I want, in a document management library, to be able to add another type of security based on Web services that I will call to check if user can see this document library.
How can I do that feature?
Is your webservice call running as the user making the call? If so, make sure the user has access to the doc library.
If the user does have permissions, and the webservice call is running as that user, the webservice should be able to access everything in the doc library that the user has permissions for.
Related
I have developed a logic app, which receives a post request with JSON Object and I create external user in azure active directory. Till here everything is fine. Now I want to grant permission to newly created user to access our sharepoint site. There is a solution using Plumsail action connector but I do not want to use it. I want to achieve this using microsoft graph api.
Can you help me to achieve this?
Best way I think is adding the user to a group (with the AD connector) or using dynamic group to pick up the user. Then you can have sharepoint license connected to the group and have sharepoint access on the group.
Is it possible to secure SharePoint rest APIs?
I have a SharePoint portal that allows users to create accounts an get access to the portal.
The portal uses SharePoint client object model, if any of the users try to access let's say getuserbyid method or retrieving items for lists and changes the ID value, he will be able to retrieve information for other users on the portal.
So it is possible or is their any way to restrict access to the rest APIs outside the portal itself? Because with manipulation using Fiddler or burp suite the request can be replayed with different information or values.
The operations performed by the Client Side Object Model respect the SharePoint site permissions in the SharePoint site you are interacting with. You need to set/customize the site permissions such that you get the results that you want.
Looking to create a completely external portal using only HTML5, JS, and CSS to show CRM 2011 data. It does not look like I can use REST or SOAP because they cannot authenticate externally. Does anyone know how I would do this?
Thanks!
To do this, your OrganizationData.svc service would need to be externally accessible, and it would need to function without authentication (or, your authentication would need to happen within your javascript - where the end user would be able to read your source code). Either way is not a wise idea, since all of your data would be visible to the world!
If you are only dealing with internal authenticated users, read up on the oDATA endpoint.
If you want to deal with external and/or unauthenticated users, you'll need to find another way to do this that does all of the data filtering & authorization control you need.
I think we normally achieve this using a intermediary integration service. You could have a service which has access to the Org service through conventional CRM authentication, and which provides a number of methods which can be called anonymously (or by custom security) by client code.
For example, a web page calls the 'int' service's 'getContact' method, passing an email address of the user. The 'int' service validates the user's email address and then retrieves the required data from CRM's org service, using credentials stored in a config file (a CRM user with sufficient permissions to serve the 'int' service's methods). The 'int' service then parses the data and returns it to the client code - which has no knowledge of CRM's existence - perhaps as JSON for usability.
I can't seem to find an asmx that has a "Remove" User Profile method...the
UserProfileService has Create and Modify, but no Remove...where should I be
looking to programattically remove a user profile via an WSS WebService?
Please advise.
You appear to be correct:
http://msdn.microsoft.com/en-us/library/websvcuserprofileservice.userprofileservice_methods.aspx
You would however be able to do this from code that uses the server object model.
There is no out of the box web service to delete/remove profiles. We had to create a custom web service deployed to the 12/ISAPI folder (where the OOTB web services are), that took a username as a parameter and called the sharepoint API to then remove the profile.
I need to determine the sites and webs that a specified user can access in a SharePoint web application via the SharePoint API. Note the specified user is different from the current user that is calling the code. I initially was thinking of making use of the PortalSiteMapProvider, but it does not offer an option to change the user context in which it is built up. Can anyone offer any alternatives to this?
Thanks, MagicAndi
You could use the Webservices API:
Determining User's role in a SharePoint site/workspace using the webservices API
Not the most efficient solution to this problem, but you can iterate through all the site collections / webs in the web application and then call:
web.DoesUserHavePermissions(userID, SPBasePermissions.Open)
where "web" is a SPWeb object and userID is "DOMAIN\user.name" of the user you are checking access permissions for. Do it within a RWEP and make sure you dispose of your SPSite/SPWeb objects correctly.
One possible approach is to make use of impersonation to determine the sites and webs that a specific user (other than the current user) can access via the PortalSiteMapProvider. A method for impersonating another user in a SharePoint context is described here:
http://blackninjasoftware.com/2009/04/09/how-to-programmatically-impersonate-users-in-sharepoint/