Secure application pages in Sharepoint applications

For SharePoint applications, some times we have to create ASP.NET Application pages that reside under the _layouts folder and are not managed by SharePoint Security system.

We have to secure them manually by code, one way is to check in Page_Load and disable controls if necessary.

protected void Page_Load(object sender, EventArgs e)
        {
            if (!UserIsAuthorized)
            {
                //hide the form
                //show an error message
            }
}

Make sure to check if user is authorized in critical methods.

To check if user is authorized:

protected UserIsAuthorized
{
   get
  {
      SPUser  user = SPContext.Current.Web.CurrentUser;

     if(user==null) return false;//anonymous/public users

     //check if user belongs to authorized groups
            string[] validGroups = new string[] { “Group A”, “Group B };
            SPGroupCollection groups = user.Groups;
            foreach (SPGroup group in groups)
                if (validGroups.Contains(group.Name))
                    return true;

    //check if user is System Account
    if (user.ID == SPContext.Current.Web.Site.SystemAccount.ID)
                return true;

    return false;//user is not authorized;
   }
}

When migrating data between Sharepoint farms, use impersonation

ASP.NET impersonation allows the ASP.NET code to run as different users.

If you use only one account to migrate data between SharePoint farms, all the records will eventually be marked as modified by that account.
By using impersonation, you will be able to retain user history.

RequiredFieldValidator and DropDownList intial value

The RequiredFieldValidator complains if the value of the dropdown list is unchanged even though you may have some default value set programmatically.

To solve this, set InitialValue to the required field validator.

If you set a default value to a dropdown list and then disable the dropdown list, the validator will not work correctly. Use a hidden field and use javascript to update it every time the dropdown list’s value is changed, then configure the validator to check the hidden field instead.

UpdatePanel in Sharepoint

Apparently UpdatePanel doesn’t work in SharePoint because reasons.

To get it to work, you have to jump through hoops by downloading the SharePoint guidance library thingy as some source code and build it yourself, then deploy it to the GAC of your environment, then add reference to Microsoft.Practice.SPG.AjaxSupport.dll, then use a SafeScriptManager in the usercontrol of your SharePoint webpart.

Maybe it’s better to build the thing using pure HTML and javascript?

Allow ASP.NET form to be used after downloading a file in SharePoint webpart

Solution: the most effective solution: add “_spFormOnSubmitCalled=false;_spSuppressFormOnSubmitWrapper=true;” to OnClientClick of the button

<asp:LinkButton ID=”lbExport”
runat=”server” Text=”Export”
OnClick=”lbExport_Click”
OnClientClick=”_spFormOnSubmitCalled=false;_spSuppressFormOnSubmitWrapper=true;”/>

Solution:

Add this code to the .ascx file

<script type=”text/javascript”>
    function setFormSubmitToFalse() {
        setTimeout(function () { _spFormOnSubmitCalled = false; }, 3000);
        return true;
    }
</script>

Then, for the download button, add the code to call this function after user clicks it

OnClientClick=”setFormSubmitToFalse”

Another way is to refresh the page on client after certain time

onclientclick="timedRefresh(2000)"

then in your html..

    <script type="text/JavaScript">
    <!--
    function timedRefresh(timeoutPeriod) {
        setTimeout("location.reload(true);",timeoutPeriod);
    }
    //   -->

EventReceiver cheat sheet

List item:
List BeforeProperties AfterProperties properties.ListItem
ItemAdding No value New value Null
ItemAdded No value New value New value
ItemUpdating No value Changed value Original value
ItemUpdated No value Changed value Changed value
ItemDeleting No value No value Original value
ItemDeleted No value No value Null
Document Library:
Library BeforeProperties AfterProperties properties.ListItem
ItemAdding No value No value Null
ItemAdded No value No value New value
ItemUpdating Original value Changed value Original value
ItemUpdated Original value Changed value Changed value
ItemDeleting No value No value Original value
ItemDeleted No value No value Null

Ways to debug ASP.NET and Sharepoint webparts

Either run Debug from Visual Studio, which will retract and redeploy the project before deploying and more time consuming

Or, From “Debug”, select “Attach to process…” and attach the debugger to the w3wp.exe processes and start debugging. Make sure to open the browser and browse the site first to start the processes before attaching.