Impersonation, SSO & custom web parts

Using Impersonation and Single Sign-On to access corporate data from within a custom

SharePoint web part MikeFITZSIMONSYSTEMSARCHITECT

FITZSIMON IT CONSULTING PTY LTD

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

Agenda

A Custom Web Part overview Single Sign-On Impersonation Generating graphics on the server What can go wrong

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

Custom Web Part

Web part generates this graph (.gif) dynamically from corporate data in a database

The currently-logged-in user does not have permission to access this data

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

Single Sign-On Service

To many, a great disappointment Installed by default with SPS, but set to

manual start-up Must run under an account which

Is a local administrator Belongs to STS_WPG & SPS_WPG groups Has db_owner rights for the SharePoint

Services configuration database Belongs to Server Administrators role for the

SQL Server holding the SSO database

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

SSO Application Definition

Unique name for the application plus definition of logon fields Username, password, domain, database

name, secret Q&A, whatever SharePoint Portal Server Central

Administration -> Component Configuration -> Manage settings for single sign-on ->Manage settings for enterprise application definitions

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

Impersonation

Using SSO in a Web PartImports Microsoft.SharePoint.Portal.SingleSignon

RenderWebPartProtected Overrides Sub RenderWebPart(ByVal output As System.Web.UI.HtmlTextWriter)

Use SingleSignOn service to change user identity to impersonate a user with sufficient rights to access the data.'context for new identityDim objContext As WindowsImpersonationContextDim arrCredentials() As StringDim strUID As StringDim strDomain As StringDim strPassword As String

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

Impersonation

try to get credentials from SSO serviceCredentials.GetCredentials(Convert.ToUInt32("0"), _ "ApplicationName", arrCredentials)strUID = arrCredentials(0)strDomain = arrCredentials(1)strPassword = arrCredentials(2)

change the contextDim objIdentity As WindowsIdentityobjIdentity = IdentityHelper.CreateIdentity(strUID, strDomain, strPassword)objContext = objIdentity.Impersonate

…draw chart… undo impersonation, revert to logged-in user's

credentials.objContext.Undo()

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

IdentityHelper.CreateIdentity

See attached IdentityHelper.vb

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

Generating graphics on the server

Office Web Components 2003 installed on ServerImports Microsoft.Office.Interop.Owc11

create a ChartSpaceClass object | add a chart to itProtected Overrides Sub CreateChildControls()

chSpace = New ChartSpaceClasschart = chSpace.Charts.Add(0)

Allow custom drawing within chart spacechSpace.AllowRenderEvents = True

specify the type of graph to be displayedchart.Type = ChartChartTypeEnum.chChartTypeAreaStacked

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

What can go wrong

Fitzsimon IT CONSULTING PTY LTD www.fitzsimon.com.au

Questions

Mike FitzsimonMike@Fitzsimon.com.au

Mike’s bloghttp://mike.brisgeek.com

Fitzsimon IT Consultingwww.fitzsimon.com.au