In my code I'm running under elevated privileges, to access other Web applications. But I get a security error when the web application user can't access the database (when ever I try to access a SPWeb object).
Is there a way to make sure (in code) that a user has access to the Content database of a web application before trying to access sites in a site collection on that web application?
No, you can't make sure of this in code. If you're having your web app pools running as different accounts then you need to impersonate the other web app pool accounts.
Related
The Azure sample active-directory-dotnet-native-desktop shows how to use ADAL to sign in for accessing a Web API from a WPF app. In the call to authContext.AcquireToken it's passing the Resource URL of the web service as a parameter. What if I just want to prompt the user to sign in to the desktop client itself and there's no Web API? Isn't there any sample for that?
Can you define what do you mean in practice with "sign in to the desktop client itself"?. A native app will prompt you only when you need to access remote resources, because they are the only ones that the user cannot access directly. If a resource is already on your local PC, and you have access to the windows session, what are you going to protect with the login? In other words, what is the resource or operation that a user cannot perform unless they go through a login? Having access to the windows session means that the user can do pretty much whatever he/she wants. Doing a login without accessing a remote resource would largely amount to theater.
I'm using Office 365 and Windows Azure. I need to create an App on Azure that will require authentication and will be accessible for Sharepoint workflows.
I created simple ASP.NET app that uses Azure Active Directory for single sign-on (according to this steps: http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory )
Then I created workflow on Sharepoint, that calls this App and retrieves response content. Unfortunately it turns out that instead of website content it returns login page.
My question is how to make the connection between Sharepoint Workflow and Azure App, so that the App would require to log in for users, but would be accessible for the Sharepoint Workflows?
Sorry for my poor explanation, but I'm very new in this topic.
I've been looking at this so long now that I think I'm probably missing something obvious. My scenario is this.
I have a SharePoint 2013 app which needs to pull data from a set of web services (not SharePoint hosted) to populate the application. Because the SharePoint server and API server are hosted in the same domain and authenticate against the same AD server, what I would like is for the user to sign in to SharePoint and then use the same credentials to make the request to the API server. It's a SharePoint hosted app, so the request needs to be made via JavaScript (well, using jQuery).
I'm guessing that this is possible, but what's the best way to look at implementing it.
I need to implement a web application hosted on sharepoint. This is a client requirement. So I cannot create a standard asp.net web application. Another client requirement is that the authentication is not an active directory one but they want to use an existing database of users.
I am a bit concerned how this would work on sharepoint because users would need to log-in onto sharepoint. Would it make sense that users log into sharepoint as anonymous and then we use our custom controls for log-in. How does sharepoint handle anonymous users?
Any assistance would be greatly appreciated
When building apps over SharePoint, you use the SharePoint authentication mechanism, whatever it is.
Does the SharePoint farm is already in place ? Or do you have to also build the farm ?
In the former case, probably the authentication mechanism is already in place and you just have to build a "standard" sharepoint application.
In the later case, you will have to carefully plan your authentication. SharePoint can use a combination of AD authentication, Forms authentication (over a DB in your case if you want) or a Claims authentication pattern. My guess is that a Forms authentication with a custom Membership/role provider is the way to go.
What user account does my .Net WCF service run under when I am hosting it in IIS 7?
Is it the IUSR_machine account?
What is the easiest way for me to run under a different account? (Just for this service, I don't want other things hosted in my IIS to be affected).
To change just the single application, you'll need to create a new application pool and change the identity for that pool. That way, every other application will continue to run as-is, as the applications that use your new app pool will use that new identity.
To set the account used by anonymous users for a particular site, open the properties for that web site. Then, go to the Directory Security tab. Click the "edit" button in the authentication and access control box. In the window that appears you can specify the user account which will be used for anonymous access to the site. This will control the account used to access files, but may not apply to ISAPI applications (in which case a new application pool will be needed with its own permissions as already mentioned).