I have a site setup using Claims Based (Forms) authentication with Anonymous access enabled.
When a user logs into the site they may exist in the Forms Database, but not in the SharePoint Site collection. In this case SPContext.Current.Web.SPUser returns NULL - even though they are logged in.
Is there another object similar to SPUser that I can use?
Is HttpContext.Current.User.Identity.IsAuthenticated == true? If so, try putting a call to SPContext.Current.Web.EnsureUser(HttpContext.Current.User.Identity.Name) before digging into Web.CurrentUser (which is what I presume you meant, not Web.SPUser)
-Oisin
Related
I have a project where I have a username (but not the password) and need to check if the user can access an item. This must be on the item-level and not the web level since rights may not be inherited.
I am aware of the SPWeb.CheckPermissions but figured it will only test if the user can access the actual spweb.
Thanks
== EDIT ==
I was able to achieve this by doing this
var item = properties.ListItem;
SPUser user = SPContext.Current.Web.EnsureUser(#"domain\logonname");
item.DoesUserHavePermissions(user, SPBasePermissions.OpenItems);
My question remains a bit however. Is this possible to do via the web service api?
With SharePoint 2013 you can use the REST API to query static methods. An interesting method would be the SPUtility.GetPrincipalsInGroup. Of course you can't ask for "has open permission", but you can ask for a specific group. To query a static method refer to: Programming using the SharePoint 2013 REST service, look for the section Specifying static methods and properties as REST service URIs. Of course you would have to call the Web Service with an authenticated user and the group needs to be enabled to be enumerable by all users.
I have crated a custom site that would provide registration for new user who wold like to access my sharepoint site with asp.net membership account. When new user clicks register, i would like to send email notification about new user to all members of a particular sharepoint group. The problem is, the registration site allows anonymous access (well it has to :)) but the code (second line) that gets all the users in group redirects me to a login page:
var web = SPContext.Current.Web;
return web.Groups[groupName].Users;
I have created a new user group and set 'Who can view the membership of the group?' to everyone, but still, I can't get the groups without being logged in. Is is possible at all?
SharePoint has the ability to run code blocks using RunWithElevatedPrivileges, which runs under the identity of the SharePoint system account. If you wrap your code block above, you should be able to get the group you are referencing.
It is really important to make sure you are properly calling Dispose on your code so you are not leaving around reference to the spSite object etc. As a result, almost all RunWithElevatedPrivileges examples utilize the using construct.
More info at
http://msdn.microsoft.com/en-us/library/bb466220.aspx
When I did this before, I created a list that allowed anonymous users to create new items and then placed an alert on the list that sent notifications to the appropriate people/group. I don't remember there being any security problems sending notifications this way.
I'm curious about the best/most efficient way to do this.
I've already set up my sharepoint 2010 site, and it is configured to use FBA. What i'd like to do is allow users to create their own accounts by filling out a form (the form will sit on a public sharepoint site, and filling it out creates a user in the membership database which is used for validation to enter the FBA sharepoint site).
I'm familiar with using the asp CreateWizard tool to build user accounts as part of a .Net web application, but I'm not sure on how to develop this as a webpart for use in a sharepoint site, as a webpart doesn't have the config file to store connection string and membership/role provider info.
Can this user creation form be put in a webpart and deployed to other sites, or is there another/better way to add this functionality to sharepoint (allowing users to register/create their own FBA accounts for access)?
There's nothing not much difference between SharePoint and regular ASP.Net for this.
The membership provider will need to be configured in the SharePoint web.config, including connection strings. However, it does not actually need to be used for login, so you can still create users in that membership provide from a different site.
I use a slightly different approach though - set up an anonymously accessible page in your site (in layouts is probably easiest, though a page within a site may be better for branding) and put controls on that page to create (and log in) a new user. You will need to call EnsureUser and possibly CreateUserProfile to give the new user access to anything, but aside from that it's all standard .net.
I have enabled anonymous users on the farm and on the entire site.
I also have Windows Authentication turned on.
Whenever an anonymous user attempts to view the site, they are prompted to log in.
And they get prompted to login on every single page they view.
I would like to allow users to log in via Windows Authentication, (perhaps through a special page), but anonymous users should not get prompted to put in their password ever.
Does that mean I need to switch to forms based authentication for the entire site, or is there an option in 2010 to somehow get Windows Authentication and allowing anonymous users to live harmoniously.
It could be because some of the file is not published. For ex, if master page, CSS stylesheet or any image is unpublished, it will prompt the user for login.
Make sure everything is published and it will work.
You need to see if it is anything on this path http://server/_catalogs/masterpage/Forms/AllItems.aspx
that it is not published.
You must publish everything
May be you missed some of the configuration steps .So i wish if you take a look to the following article
SP2010 Branding Tip #9 – Turn on Anonymous Access
Regards
I assume that you are using the Publishing Site Template for the public site and hence the default.aspx (the welcome page of all the subsites) is not published so you would need to start the approval workflow publish the pages and any other assets (master page, css, images etc)
You need to do some prepwork to set the site up using two web applications, both with different authentication methods. You can't run SharePoint effectively for Windows users and anonymous (or Forms based authentication) at the same time.
Essentialy:
Create your SharePoint site for internal users using Windows Authentication
Extend the site to a new site (using the same content database) but using anonymous or forms based authentication (whichever makes sense for you)
A MSDN article can be found here on this:
http://msdn.microsoft.com/en-us/library/ff648385.aspx
You can also read Andrew Connell's blog about this (he talks about Forms based authentication but you can do the same with anonymous access)
http://www.andrewconnell.com/blog/articles/HowToConfigPublishingSiteWithDualAuthProvidersAndAnonAccess.aspx
Basically you want dual authentication, Windows for one set of users and anonymous or FBA for another (and each access the site using a different URL)
Hope that helps.
I need to determine the sites and webs that a specified user can access in a SharePoint web application via the SharePoint API. Note the specified user is different from the current user that is calling the code. I initially was thinking of making use of the PortalSiteMapProvider, but it does not offer an option to change the user context in which it is built up. Can anyone offer any alternatives to this?
Thanks, MagicAndi
You could use the Webservices API:
Determining User's role in a SharePoint site/workspace using the webservices API
Not the most efficient solution to this problem, but you can iterate through all the site collections / webs in the web application and then call:
web.DoesUserHavePermissions(userID, SPBasePermissions.Open)
where "web" is a SPWeb object and userID is "DOMAIN\user.name" of the user you are checking access permissions for. Do it within a RWEP and make sure you dispose of your SPSite/SPWeb objects correctly.
One possible approach is to make use of impersonation to determine the sites and webs that a specific user (other than the current user) can access via the PortalSiteMapProvider. A method for impersonating another user in a SharePoint context is described here:
http://blackninjasoftware.com/2009/04/09/how-to-programmatically-impersonate-users-in-sharepoint/