Free Web Part – Security Aware Silverlight SharePoint Web Part With Auditing

Just want the code? :

**Tested In SharePoint 2007 & SharePoint 2010**

While working at a new SharePoint client, one of the issues I was made aware of was that for new development Silverlight was being leveraged across both the legacy SharePoint 2007 and newly staged SharePoint 2010 instance for custom applications. While this wasn’t a strict standard to maintain the application in accordance with potential ongoing maintenance making use of Silverlight was the best approach.

The being said, I went off and delivered a series of applications that were built on Silverlight, hosting them in the pretty much default manner using the built-in SharePoint 2010 facilities. However, there are two huge, noticeable gaps with this:

1) There is no way to audit application invocation / what .XAP files were being used I think this is kind of a drag. It makes more sense to maintain a collated list of all the Silverlight files being invoked in a SharePoint environment, which would immediately require a new type of host that would provide such a holistic view into the Silverlight / SharePoint environment.

2) Security Configuration Being Internally Managed It seemed that while there were ways to tap directly into the SharePoint OM and inject resultant queries into Silverlight code, such a generic application didn’t lend itself well to an ad-hoc configuration basis. That sounds terrible. Since the container for users in the environment is well defined (i.e. relying on SharePoint to provide that through user profiles, user information list, etc.) this code can be super generic.

Expanding on the aforementioned concepts, it is easy to grasp some baseline requirements that must be present for the new Silverlight application host to be successful.

For Auditing –

1) When a new .XAP file is invoked through the host, this information must be sent to a retrievable medium that is easy to view and access. So a SPList object should be leveraged.

2) For matrix-based SharePoint taxonomies, the host must be a site collection-by-site collection basis since divisions while have different site collection administrators that are responsible for collating and analyzing the information. Rolling this information up can simply lean on baked-in CQWP features or a custom rollup.

3) The information collected should be:

a. .XAP invoked
b. SPWeb Title
c. Page (SPItem) Title
d. Full (Absolute) URL to the hosting page
e. Last Modified Date (if the WebPart is ever placed in edit more).

4) Auditing has to be dynamic in the sense that if the WebPart is modified, this event is recorded so that the information does not grow stale and unusable.

5) An email should be sent to a user specified in the host when a new file is invoked.

6) All required content placeholders should be generated automatically.

For Security –

1) Simply put, security settings on the corresponding audit entries should naturally flow to the Silverlight application so that a developer can easily read the past in roles. Since an SPListItem is a SecurableObject, it makes sense to just compartmentalize the permissions corresponding between Silverlight and the SPListItem.

2) Since permissions set on the SPListItem will translate to those read from the Siverlight application, an event receiver to do group membership checks for configured administrators should be implemented.

3) The roles and current user should be available as parameters to the Silverlight application.

The code is deployed as a regular good ol SharePoint Feature:

At first the site collection will have no lists:

Activate The Feature:

A WebPart Instances List Will Be Generated At The Root Of The Site Collection:

These columns will be provided by a specialized content type, while the default item content types is removed:

The Instance Content Type is programatically created by the feature (select for a larger image):

The event receiver to protect unauthorized changes is wired in the same method:

Each Of The Items Is Represented As A WebPartIntance Type:

Each Of these values is hydrated using save methods of SPListItem objects:

And at the end of the day, the parameters are sent to the developer to consume (select for a larger image):

That’s a pretty good overview of the holistic application architecture. From an interface perspective, the first thing the WebPart is going to execute before performing any auditing events is check whether proper properties have been set (select for a larger image):

This is simply indicating that a Silverlight container and corresponding have not yet been selected:

The files themselves are trimmed according to silverlight extensions (select for a larger image):

Once all the requisite properties are set, you will see your Silverlight files running:


Excel Services Security Best Practices – Overview Of Excel Services Security

The when designing security strategies for Excel Services it involves learning about holistic SharePoint security, user authentication, communication for servers, and the authentication of external data. All of these areas must be covered before implementation so you can make well informed decisions. There is a great deal more to consider with Excel Services than just security however. When it comes to deploying SharePoint 2010 and its associated features, you need to take many different considerations and evaluate them. One of the many elements that can be of benefit to you is the Excel Services Application. It is one of the platforms that is part of SharePoint 2010. The function of Excel Services works with SharePoint Server 2010 to offer security, control, and management for the various Excel workbooks that are part of that enterprise. This type of application is a server that allows for performance and security to be key issues addressed. It can be deployed within workbooks or work with them so that the various components such as PivotTable reports and charts can be used for dashboards within any organization. This allows a user to take advantage of calculations that are associated with a server side Excel spreadsheet.

From there custom applications can be determined. Users have the option of locking workbooks so that they can have more security over their private data and property. This makes it possible for the data in a workbook to be protected at a higher level while they are on a server. It also allows for the data to be refreshed and recalculated through the Excel Services Application.

There is no denying that security is very important for any such component. There are several elements that you need to consider when it comes to the planning for your environment. You want it be one that has high security for the workbooks that will be placed on a server. When designing the Excel service security a plan should be developed to manage the security of the workbooks and the security of server that they are placed on. With the help of Excel Services Application you will be able to have complete control over the process and how everything is displayed for the Excel workbooks. You get to control how the workbooks will be opened on the server. You get to control who will be authorized to open them and what elements that they get access to from those workbooks. Understanding the security and the authentication settings you can choose from with Excel Services Application is very important.

You will need to consider all of this information before you move forward with deployment. The guidance offered here in these materials will ensure you get the most benefit from Excel Services Applications. At the same time it will ensure that your workbooks are very secure on the server.The security model is based on the concept of ensuring the data is in quality form, that the administrator is able to centrally manage the resources being shared, and that the intellectual property of the workbooks is maintained. In order for this to happen you will need to specify something things in Excel Services. Trusted data connection libraries are SharePoint document libraries with .odc files. Those files are used to offer a centrally managed connection with external data sources. Rather than allowing for the connections to be embedded, they can be configured through Excel Calculation Services for all data connections with those .odc files. The .odc files are stored and the connection must have trust before the workbooks can be accessed through Excel Calculation Services. Trusted data providers are the external database where the Excel Calculation Services can be configured. They have to be able to trust so that the data being processed is able to successfully connect to the workbooks. The connection will only be attempted by Excel Calculation Services when there is a trusted data provider in place. Trusted file locations are document libraries in SharePoint are the trusted file locations. They have to be trusted before the Excel Calculation Services will be able to access them. It is important to understand that Excel Calculation Services is only able to open workbooks that are stored in trusted files.

The default setting for a cross domain workbook and data connection isn’t allowed to occur. If you want to have the workbooks in trusted file locations that can be accessed across the web part domains you have to run the Windows PowerShell. The web pages that are requested and the workbooks have to be on the same farm. When you open up a workbook in Excel Calculation Services, there will be a temporary file stored in the %TEMP% folder. This will be located on the application server where the Excel Calculation Services is running.


System.ServiceModel.FaultException Error When Using QueryService.QueryEx

The QueryService.QueryEx method is pretty useful in custom applications that leverage the inbuilt query features of SharePoint since it provides a System.Data.DataSet object containing a System.Data.DataTable object for each search result set, so can contain multiple result sets. Usually people use it to build custom views of mined data ala the search features, its utility is noticeable in it’s ease.

After migrating a pre-production SharePoint 2007 instance to 2010, my current client pointed out that one of their custom WebParts that make use of the QueryEx method was not functioning and bubbling up a System.ServiceModel.FaultException.

Looking at the ULS logs, I saw the following error being thrown:

Exception caught in QueryService class. Exception message: Exception from HRESULT: 0x80040E01. Stack: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter) at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) at

Microsoft.Office.Server.Search.Query.QueryService.DoQuery(QueryMethod queryMethod, String queryXml, String& domain, String& queryId, Int32& startAt, Boolean& fStandardResults, StringCollection& querySuggestions) at Microsoft.Office.Server.Search.Query.QueryService.QueryEx(String queryXml).

If you get this error (it should be noted that you can get a similar error when working with the FullTextSqlQueryclass as well, you must reduce the RowLimit in the query. It should be noted that the RowLimit ceiling is 917728059 and you should not use MaxValue.