We use Sharepoint as CMS for our webpages at work. I know how to create controls that can be only visible if you have logged in in SharePoint with:
<Sharepoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" runat="server" PermissionsString="AddAndCustomizePages"><br />
<Sharepoint:CssLink ID="CssLink1" runat="server"/><br />
</Sharepoint:SPSecurityTrimmedControl>
But I want to know how to make controls visible (or whatever) programmatically depending on permissions.
I cannot use the methods for .NET windows form authentication like:
if (!(HttpContext.Current.User == null) && HttpContext.Current.User.Identity.IsAuthenticated){}
because we use this for anonymous users who has another type of log in.
Could you provide some code? I know that it must be something like verifying the SPContext.Current.FormContext.
How are the users authenticated? With forms authentication or Windows/active directory?
If active directory, then I think in that case you might need to get a reference to the current SPWeb, and then do web.CurrentUser.ID. This might come out null when you are anonymous. If not, try web.SiteUsers.GetByID(web.CurrentUser.ID) and see what you get.
DoesUserHavePermissions
You can use this method on the current web to check if the current user has a specific permission.
I assume your authenticated users have some permission to check for that the anonymous crowd is denied.
Although I haven't tested it, I imagine the LoginName property of the SPUser object will be blank, or throw an exception.
... of course, its never safe to presume anything when dealing w/the SharePoint OM :(
Related
Currently we (myself and my company) have an asp.net mvc4 page. We wish to utilize a logon page which authenticates via AD. One requirement being with an unsuccessful attempt we give back some information to the user.
The information we would like to have would be something like:
Invalid user/pw
Account is locked
Password expired
This is unfamiliar territory so I'm not sure what .NET libraries may be available. So far I've only come across the System.DirectoryServices but it doesn't seem I will get results beyond a bool.
Is this possible? Any references, suggestions, or examples would be greatly appreciated!
You can use PrincipalContext.ValidateCredentials to validate your credentials first. If false is returned, use the static UserPrincipal.FindByIdentity to find your user then, if found, look to see if the account is locked out using IsAccountLockedOut().
You might need to extend UserPrincipal yourself to see if the password is expired, I'm not seeing a direct property/method. You can extend it to access the userAccountControl attribute directly and check to see if bit 0x800000 is set, which is PasswordExpired. Here is more information on the userAccountControl values.
Suppose you have code like this
try
{
SearchResult result = searcher.FindOne();
}
catch(Exception e)
{
// now what?
}
Now in Exception you can deal with LDAP exception type, Here is the List of all LDAP error's.
http://msdn.microsoft.com/en-us/library/aa746530(v=vs.85).aspx
You can identify on the basis of ADSI Error Value which type of error you are getting.
But according to me you should give user a single common error like invalid credentials because LDAP error are much hard to deal with.
Cheers.!!
Can someone please point me in the right direction as to how to determine if an user is currently logged in?
I am currently using C# in Visual Studio. It came with an default web application example.
I added a bunch of pages, I would like to set them up so they are only visible when an user is logged in already.
You can check the IsAuthenticated property on the Page.Request
HttpRequest.IsAuthenticated
http://msdn.microsoft.com/en-us/library/system.web.httprequest.isauthenticated.aspx
You can check his session to check his presence, all though it is not full proof method but it can help you if you have set session expiration time to small time like 5 min. etc..
You should to take a look at ASP.NET Login Controls Overview
Use the Page.User Property (System.Web.UI)
something like
if (Page.User != null) ...
or check a user role
if (Page.User.IsInRole("[YourUserRole]")) ...
to get started
Also this is a quick read on ASP.NET Authentication
I am trying to make use of the active directory membership rather than SQL but there is very limited documentation available online. I have managed to connect my application to the domain controller without any problems but when you use "Context.User.Identity.Name" it comes up with DOMAIN\User. I want to basically drill down and get information such as full name, e-mail address, etc.
I just need a useful link and the searching I have done doesn't appear to have got me anywhere!
Many thanks
This should give you a bit of a clue: http://msdn.microsoft.com/en-us/library/ms973834.aspx
and here is a list of LDAP properties that you might want to play around with in the search result: http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
Have you tried with this doc?
http://msdn.microsoft.com/en-US/library/system.web.security.activedirectorymembershipprovider%28v=vs.90%29.aspx
Can help?
If you are making use of Active Directory then you are likely using Windows Authentication. If so, all you need to do is:
Reference System.DirectoryServices.AccountManagement
In code (perhaps a controller action or model constructor)
// establishes your domain as the context for your user lookup
var principalContext = new PrincipalContext(ContextType.Domain, "domainName");
// gets the current user's UserPrincipal object
var userPrincipal.FindByIdentity(principalContext, #User.Identity.Name)
// example
var email = userPrincipal.EmailAddress;
Note:
This works because Windows Authentication means User.Identity on the current HttpContext is a WindowsIdentity and thus its Name property can be used to search AD.
You aren't limited to looking up the current user. You can use FindByIdentity() to search any value passed, and this method exists on other principals (ex. GroupPrincipal). You can also designate you wish to search by another type such as SID instead of Name.
Enjoy!
I'd like to utilize the Windows Authentication Model for authenticating users that use my C# 3.5 WinForms application:
The user that has logged on Windows is automatically logged in to my application.
If the user wants to log in explicitely, his user name and password should be checked by Windows, or even better, prompted by Windows with a standard Windows Dialog. The outcome should be another WindowsIdentity object.
The first was very easy to solve long time ago: I read the
WindowsIdentity identity = WindowsIdentity.GetCurrent();
Just to make sure, I check for the
if (identity.IsAuthenticated) { ... }
For the second case I've found some API calls in other SO Q&A's, but I'm pretty sure there must be a managed way for that, am I wrong?
Further I wonder whether my approach for 1. is save and appropriate. Thanks for your feedback!
Update: According to Ivan, I have to use the P/Invoke approach. This is basically alright, but then I still need a way to retrieve a WindowsIdentity object for that certain user, which has its IsAuthenticated property set to true. The P/Invoke call in itself doesn't return such an object. How can this be done?
I am not certain about this but it looks like you want to use the WindowsIdentity Ctor that takes an IntPtr. To get the parameter that is passed into this constructor you can PInvoke the Win32 API LogonUser() function. This will give you a WindowsIdentity for this user.
There is no managed way of doing this, you have to do pinvoke (api call) as you said. Approach #1 is totaly ok ... trust microsoft :)
Has anybody experienced Sharepoint always returning true for rlAuthorizationModule.CheckUrlAccessForPrincipal even if the virtual path is not configured to allow anonymous access. Is there an alternative method to check for anon access in SharePoint?
Security Note: If the UrlAuthorizationModule is not defined in the httpModules configuration section for the application, the UrlAuthorizationModule always returns true.
Please see the following url:
http://authors.aspalliance.com/aspxtreme/sys/web/security/UrlAuthorizationModuleClassCheckUrlAccessForPrincipal.aspx
Long shot, but two things you could check:
Is your virtual path inherriting anonymous access from a higher level path?
Are you checking the anonymous user or are you checking a user principle that has access?
When anon access is enabled on Sharepoint for a site the method will always return true.