I have a web application which consumes the SharePoint 2007 search web service (http://localhost/_vti_bin/search.asmx). My scope contains several content sources, all of them contain business data (content is crawled via SQL queries on external databases). I need one of these content sources to provide me security trimmed results. To put it simple, I have two tables:
Table A with contents: NodeId, Title, Content
Table B with permissions: NodeId, Username
Now, the crawler indexes table A with no problems. My problem is though, that when doing a search with the query web service, I cannot find a solution to do a security trimming of the results. The web service is consumed with a service account, no impersonation of logged in user. Is there a possibility to pass somehow the username to the querypacket object, or any other way that would check the Table B, whether the username has access to the NodeId?
Since I'm planning to migrate onto SP2013, maybe some of you also know a solution for this Sharepoint version, if there is no way in MOSS2007?
There are a few 3 main options for doing security trimming of SharePoint search results. They include:
ISecurityTrimmerPre - New in SharePoint 2013. Allows adding additional claims for the user before a search query is executed
ISecurityTrimmerPost - Also known as ISecurityTrimmer2 in earlier versions of SharePoint. Allows trimming search results on a 1 by 1 basis after a search query is executed
Business Connectivity Services Indexing Connectors - Allows you to supply ACLs to the search indexer when it is crawling the content source
There is a great set of blog articles that show how to implement each option.
Also, here's a great video of a SharePoint Conference 2012 session on custom security trimming.
HTH
-Eugene
Related
I have a web application. When the user clicks on a button in my web application, I'd like to retrieve data from SharePoint on behalf of the user. I have read quite a few articles on SharePoint but I'm still not sure how to proceed. Should I create a provider hosted SharePoint App and use the SharePointREST API? Thank you in advance for your help.
You don't need to create a Provider to use the SharePoint Rest Services.
Quoting http://msdn.microsoft.com/en-us/library/office/jj164022(v=office.15).aspx :
One advantage of using REST is that you don’t have to add references to any SharePoint 2013 libraries or client assemblies. Instead, you make HTTP requests to the appropriate endpoints to retrieve or update SharePoint entities, such as webs, lists, and list items. See Get started with the SharePoint 2013 REST service for a thorough introduction to the SharePoint 2013 REST interface and its architecture.
Inside the page you will find videos and code examples that will help you to connect and execute operations.
It's Correct. Data in SharePoint is Stored in Lists or Libraries (to files).
You can use the Client Object Model, to get data remotely from a SharePoint Server (on-premise or Online). The Client Object Model can be used through Assemblies (DLL files) or REST services provided by SharePoint. Generally you should know the location of the data you are going to get, that is, as I initially mentioned, the data in SharePoint are stored in Lists or Libraries, therefore you must know the name of the List or Library Additional Site or Sub-site of the List or Library is.
If the name of the list where the information is stored is "employees" and the HR website, the URL could be formed as follows:
http://spserver.company.com/HR/Employees
For REST services, simply complete URL of the list you want to see, so that you retrieve the information from the list. If you want to apply filters, sorting, to retrieve specific columns, you must do it through CAML queries which the add on REST service call.
I need to implement sharepoint search using query web service in javascript. I am able to do it but the results I am getting are not security trimmed. Users can see even those files which are not accessible to them (i.e. they dont have permission to view those files).
My questions are:
How to get security trimmed results when using query web service in javascript?
Is there any other way to perform search and get security trimmed results?
Many thanks.
As long as the query is being made from the users account/role (user is logged in and accesses a page with a query webpart, etc), that query should only return the security trimmed results. SharePoint's webservice handles the security trimming by default.
However,if you write a custom query and elevate privileges in your code, such as using the SPSETUP account, then you will get non-user specific results. This is bad practice for the majority of scenarios.
I'm trying to get the total count of subsites created in a very large Sharepoint collection. Please note, I don't have direct access to the server.
Is there any native sharepoint feature I'm missing that will provide a site count?
Is there a webservice that can crawl the collection? (we have google analitics)
Are there any other options short of running a powershell script on the server?
Thanks!
I would suggest using the 'Webs' Web Service - you can invoke it by putting /_vti_bin/webs.asmx on the end of your site URL. It has a method GetAllSubWebCollection.
The only gotcha is that you will get filtered results based on the user being used to access the web service. For example, if you have a site collection that has a sub-web created for HR, Business, Management, Sales and IT - but your account only has access to the HR and Sales site - you will only get results back for the HR and Sales sites.
You may also find the SPServices jQuery library helpful as it has wrappers for most of the web services and can make calling them from a client much less painful.
Note: These web services exist for the 2007 and 2010 editions of SharePoint. You didn't mention a specific version but hopefully it is one of these two.
I'm curious about the best/most efficient way to do this.
I've already set up my sharepoint 2010 site, and it is configured to use FBA. What i'd like to do is allow users to create their own accounts by filling out a form (the form will sit on a public sharepoint site, and filling it out creates a user in the membership database which is used for validation to enter the FBA sharepoint site).
I'm familiar with using the asp CreateWizard tool to build user accounts as part of a .Net web application, but I'm not sure on how to develop this as a webpart for use in a sharepoint site, as a webpart doesn't have the config file to store connection string and membership/role provider info.
Can this user creation form be put in a webpart and deployed to other sites, or is there another/better way to add this functionality to sharepoint (allowing users to register/create their own FBA accounts for access)?
There's nothing not much difference between SharePoint and regular ASP.Net for this.
The membership provider will need to be configured in the SharePoint web.config, including connection strings. However, it does not actually need to be used for login, so you can still create users in that membership provide from a different site.
I use a slightly different approach though - set up an anonymously accessible page in your site (in layouts is probably easiest, though a page within a site may be better for branding) and put controls on that page to create (and log in) a new user. You will need to call EnsureUser and possibly CreateUserProfile to give the new user access to anything, but aside from that it's all standard .net.
Hi guys i am new to sharepoint . Actually we are using WSS not the MOSS 2007. we don't have shared service provider installed and no user profile service web service installed.Now I need to populate the active directory data to sharepoint list and after that I have to sync both Active directory and sharepoint list.which means the changes happened to Active directory data it must reflect in sharepoint list also.
What we are doing is extracting active directory data to SQL Server database and populating sharepoint list from SQL server database. I need a solution to populate sharepoint list from SQL Server database and sharepoint list must synchronize with SQL Server database table or stored procedure all the time automatically.
Can anyone suggest me the best solution to solve both importing the active directory data and sync the active directory and sharepoint list.
If anyone of you provide the sample source code that will be helpful.
I just want to clarify a bit first. Not sure if you're looking to configure sync for proper user profiles (which mundeep's answer solves nicely) or a generic SP list.
If you're looking to:
AD <-> SharePoint list
It's probably easier to break this problem down into two parts:
AD -> SP list
and:
SP list -> AD
For AD -> SP list
Microsoft provides some guidance on monitoring the AD for changes. Unfortunately, neither of these methods is a specific event message system (if anyone knows of one, please chime in!) both are essentially polling.
I would create a Windows service to handle this part of the solution.
The service would (in pseudo-code):
look for records that have changed
for each record that has changed:
get the matching SP item from the SP list (probably based on username)
update/add/remove the properties of the SP item
save the SP item
For SP list -> AD
I would create a custom event handler and attach it to the SP list.
Again in pseudo-code:
On SP item delete:
remove the matching AD record (if that's the behaviour you want)
On SP item create:
create a new AD record
On SP item update:
find the matching record in the AD
update the changed properties (which are flagged in the SP event handler)
The SP side of things is a little more elegant because events are raised only when something happens. This is definitely more efficient than polling.
What I'm suggesting has the added benefit of removing SQL (explicitly) from the solution. You can use the ADSI interface in the .NET framework to handle the AD update code. It's in the System.DirectoryServices assembly.
The AD polling service could use the SP object model if it's installed on the WSS box or the web services if it's on another system.
Again, if you're just looking to use the actual WSS/SP user profiles, use mundeep's solution.
1) Have you look into the User Information Lists & User Profiles? Sahil Malik has a very good overview of 'All you ever wanted to know about user profiles'. Keep in mind that because you are using WSS you don't have SSP Admin.
2) If you read the above article you will he mentions "How can profile information be kept up to date, if in case I am not using MOSS (and have no SSP)?" and his answer is an import/export utiltiy, the codebase of which (or even the utility itself) should give you a good start on what you want to do.
3) Also mentioned in the above article is a good diagram on how user information flows.