Impersonation, SSO & custom web parts Using Impersonation and Single Sign-On to access corporate...
-
Upload
sebastian-cameron -
Category
Documents
-
view
226 -
download
0
Transcript of Impersonation, SSO & custom web parts Using Impersonation and Single Sign-On to access corporate...
Impersonation, SSO & custom web parts
Using Impersonation and Single Sign-On to access corporate data from within a custom
SharePoint web part MikeFITZSIMONSYSTEMSARCHITECT
FITZSIMON IT CONSULTING PTY LTD
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
Agenda
A Custom Web Part overview Single Sign-On Impersonation Generating graphics on the server What can go wrong
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
Custom Web Part
Web part generates this graph (.gif) dynamically from corporate data in a database
The currently-logged-in user does not have permission to access this data
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
Single Sign-On Service
To many, a great disappointment Installed by default with SPS, but set to
manual start-up Must run under an account which
Is a local administrator Belongs to STS_WPG & SPS_WPG groups Has db_owner rights for the SharePoint
Services configuration database Belongs to Server Administrators role for the
SQL Server holding the SSO database
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
SSO Application Definition
Unique name for the application plus definition of logon fields Username, password, domain, database
name, secret Q&A, whatever SharePoint Portal Server Central
Administration -> Component Configuration -> Manage settings for single sign-on ->Manage settings for enterprise application definitions
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
Impersonation
Using SSO in a Web PartImports Microsoft.SharePoint.Portal.SingleSignon
RenderWebPartProtected Overrides Sub RenderWebPart(ByVal output As System.Web.UI.HtmlTextWriter)
Use SingleSignOn service to change user identity to impersonate a user with sufficient rights to access the data.'context for new identityDim objContext As WindowsImpersonationContextDim arrCredentials() As StringDim strUID As StringDim strDomain As StringDim strPassword As String
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
Impersonation
try to get credentials from SSO serviceCredentials.GetCredentials(Convert.ToUInt32("0"), _ "ApplicationName", arrCredentials)strUID = arrCredentials(0)strDomain = arrCredentials(1)strPassword = arrCredentials(2)
change the contextDim objIdentity As WindowsIdentityobjIdentity = IdentityHelper.CreateIdentity(strUID, strDomain, strPassword)objContext = objIdentity.Impersonate
…draw chart… undo impersonation, revert to logged-in user's
credentials.objContext.Undo()
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
IdentityHelper.CreateIdentity
See attached IdentityHelper.vb
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
Generating graphics on the server
Office Web Components 2003 installed on ServerImports Microsoft.Office.Interop.Owc11
create a ChartSpaceClass object | add a chart to itProtected Overrides Sub CreateChildControls()
chSpace = New ChartSpaceClasschart = chSpace.Charts.Add(0)
Allow custom drawing within chart spacechSpace.AllowRenderEvents = True
specify the type of graph to be displayedchart.Type = ChartChartTypeEnum.chChartTypeAreaStacked
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
What can go wrong
Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au
Questions
Mike [email protected]
Mike’s bloghttp://mike.brisgeek.com
Fitzsimon IT Consultingwww.fitzsimon.com.au