Secure application pages in Sharepoint applications

For SharePoint applications, some times we have to create ASP.NET Application pages that reside under the _layouts folder and are not managed by SharePoint Security system.

We have to secure them manually by code, one way is to check in Page_Load and disable controls if necessary.

protected void Page_Load(object sender, EventArgs e)
        {
            if (!UserIsAuthorized)
            {
                //hide the form
                //show an error message
            }
}

Make sure to check if user is authorized in critical methods.

To check if user is authorized:

protected UserIsAuthorized
{
   get
  {
      SPUser  user = SPContext.Current.Web.CurrentUser;

     if(user==null) return false;//anonymous/public users

     //check if user belongs to authorized groups
            string[] validGroups = new string[] { “Group A”, “Group B };
            SPGroupCollection groups = user.Groups;
            foreach (SPGroup group in groups)
                if (validGroups.Contains(group.Name))
                    return true;

    //check if user is System Account
    if (user.ID == SPContext.Current.Web.Site.SystemAccount.ID)
                return true;

    return false;//user is not authorized;
   }
}

When migrating data between Sharepoint farms, use impersonation

ASP.NET impersonation allows the ASP.NET code to run as different users.

If you use only one account to migrate data between SharePoint farms, all the records will eventually be marked as modified by that account.
By using impersonation, you will be able to retain user history.

Open a popup window while sending post data

It’s actually very simple. It’s possible to create a form element and set the target to _blank so that upon submission the target will be opened in a new browser window/tab.
Use hidden input elements to pass data to the target URL.

<form action=”<target URL>” method=”POST” target=”_blank”>
  <input type=”hidden” name=”Name” value=”Wayne”>
  <input type=”submit” value=”Click here to open the window”>
</form>

If  you don’t want a button, use CSS to style the submit button to make it look like a hyperlink.

If you use ASP.NET or SharePoint the framework may complain that there should be only one form tag in the page. In that case use Javascript to construct the form on the fly when the link is clicked, then get rid of the form element after the window is open.

function openWindow()
{
var mapForm = document.createElement(“form”);
mapForm.style.display=”none”;
mapForm.target = “Map”;
mapForm.method = “POST”; // or “post” if appropriate
mapForm.action = “http://localhost:55079/Default.aspx”;

var mapInput = document.createElement(“input”);
mapInput.type = “text”;
mapInput.name = “test”;
mapInput.value = “Test Data”;
mapForm.appendChild(mapInput);

document.body.appendChild(mapForm);

map = window.open(“”, “Map”, “status=0,title=0,height=600,width=800”);

if (map) {
mapForm.submit();
}
//delete the form element
mapForm.parentNode.removeChild(mapForm);
}

<a href=”#” onclick=”javascript:openWindow();”>Click here to open window</a>

RequiredFieldValidator and DropDownList intial value

The RequiredFieldValidator complains if the value of the dropdown list is unchanged even though you may have some default value set programmatically.

To solve this, set InitialValue to the required field validator.

If you set a default value to a dropdown list and then disable the dropdown list, the validator will not work correctly. Use a hidden field and use javascript to update it every time the dropdown list’s value is changed, then configure the validator to check the hidden field instead.

Parse and send Microsoft JSON Date using Javascript

use the following code

var date = new Date(parseInt(jsonDateString.substr(6)));

To pass the date back to the ASP.NET server to deserialize, note that JSON.stringify will escape the slashes in the date values causing parse error in the server. To correct this, use the code below
(shttp://stackoverflow.com/questions/11852432/using-net-javascriptserializer-deserialize-with-datetime-from-client)

function customJSONstringify(obj) {
    return JSON.stringify(obj).replace(//Date/g, "/Date").replace(/)//g, ")/")
}

UpdatePanel in Sharepoint

Apparently UpdatePanel doesn’t work in SharePoint because reasons.

To get it to work, you have to jump through hoops by downloading the SharePoint guidance library thingy as some source code and build it yourself, then deploy it to the GAC of your environment, then add reference to Microsoft.Practice.SPG.AjaxSupport.dll, then use a SafeScriptManager in the usercontrol of your SharePoint webpart.

Maybe it’s better to build the thing using pure HTML and javascript?