120 likes | 234 Views
Impersonation, SSO & custom web parts. Using Impersonation and Single Sign-On to access corporate data from within a custom SharePoint web part Mike FITZSIMON SYSTEMS ARCHITECT F ITZSIMON IT C ONSULTING PTY LTD. Agenda. A Custom Web Part overview Single Sign-On Impersonation
E N D
Impersonation, SSO & custom web parts Using Impersonation and Single Sign-On to access corporate data from within a custom SharePoint web part MikeFITZSIMONSYSTEMSARCHITECTFITZSIMON IT CONSULTING PTY LTD
Agenda • A Custom Web Part overview • Single Sign-On • Impersonation • Generating graphics on the server • What can go wrong FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
Custom Web Part • Web part generates this graph (.gif) dynamically from corporate data in a database • The currently-logged-in user does not have permission to access this data FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
Single Sign-On Service • To many, a great disappointment • Installed by default with SPS, but set to manual start-up • Must run under an account which • Is a local administrator • Belongs to STS_WPG & SPS_WPG groups • Has db_owner rights for the SharePoint Services configuration database • Belongs to Server Administrators role for the SQL Server holding the SSO database FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
SSO Application Definition • Unique name for the application plus definition of logon fields • Username, password, domain, database name, secret Q&A, whatever • SharePoint Portal Server Central Administration -> Component Configuration -> Manage settings for single sign-on ->Manage settings for enterprise application definitions FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
Impersonation • Using SSO in a Web PartImports Microsoft.SharePoint.Portal.SingleSignon • RenderWebPartProtected Overrides Sub RenderWebPart(ByVal output As System.Web.UI.HtmlTextWriter) • Use SingleSignOn service to change user identity to impersonate a user with sufficient rights to access the data.'context for new identityDim objContext As WindowsImpersonationContextDim arrCredentials() As StringDim strUID As StringDim strDomain As StringDim strPassword As String FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
Impersonation • try to get credentials from SSO serviceCredentials.GetCredentials(Convert.ToUInt32("0"), _ "ApplicationName", arrCredentials)strUID = arrCredentials(0)strDomain = arrCredentials(1)strPassword = arrCredentials(2) • change the contextDim objIdentity As WindowsIdentityobjIdentity = IdentityHelper.CreateIdentity(strUID, strDomain, strPassword)objContext = objIdentity.Impersonate • …draw chart… • undo impersonation, revert to logged-in user's credentials.objContext.Undo() FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
IdentityHelper.CreateIdentity • See attached IdentityHelper.vb FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
Generating graphics on the server • Office Web Components 2003 installed on ServerImports Microsoft.Office.Interop.Owc11 • create a ChartSpaceClass object | add a chart to itProtected Overrides Sub CreateChildControls() • chSpace = New ChartSpaceClasschart = chSpace.Charts.Add(0) • Allow custom drawing within chart spacechSpace.AllowRenderEvents = True • specify the type of graph to be displayedchart.Type = ChartChartTypeEnum.chChartTypeAreaStacked FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
What can go wrong FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au
Questions • Mike FitzsimonMike@Fitzsimon.com.au • Mike’s bloghttp://mike.brisgeek.com • Fitzsimon IT Consultingwww.fitzsimon.com.au FitzsimonIT CONSULTING PTY LTD www.fitzsimon.com.au