Archive

Archive for June, 2009

Enable Client Integration – User permissions for Web Application – Caution

June 26, 2009 Leave a comment

    First a little background. We all know that SharePoint by default comes with the some pre-defined permission levels. Represented by class RoleDefinitions in Object model. You can browse through the following URL http://Sitename/_layouts/role.aspx and find the set of permission level your site has.

    In addition to the above permission level you have an option of creating a new Permission Level (RoleDefinition) as per your needs. This doesn’t stop there; we have an option to restrict the permissions that can be used in the Web Application. Well what it means is, Say for Example if you don’t want any user (ANY USER yes I mean it Site Collection Administrator as well) of site to delete or Manage Web, but wait how can I prevent Site Collection Administrator from deleting the site, s/he is a big guy he got all power to do all s/he wants in a Site Collection. That’s true but there is another real big guy Farm Administrator. If he decides not to allow Site Delete for a Web Application he can do so by just un-checking the to Manage Web Site permission in the User Permissions for Web Application page http://Central AdminSite/_admin/vsmask.aspx. With this background we can see what gets interesting.

    Say you have a Code in your application that check to see if the user has Contributor right in a web, as below

Code Block # 1

 using (SPSite oSite = new SPSite(http://xxx))

{

   using (SPWeb oWeb = oSite.RootWeb)

{

    if(oWeb.DoesUserHavePermissions( oWeb.RoleDefinitions[“Contribute”].BasePermissions))

        //Do Something
    else

        //Do Something 

      }

}

    

    Above code will work fine until our real big guy Farm Administrator comes in, now he decides to revoke the Delete Permission from the Web Application. Now above code will start to break, it will keep returning false as the Contributor Role definition was built with the Delete Permission with it, and as it has been removed by the Farm Administrator, your EffectivePermission will not match the RoleDefinition of Contributor. Below statement will not be true.

Code Block # 2

oWeb.EffectiveBasePermissions== oWeb.RoleDefinitions[“Contribute”].BasePermissions

 

Okay how do I fix it, just go to your permission Level page, edit the Contribute permission level do nothing, just save it. Now the absence of the delete permission has been informed to RoleDefinition
Contribute and your code will start working.

But still I got more interesting information for you; in SPBasePermission enum out of 33 Permission we have a value called SPBasePermissions.UseClientIntegration, Which launch client applications. Without this permission, users will have to work on documents locally and upload their changes. Like any permission you can disable this at the User Permissions for Web Application page of central admin. But there is another place where you can disable this as well, yes that is at the Authentication Provider page. Select authentication provider and end of the page say no to Enable Client Integration? Well that was simple change but to find it we had real tough time. When you say no to Enable Client Integration?

What happens is that SPBasePermissions.UseClientIntegration will be removed from the permission but it will not get reflected in the UI both at the User Permissions for Web Application page and at the Permission Level page. With this state you will always get the Code Block # 1 executed to false. Because your EffectivePermission doesn’t include the SPBasePermissions.UseClientIntegration. So you need to manually remove this option from the RoleDefintion to make the code work.

Should I call it a bug, when it is really not there why should UI show that ????

Advertisements

ASP.NET 4.0 Snippet

June 21, 2009 1 comment

    This is new addition to the multi part post on upcoming .Net 4.0. Recently Microsoft has released the Beta 1 of .Net 4.0 and the Visual Studio 2010, you can get full update on this and how to download & install from this Video by Brian Keller.

    This post we will look in to one of the new option of Visual Studio 2010 for ASP.NET 4.0. We were using the code snippets in the visual studio for some time now, and with this release of the Visual Studio 2010 it has been expanded to the ASP.NET 4.0 and HTML as well. Earlier version it was limited to the C# and other languages only.

    The working of snippet is no different than the C# & other language codes, all the pre defined ASP.NET snippets are placed in the folder location C:\Program Files\Microsoft Visual Studio 10.0\Web\Snippets\HTML\1033\ASP.NET
and the HTML snippets reside in the folder C:\Program Files\Microsoft Visual Studio 10.0\Web\Snippets\HTML\1033\HTML . Below I have defined a snippet for GridView, once you defined the snippet, use the Tools-> Code Snippet Manager of Visual Studio and Import the Snippet and it will be available for the immediate use.


Snippet for the Grid View

Once Import just type in the Shortcut text for the snippet and hit Tab Tab. You snippet will be inserted to the code as below and you can change the Parameters that are defined in the snippet, in my case I have defined the parameter for ID and DataSourceID attribute.

Categories: ASP.NET 4.0