July 2007 - Posts

Friday, July 27, 2007 1:02 AM

BIG Resource list gets Faceted Drill downs

New release of the big resource list page makes it more user friendly with faceted drill downs and most popular items.

We are working on adding two new features also: Member picks and a flag to show users which resources they have viewed.

This page is a prime example of the extremes that you can take a SharePoint list to.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks
Posted by notorioustech | with no comments
Wednesday, July 25, 2007 5:01 PM

Securing SharePoint for internet facing sites

First Read this blog post: http://blogs.msdn.com/ecm/archive/2007/05/12/anonymous-users-forms-pages-and-the-lockdown-feature.aspx

and this technet article http://technet2.microsoft.com/Office/en-us/library/f507f5d6-4c9d-4f98-909f-069c53b9a3f61033.mspx?mfr=true

Then I will tell you what worked for us on this WSS site:

First off securing the allitems.aspx and other forms can't be done with the ViewFormPagesLockdown feature mentioned in the above article as this is a WSS site. We tried to use the location setting in the web.config to restrict these but no luck there unfortunately. That leave use with having to write a custom httphandler which is a post for another day. What we did do for the allitems.aspx is negate its use by restricting the users can only see their own posts in postable lists. We also created a more restrictive permissions role to block some of the download features of document libraries - see earlier post on this.

Our configuration for this site is that of 2 application zones, one is AD authenticated and the other is forms based. SInce the forms based one is really the internet facing one we need to restrict access to more information. Basically most everything under _layouts should be blocked. So for this web application we simple edited the web.conf and added the following entries:

  <location path="_layouts/images">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="_layouts/1033">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="_layouts/groupeditempicker.js">
    <system.web>
      <authorization>
        <allow users="*" />
       </authorization>
    </system.web>
  </location>
  <location path="_layouts/accessdenied.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
       </authorization>
    </system.web>
  </location>
  <location path="_layouts">
    <system.web>
      <authorization>
        <allow users="notorioustech" />
        <deny users="?,*" />
       </authorization>
    </system.web>
  </location>

Note: the _layouts allow entres are required (fill in the appriate locale for wherever you are) so that pages still display correctly.

Since we have the portal accessable by an AD zone we can still use the _layouts forms from there.

FOLLOWUP: Don't forget to secure you _vti_bin directory.  The web services interface to sharepoint is a big backdoor.

  <location path="_vti_bin">
    <system.web>
      <authorization>
        <allow users="notorioustech" />
        <deny users="?,*" />
       </authorization>
    </system.web>
  </location>

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks
Posted by notorioustech | 2 comment(s)
Filed under: , , , ,
Monday, July 23, 2007 10:32 AM

BIG Resource List approaching 300 pre qualified entries

While there is of course a focus on Enterprise Seach we have tons of entries spanning all topics SharePoint that are important to our readers.

The entries have each been reviewed and categorized to reduce the noise in your research.

You can filter them, rate them and track the popularity of each link.

If you know of a resource that we should have please Add It (need to join first - it's free)

 

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks
Posted by notorioustech | with no comments
Sunday, July 22, 2007 9:28 PM

redirect in default.aspx to a page library

On our site we wanted to have all of our pages under version control including the root default.aspx page so that required us to do a redirect from from the root to the /pages/default.aspx.

There are a few ways to do this.

  • The easiest is to add a content web part and add a <script> location.href = '/pages/default.aspx'; </script> but not the most efficient means.
  • or create a simple web part or web control that does a Page.Response.Redirect = "/pages.default.aspx"
  • or what we did is add this to the page

<script language="C#" runat="server">

    void Page_Load()
    {
         Response.Redirect("/pages/default.aspx");  // DO NOT USER Server.Transfer here as it will screw up your relative references.
   }

</script>

NOTE: for this to work you will also need an entry in the web.config file to allow compiling. Looks like this:

  <PageParserPaths>
        <PageParserPath VirtualPath="/default.aspx" CompilationMode="Always" AllowServerSideScript="true" />
      </PageParserPaths>


 

 

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks
Posted by notorioustech | 1 comment(s)