{"id":51,"date":"2015-11-30T09:05:00","date_gmt":"2015-11-30T09:05:00","guid":{"rendered":"http:\/\/waynenguyen.org\/dev\/2015\/11\/30\/secure-application-pages-in-sharepoin\/"},"modified":"2016-05-21T03:15:52","modified_gmt":"2016-05-21T03:15:52","slug":"secure-application-pages-in-sharepoin","status":"publish","type":"post","link":"https:\/\/bruceng.com\/dev\/?p=51","title":{"rendered":"Secure application pages in Sharepoint applications"},"content":{"rendered":"
\nFor SharePoint applications, some times we have to create ASP.NET Application pages that reside under the _layouts folder and are not managed by SharePoint Security system.<\/p>\n

We have to secure them manually by code, one way is to check in Page_Load and disable controls if necessary.<\/p>\n

protected void Page_Load(object sender, EventArgs e)
\n        {
\n            if (!UserIsAuthorized)
\n            {
\n                \/\/hide the form
\n                \/\/show an error message
\n            }
\n}<\/p>\n

Make sure to check if user is authorized in critical methods.<\/p>\n

To check if user is authorized:<\/p>\n

protected UserIsAuthorized
\n{
\n   get
\n  {
\n      SPUser  user = SPContext.Current.Web.CurrentUser;<\/p>\n

     if(user==null) return false;\/\/anonymous\/public users<\/p>\n

     \/\/check if user belongs to authorized groups
\n            string[] validGroups = new string[] { “Group A”, “Group B };
\n            SPGroupCollection groups = user.Groups;
\n            foreach (SPGroup group in groups)
\n                if (validGroups.Contains(group.Name))
\n                    return true;<\/p>\n

    \/\/check if user is System Account
\n    if (user.ID == SPContext.Current.Web.Site.SystemAccount.ID)
\n                return true;<\/p>\n

    return false;\/\/user is not authorized;
\n   }
\n}<\/div>\n","protected":false},"excerpt":{"rendered":"

For SharePoint applications, some times we have to create ASP.NET Application pages that reside under the _layouts folder and are not managed by SharePoint Security system. We have to secure them manually by code, one way is to check in Page_Load and disable controls if necessary. protected void Page_Load(object sender, EventArgs e)       … Continue reading “Secure application pages in Sharepoint applications”<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2,22,15],"class_list":["post-51","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-asp-net","tag-sercurity","tag-sharepoint"],"_links":{"self":[{"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=\/wp\/v2\/posts\/51","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=51"}],"version-history":[{"count":1,"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=\/wp\/v2\/posts\/51\/revisions"}],"predecessor-version":[{"id":171,"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=\/wp\/v2\/posts\/51\/revisions\/171"}],"wp:attachment":[{"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=51"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=51"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bruceng.com\/dev\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=51"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}