RE: Security issue while creating a Personal View programmatically
From: Jim Buyens (news_at_interlacken.com)
Date: 01/25/05
- Next message: Wei-Dong XU [MSFT]: "Re: Problem with changing passwords"
- Previous message: Jim Buyens: "RE: Multiple Site Migrations"
- In reply to: Albert Lo: "Security issue while creating a Personal View programmatically"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 24 Jan 2005 21:55:01 -0800
For an easy approqach to impersonation, browse:
http://www.15seconds.com/issue/040511.htm
Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Windows SharePoint Services Inside Out
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------
"Albert Lo" wrote:
> I am working on a windows sharepoint services 2003 project where I need to
> build and customise advanced search functionality by creating a Personal View
> web part. I am using the Add method of the SPViewCollection class to create a
> personal view. Currently when calling the method in code, the personal view
> can only be created if the user has “Manage Lists” rights. If the user
> creates a personal view through sharepoint (instead of via code) then this
> right is ignored and the user is always able to create the personal view.
> Could this be a bug in sharepoint?
>
> My problem is that I need to create the personal view programmativally. I
> tried to work around this problem by using impersonation example in the
> sharepoint SDK (title is "Handling Document Library Events") but it returns
> an error message “Access is denied.", the user I use for impersonation is the
> system administrator in sharepoint which has full control of the website. If
> I dont use impersonation and I use the same system administrator, then the
> Personal View gets created fine. Obviously I cannot give every user on the
> sharepoint site, system administrator access.
>
> Below is the code I used for my web part.
>
> public static string GetSearchView(string sQueryString, string sFolderName)
>
> {
>
> try
>
> {
>
> //use this to specify default webpage
>
>
> SPSite siteCollection =
> SPControl.GetContextSite(System.Web.HttpContext.Current);
>
>
>
> //return document library path
>
> string sWorkPath = GetWorkspacePath();
>
>
>
> SPWeb site = siteCollection.OpenWeb(sWorkPath);
>
>
>
> //set folder to perform search
>
> SPList list = site.Lists[sFolderName];
>
>
>
> SPViewCollection views = list.Views;
>
>
>
> // required parameters for search
>
> string sViewName = "SearchResult " + sFolderName;
>
> string sReturnHtml = "";
>
>
>
> // Display fields
>
> System.Collections.Specialized.StringCollection
> viewFields = new System.Collections.Specialized.StringCollection();
>
> viewFields.Add("DocIcon");
>
> viewFields.Add("LinkFilename");
>
> viewFields.Add("Status Date");
>
> viewFields.Add("Creator");
>
> viewFields.Add("Last_x0020_Modified");
>
> viewFields.Add("Modified_x0020_By");
>
> viewFields.Add("Version");
>
> viewFields.Add("FileSizeDisplay");
>
> viewFields.Add("FileDirRef");
>
> viewFields.Add("File_x0020_Type");
>
>
>
> // Login details of system administrator
>
> string User_Alias = "bob";
>
> string Domain = "dtest";
>
> string Password = "password";
>
>
>
> // Create view and output view guid to URL
>
> WindowsImpersonationContext wic =
> CreateIdentity(User_Alias, Domain, Password).Impersonate();
>
>
>
> // Create view and output view guid to URL
>
> SPView viewResult = views.Add(sViewName, viewFields,
> sQueryString, 50, false, false, SPViewCollection.SPViewType.Html, true);
>
>
>
> // Revert back to original login
>
> wic.Undo();
>
>
>
> // Return scope of results
>
> viewResult.Scope = SPViewScope.Recursive;
>
>
>
> // No Toolbar
>
> viewResult.Toolbar = "";
>
>
>
> // update changes made to view
>
> viewResult.Update();
>
>
>
> // Return views results as html
>
> sReturnHtml = viewResult.RenderAsHtml();
>
>
>
> // delete view
>
> views.Delete(viewResult.ID);
>
>
>
> // close site connection
>
> siteCollection.Close();
>
>
>
> // return html
>
> return sReturnHtml;
>
> }
>
> catch(ApplicationException ae)
>
> {
>
> return null;
>
> }
>
>
>
> }
>
>
>
>
>
>
>
>
>
> protected static WindowsIdentity CreateIdentity(string User, string Domain,
> string Password)
>
> {
>
> // The Windows NT user token.
>
> IntPtr tokenHandle = new IntPtr(0);
>
>
>
> const int LOGON32_PROVIDER_DEFAULT = 0;
>
> const int LOGON32_LOGON_NETWORK = 3;
>
>
>
> tokenHandle = IntPtr.Zero;
>
>
>
> // Call LogonUser to obtain a handle to an access token.
>
> bool returnValue = LogonUser(User, Domain, Password,
>
> LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT,
>
> ref tokenHandle);
>
>
>
> if (false == returnValue)
>
> {
>
> int ret = Marshal.GetLastWin32Error();
>
> throw new Exception("LogonUser failed with error
> code: " + ret);
>
> }
>
>
>
> System.Diagnostics.Debug.WriteLine("Created user token: "
> + tokenHandle);
>
>
>
> //The WindowsIdentity class makes a new copy of the token.
>
> //It also handles calling CloseHandle for the copy.
>
> WindowsIdentity id = new WindowsIdentity(tokenHandle);
>
> CloseHandle(tokenHandle);
>
> return id;
>
> }
>
>
>
>
>
> [DllImport("advapi32.dll", SetLastError=true)]
>
> private static extern bool LogonUser(String lpszUsername, String
> lpszDomain, String lpszPassword,
>
> int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
>
>
>
> [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
>
> private extern static bool CloseHandle(IntPtr handle);
>
>
>
>
>
>
>
>
- Next message: Wei-Dong XU [MSFT]: "Re: Problem with changing passwords"
- Previous message: Jim Buyens: "RE: Multiple Site Migrations"
- In reply to: Albert Lo: "Security issue while creating a Personal View programmatically"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
