web parts security
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
web parts security

 
Post new topic   Reply to topic    Windows Server Forum Index -> Portal Server Development
Author Message
Tom
Guest
Posted: Thu Jan 13, 2005 1:02 pm    Post subject: web parts security Reply with quote
Hi all

I am developing web parts for a customer. I am struggling with the security
of the web parts. I was thinking of using code access security for the web
parts. Would this be sufficient and if not what have i overlooked?

ch Tom
Back to top
Gary A. Bushey [MVP]
Guest
Posted: Thu Jan 13, 2005 5:41 pm    Post subject: Re: web parts security Reply with quote
Would really depend on what you are doing. You should always used CAS when
dealing with web parts (for that when dealing with any ASP.Net code) as a
general rule. We really need more information on what you are trying to do
in order to assist you.

--
Gary A. Bushey
SPS MVP
bushey@mindspring.com
"Tom" <Tommster2004@hotmail.com> wrote in message
news:uWNL8zT%23EHA.3700@tk2msftngp13.phx.gbl...
Quote:
Hi all

I am developing web parts for a customer. I am struggling with the
security
of the web parts. I was thinking of using code access security for the web
parts. Would this be sufficient and if not what have i overlooked?

ch Tom

Back to top
Tom
Guest
Posted: Thu Jan 13, 2005 6:53 pm    Post subject: Re: web parts security Reply with quote
ok we are trying to develop web parts that logon to our web service. The web
service interacts with the database on our database server. The security has
to be on the web parts as well as on the web service. We don't want every
user on the sharepoint site that has access to the web parts to access all
the data through the web service. So for the webservice there has to be a
security which manages the permissions for all users to the database.


"Gary A. Bushey [MVP]" <bushey@mindspring.com.REMOVETOSEND> schreef in
bericht news:OU56rTW%23EHA.2316@TK2MSFTNGP15.phx.gbl...
Quote:
Would really depend on what you are doing. You should always used CAS
when dealing with web parts (for that when dealing with any ASP.Net code)
as a general rule. We really need more information on what you are trying
to do in order to assist you.

--
Gary A. Bushey
SPS MVP
bushey@mindspring.com
"Tom" <Tommster2004@hotmail.com> wrote in message
news:uWNL8zT%23EHA.3700@tk2msftngp13.phx.gbl...
Hi all

I am developing web parts for a customer. I am struggling with the
security
of the web parts. I was thinking of using code access security for the
web
parts. Would this be sufficient and if not what have i overlooked?

ch Tom



Back to top
Gary A. Bushey [MVP]
Guest
Posted: Thu Jan 13, 2005 10:29 pm    Post subject: Re: web parts security Reply with quote
I don't think CAS is what you want here. CAS sets the rights of the web
part as a whole, not on a per user basis. You would need to create the
security yourself.

--
Gary A. Bushey
SPS MVP
bushey@mindspring.com
"Tom" <tommster2004@hotmail.com> wrote in message
news:efLxU7W%23EHA.1264@TK2MSFTNGP12.phx.gbl...
Quote:
ok we are trying to develop web parts that logon to our web service. The
web service interacts with the database on our database server. The
security has to be on the web parts as well as on the web service. We
don't want every user on the sharepoint site that has access to the web
parts to access all the data through the web service. So for the
webservice there has to be a security which manages the permissions for
all users to the database.


"Gary A. Bushey [MVP]" <bushey@mindspring.com.REMOVETOSEND> schreef in
bericht news:OU56rTW%23EHA.2316@TK2MSFTNGP15.phx.gbl...
Would really depend on what you are doing. You should always used CAS
when dealing with web parts (for that when dealing with any ASP.Net code)
as a general rule. We really need more information on what you are
trying to do in order to assist you.

--
Gary A. Bushey
SPS MVP
bushey@mindspring.com
"Tom" <Tommster2004@hotmail.com> wrote in message
news:uWNL8zT%23EHA.3700@tk2msftngp13.phx.gbl...
Hi all

I am developing web parts for a customer. I am struggling with the
security
of the web parts. I was thinking of using code access security for the
web
parts. Would this be sufficient and if not what have i overlooked?

ch Tom





Back to top
Kyle Petersen
Guest
Posted: Mon Jan 17, 2005 12:29 am    Post subject: Re: web parts security Reply with quote
This sounds like a pretty simple role based security. You can check if the
current user is in the correct group (role) and display an error message if
they don't have the required access.

There are a couple of options for where you put this logic. First off, the
web service call itself should be protected either through IIS based
security or checking the callers group access. But you should ALSO add the
security check to the web part to minimize unauthorized calls to the web
service.

Kyle


"Tom" <tommster2004@hotmail.com> wrote in message
news:efLxU7W%23EHA.1264@TK2MSFTNGP12.phx.gbl...
Quote:
ok we are trying to develop web parts that logon to our web service. The
web service interacts with the database on our database server. The
security has to be on the web parts as well as on the web service. We
don't want every user on the sharepoint site that has access to the web
parts to access all the data through the web service. So for the
webservice there has to be a security which manages the permissions for
all users to the database.


"Gary A. Bushey [MVP]" <bushey@mindspring.com.REMOVETOSEND> schreef in
bericht news:OU56rTW%23EHA.2316@TK2MSFTNGP15.phx.gbl...
Would really depend on what you are doing. You should always used CAS
when dealing with web parts (for that when dealing with any ASP.Net code)
as a general rule. We really need more information on what you are
trying to do in order to assist you.

--
Gary A. Bushey
SPS MVP
bushey@mindspring.com
"Tom" <Tommster2004@hotmail.com> wrote in message
news:uWNL8zT%23EHA.3700@tk2msftngp13.phx.gbl...
Hi all

I am developing web parts for a customer. I am struggling with the
security
of the web parts. I was thinking of using code access security for the
web
parts. Would this be sufficient and if not what have i overlooked?

ch Tom





Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Portal Server Development All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB