Transcript Impersonation, SSO & custom web parts

Impersonation, SSO &
custom web parts
Using Impersonation and Single Sign-On to
access corporate data from within a custom
SharePoint web part
MikeFITZSIMON
SYSTEMSARCHITECT
FITZSIMON IT CONSULTING PTY LTD
Agenda
 A Custom Web Part overview
 Single Sign-On
 Impersonation
 Generating graphics on the server
 What can go wrong
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
Custom Web Part
 Web part generates this graph (.gif) dynamically from
corporate data in a database
 The currently-logged-in user does not have
permission to access this data
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
Single Sign-On Service
 To many, a great disappointment
 Installed by default with SPS, but set to
manual start-up
 Must run under an account which




Is a local administrator
Belongs to STS_WPG & SPS_WPG groups
Has db_owner rights for the SharePoint
Services configuration database
Belongs to Server Administrators role for the
SQL Server holding the SSO database
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
SSO Application Definition
 Unique name for the application plus
definition of logon fields

Username, password, domain, database
name, secret Q&A, whatever
 SharePoint Portal Server Central
Administration ->
Component Configuration ->
Manage settings for single sign-on ->
Manage settings for enterprise application
definitions
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
Impersonation
 Using SSO in a Web Part
Imports Microsoft.SharePoint.Portal.SingleSignon
 RenderWebPart
Protected Overrides Sub RenderWebPart(ByVal output As
System.Web.UI.HtmlTextWriter)
 Use SingleSignOn service to change user
identity to impersonate a user with sufficient
rights to access the data.
'context for new identity
Dim objContext As WindowsImpersonationContext
Dim arrCredentials() As String
Dim strUID As String
Dim strDomain As String
Dim strPassword As String
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
Impersonation
 try to get credentials from SSO service
Credentials.GetCredentials(Convert.ToUInt32("0"), _
"ApplicationName", arrCredentials)
strUID = arrCredentials(0)
strDomain = arrCredentials(1)
strPassword = arrCredentials(2)
 change the context
Dim objIdentity As WindowsIdentity
objIdentity = IdentityHelper.CreateIdentity(strUID,
strDomain, strPassword)
objContext = objIdentity.Impersonate
 …draw chart…
 undo impersonation, revert to logged-in user's
credentials.
objContext.Undo()
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
IdentityHelper.CreateIdentity
 See attached IdentityHelper.vb
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
Generating graphics on the server
 Office Web Components 2003 installed on
Server
Imports Microsoft.Office.Interop.Owc11
 create a ChartSpaceClass object | add a
chart to it
Protected Overrides Sub CreateChildControls()
 chSpace = New ChartSpaceClass
chart = chSpace.Charts.Add(0)
 Allow custom drawing within chart space
chSpace.AllowRenderEvents = True
 specify the type of graph to be displayed
chart.Type =
ChartChartTypeEnum.chChartTypeAreaStacked
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
What can go wrong
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au
Questions
 Mike Fitzsimon
[email protected]
 Mike’s blog
http://mike.brisgeek.com
 Fitzsimon IT Consulting
www.fitzsimon.com.au
Fitzsimon IT CONSULTING PTY LTD
www.fitzsimon.com.au