint Application Pages Audience  Primary: Developers  Secondary: Support Session Prerequisites  SharePoint Development or Support experience Session Objectives  Understanding different SP App Page types and usage  Securing application pages

4 Session Outline Module 1: Introduction to Application Pages Module 2: UnsecuredLayoutsPageBase  Demo: UnsecureAppPage.aspx Module 3: LayoutsPageBase  Demo: SecureAppPage.aspx Module 4: WebAdminPageBase  Demo: AdminAppPage.aspx Q & A (at the end – please note your questions)

5 Session Setup Virtual machineDescription Demo Environment Windows Server 2003 SP1 SharePoint Server 2007 Standard (or Enterprise) Demo solution deployed (TestApplicationPages.wsp)

6 Module 1: Introduction to SharePoint Application Pages

7 Intro  There are 3 types of SharePoint Application Pages:  UnsecuredLayoutsPage Base  LayoutsPage Base  WebAdminPage Base

8 Intro (cont’d)  This actually means there are 3 base classes for you to drive your custom application page from. (Note above class names)  UnsecuredLayouts & Layouts pages under namespace: Microsoft.SharePoint.WebControls  WebAdmin page under namespace: Microsoft.SharePoint.ApplicationPages * * Reference Microsoft.SharePoint.ApplicationPages.dll to use it!

9 Module 2: UnsecuredLayoutsPageBase

10 Represents an application page, sometimes called a layouts page, that can request certain resources and verify that the client has not been disconnected. In general, use UnsecuredLayoutsPageBase as a base class for pages to which even unauthenticated users must have access; such as a login page. Description

11 Login.aspx  Display a login page allowing users to enter forms authentication credentials. Samples – Login Page

12 AccessDenied.aspx  Displays a notice that you have been denied access to the requested resource. Shows the name of the currently logged-in user and a link to sign-in as a different user. Samples – Access Denied Page

13 Confirmation.aspx  Displays a message indicating that the requested operation succeeded. Samples – Confirmation Page

14 ReqAcc.aspx  Displays a notice that you have been denied access to the requested resource. Samples – Request Access Page

15 Signout.aspx  Responsible for logging a user out of the site. Samples – Sign Out Page

16 Demonstration: UnsecureAppPage.aspx In this demonstration, you will see how to: Develop a sample “ UnsecureAppPage.aspx ” inheriting from UnsecuredLayoutsPageBase Override AllowAnonymousAccess property

17 Module 3: LayoutsPageBase

18 Represents an application page (sometimes called a " _layouts " page) to which access can be limited to users that possess certain rights. The LayoutsPageBase (in Microsoft.SharePoint.WebControls) class is the most common class to derive application pages from.LayoutsPageBase The advantages with using the LayoutsPageBase as your base class is that you can easily access the current SharePoint Site or Site Collection with the built-in properties and control the security of the application page. Description

19 With the LayoutsPageBase class you can use the built-in properties for the Site and Web to access the current Site Collection or Site (both these properties are derived from the UnsecuredLayoutsPageBase class) or use the SPContext class to access the current site and web.SiteWeb SPContext Access the SharePoint objects

20 If you create some pages that creates reports or similar that may take a long time to generate and consumes server resources, you should use the StopRequestIfClientIsNotValid method.StopRequestIfClientIsNotValid This method ends the request if the client is no longer connected to the page and saves you of some CPU cycles. If you have these kind of pages - think over and use the SPLongOperation class to inform the user that it will take a while. SPLongOperation Stop long running operations

21 Exit from the Application Page If you are creating an application page that uses the ButtonSection control template you will have a Cancel button. The target of this Cancel button is controlled using the PageToRedirectOnCancel property. PageToRedirectOnCancel Just override the property and return a string containing the target of your cancel page.

22 Security in the Application Page The LayoutsPageBase class contains a virtual property called RightsRequired, this property can be used to programatically set which rights (on the current Site) that are required to use the application page.RightsRequired By default the rights are checked at the end of the OnLoadComplete, but using the RightsCheckModes property you can disable the check or perform it in OnPreInit instead.RightsCheckModes There are also a property called RequireSiteAdministrator that can be overridden to make sure that the user is site administrator. RequireSiteAdministrator

23 Demonstration: SecureAppPage.aspx In this demonstration, you will see how to: Develop a sample “ SecureAppPage.aspx ” inheriting from LayoutsPageBase Override RightsRequired property RightsRequired Use RightsCheckModes property RightsCheckModes Override RequireSiteAdministrator property RequireSiteAdministrator

24 Custom Security Check - 1 What if you wanted to check if a user belongs to a certain security group in Active Directory or check if user belongs to a SharePoint Group before granting access? There is no SharePoint permission (SPBasePermission) that directly corresponds to that. We need to implement our custom logic.

25 Custom Security Check - 2 How do we implement our custom security check?  Set RightsCheckModes to OnPreInit in page constructorRightsCheckModes  Call CheckCustomRights method on OnLoad event

26 Custom Security Check - 3  Implement your custom logic in CheckCustomRights.

27 Example Super user – this application page can only be accessed by only Super User

28 Module 4: WebAdminPageBase

29 Description WebAdminPageBase is inheriting from LayoutsPageBase. Use WebAdminPageBase when you want to create application pages for Central Admin or Site Settings. Override RequireSiteAdministrator and set it to true.RequireSiteAdministrator This will allow only Site Administrators to access your application page.

30 Demonstration: AdminAppPage.aspx In this demonstration, you will see how to: Develop a sample “ AdminAppPage.aspx ” inheriting from WebAdminPageBase Override RequireSiteAdministrator property RequireSiteAdministrator

Download ppt "Understanding & Securing SharePoint Application Pages Oguz Demirel."

Similar presentations

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Benchmark and Java Applet Test Scenario Presentation Outline Introduction to Benchmark Testing Procedure to create the test Benchmark Playback Results.

Benchmark and Java Applet Test Scenario Presentation Outline Introduction to Benchmark Testing Procedure to create the test Benchmark Playback Results.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Building a Deployment The following screens demonstrate how to: 1. Create a new OpenHRE™ tailor-made deployment using a remote (sample) deployment Standard.

Building a Deployment The following screens demonstrate how to: 1. Create a new OpenHRE™ tailor-made deployment using a remote (sample) deployment Standard.
Access Web Apps – OK, Now What? EXTENDING ACCESS WEB APPS George Young Dawson Butte Software ACCESS DAY – OCTOBER 2014 - DENVER,

Access Web Apps – OK, Now What? EXTENDING ACCESS WEB APPS George Young Dawson Butte Software ACCESS DAY – OCTOBER DENVER,
 Support Team Leader with Webteksolutions  Our Primary focus : Office 365 Support Migrations.

 Support Team Leader with Webteksolutions  Our Primary focus : Office 365 Support Migrations.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Introduction to Software Installation:  Installation of Portfolio Management System is very easy and User friendly.  Software gets Installed in very.

Introduction to Software Installation:  Installation of Portfolio Management System is very easy and User friendly.  Software gets Installed in very.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Microsoft ® Official Course Monitoring and Troubleshooting Custom SharePoint Solutions SharePoint Practice Microsoft SharePoint 2013.

Microsoft ® Official Course Monitoring and Troubleshooting Custom SharePoint Solutions SharePoint Practice Microsoft SharePoint 2013.
Deployment Management The following screens demonstrate how to: 1. Access and view deployments 2. Create a new local deployment 3. Create and modify a.

Deployment Management The following screens demonstrate how to: 1. Access and view deployments 2. Create a new local deployment 3. Create and modify a.
Update your servers to service pack 2. Ensure that the environment is fully functioning. Migrate to 64 bit servers is necessary. REVIEW UPGRADE BEST PRACTICES.

Update your servers to service pack 2. Ensure that the environment is fully functioning. Migrate to 64 bit servers is necessary. REVIEW UPGRADE BEST PRACTICES.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
© 2011 PLANET TECHNOLOGIES, INC. Augmenting User Profiles with Line of Business Data Patrick Curran, MCT APRIL 28, 2012.

© 2011 PLANET TECHNOLOGIES, INC. Augmenting User Profiles with Line of Business Data Patrick Curran, MCT APRIL 28, 2012.

Similar presentations

Ads by Google