I've started to write a piece on What is Code Access Security in SharePoint 2007 and thought I'd put the draft up here to get some feedback -- especially since configuring security has taken prominent place. I'd really appreciate all of your feedback. Thanks! Hament
These days, you can't pick up a blog without reading about the need for the customizing SharePoint as per need of organization. Most of these are done via setting configuration and some time by custom programming too. We as programmer need to think carefully before tweaking the setting for WSS_Minimal and WSS_Medium trust levels. In exceptional cases a third configuration ‘Full’ can also be set. Let me warn you here that this may have serious implications and you may not be able to convince the security group to deploy it in production boxes.
Earlier the security were declared in the web.config file, but that doesn't seem to be the case any more. You will find two pointers to config file of folder localdrive:\program files\common files\microsoft shared\web server extensions\12. The classes are configured for code access level. For example you will find out that SqlClientPermission are not allowed in WSS_Minimal but is allowed in WSS_Medium trust.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Saturday, August 30, 2008
Monday, August 18, 2008
AllowUnsafeUpdates
if code is processing a POST request then you hve to take care of few things.
Make a call to SPUtility.ValidateFormDigest() before doing anything esle. This will ensure that the post request is validated (that it is not a cross-site scripting attack) and after that you will not have to worry about AllowUnsafeUpdates as this will be marked as true.
more info
Make a call to SPUtility.ValidateFormDigest() before doing anything esle. This will ensure that the post request is validated (that it is not a cross-site scripting attack) and after that you will not have to worry about AllowUnsafeUpdates as this will be marked as true.
more info
here
Friday, August 8, 2008
Updates are currently disallowed on GET requests. while creating a WSS site
you may need to impersonate the user and register hidden field
SPGlobalAdmin globalAdmin = new SPGlobalAdmin();
Context.Items[SPGlobalAdmin.RequestFromAdminPort] = true;
Page.RegisterHiddenField("__REQUESTDIGEST", globalAdmin.AdminFormDigest);
more
SPGlobalAdmin globalAdmin = new SPGlobalAdmin();
Context.Items[SPGlobalAdmin.RequestFromAdminPort] = true;
Page.RegisterHiddenField("__REQUESTDIGEST", globalAdmin.AdminFormDigest);
more
Monday, August 4, 2008
The security validation for this page is invalid" error when updating objects through SharePoint object model
What permissions are behind the permission levels (roles) in SharePoint
find out what SPBasePermissions are assigned behind permission level in SharePoint using SharePoint OM code
more details
more details
Sunday, August 3, 2008
How to enable users to download infected files when a download scan that is performed by using anti-virus software is disabled?
yopu need to set property AllowQuarantinedFileDownload to true more
SPSecurity.RunWithElevatedPrivileges - an important point while using it in web context
Do not forget to create a new instance of SPSite and SPWeb inside SPSecurity.RunWithElevatedPrivileges more
Subscribe to:
Posts (Atom)