I want to enable self-service for employees starting with the ability to update simple contact information into AD. The twist is that I want this as a web part in SharePoint Online as my company uses BPOS. Employees would log on, change their details and it gets back to the company's AD.
Initial investigations have shown that you cannot add custom web parts but you can add Silverlight components. I have found examples that work with SharePoint Online services and presume that I could reference an on-premise service that I've publicly exposed? This service would then work against the company's AD.
Any tips or direction would be appreciated.
The component that you add to SharePoint Online would have to communicate, via for example a web service, with an onsite component. That on site component would run in a security context of a user that is allowed to update AD.
Note be very carefull when you do this exposing a web service that can update your AD can be dangerous. You need to consider how the web service is secured and that the account used to run it has minimum required rights.
Investigation has found that you can reference your own service from a Silverlight component by nothing more than the usual 'Add Service Reference'. Make sure you have a CrossDomain policy file. You can work with the SharePoint Online services fine. Check out this
Related
I don't have any code yet as I don't know where to start! I see on the web that I'd need to select
on the Access toolbar external data >> more >> data services. Then it asks to point to a xml config file. Which I don't have and would need to create. I have the connection string from a VB.net application.
sWIPConnString As String = "SERVER=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=fake3465-vip.ent.agt.bb.ca)(PORT=41521))(CONNECT_DATA=(SERVICE_NAME=fictitious_service_name)));uid=APP_getinfo;pwd=thispassword;"
I'd have to convert that to an xml version. Any help would be appreciated!
Thank in advance
Pete
But those data services are not just any old plane jane web site. They are web sites that have installed, setup, and the developers of those web sites setup that data service connection. And these custom connections are NOT general web sites, and they are not general web services that many sites have. And they are not a web API written around say SOAP or some REST standard.
So unless that web site decided to adopt this Microsoft specific means and method to expose data, then you not be able to use this feature to simple connect to any old web site out of the blue. If you have a existing web site that exposes some web services? Then you have to use MSXML and consume that web data yourself. That option in Access is not some general purpose setting or feature that allows connection to any old web site - only ones that have created that web service written to the business connection options that Microsoft created.
It not clear if you planning to create some web services on the target web site (that would assume you're the developer of that web site), or you trying to consume existing web services that the given site exposes. Even in this 2nd case, those exposed web services or even REST calls has ZERO to do with the feature in Access.
so that feature is of only use for connecting to web sites that offer specific created connection based on that standard from Microsoft - it not a general web service consuming feature built into access and you can't use that feature as such.
How to make a web service call from Access? Well, it has ZERO to do with that feature. Here is a MSXML exmaple:
How to use XML web services in Access2007 which are built on Visual studio (2008/2010)
I'm having a hard time wrapping my head around some architectural elements to securing a core WCF service that is consumed by many different applications.
Internally, we have an application that allows HR folks to update a peron's details. This is contained in a WPF app. Externally, we have a website that would allow individual people to authenticate (throuh an AD Membership provider) and update their details.
We don't want users to be able to see other user's information (for obvious reasons). But we don't want to host this service inside the same web application that the users would log into. Here is how the architecture would look from a visual studio perspective:
ServiceApplication
WpfApplication
MVCWebApplication
They don't exist inside the same domains, for example, the service application would be hosted at http://www.service1.com/Service.svc and the mvc application would be hosted at http://www.updateyourprofile.com . So a user logs into http://www.updateyourprofile.com and we'd like to hit a Wcf service via JSON. Both the service application, wpf application, and mvc web application would use AD credentials to authenticate. But how do we secure the service so that users who log into the mvc web application can only see their information?
Most of the examples I see say to use the HttpContext.Current.User check inside the service. But since the user authenticated at a different site, how does the cookie transfer? Do you end up having to publish your service inside the same web application that you want to consume so that the cookies travel transparently?
Or is it just not possible to have a centrally located service with disparate applications that use the same authentication store to determine who has access to what on the service?
What you are looking for is some kind of federated authentication system which is used by all the entry points. That is what Windows Identity Foundation can help you to build.
Inside each application, access control would be claims-based, according to the claims embedded in each user's security token issued by the authentication system.
There's an entire book on the subject on MSDN.
Base:
I have created a ASP.NET web part to be deployed to a Sharepoint 2010 site. This web part is using a external web service, a WCF service that is hosted else where, not on the same machine as the Sharepoint site. The web parts are installed on the sharepoint server using a CAB-file that is created via a deploy project.
Issue:
My issue is that I have web service binding configurations in the web.config of my ASP.NET web part solution that I need to modify based on what customer is using it, so I need to be able to modify my binding address after installation (or during).
Other:
I have seen solutions using the SPWebConfigModification, but I have no local installation of Sharepoint so that is not an option. I have also seen pure C# solution where the endpoint address is hard coded in the assembly, but this will prevent me from modifying the address after compilation of the web part. The best way would be to have an external txt/xml-file that I can use from my web part to get the endpoint address from, or a smart way of updating the sharepoint web.config not using SPWebConfigModification.
so...
any one have a awesome solution to my issue?
Can you use custom webpart properties that will contain the WCF endpoint information? This way you will be able to configure your webpart(s) after they are added to a page. The properties are reachable from the webpart code so you can generate the wcf proxy in the runtime with no custom config files in the solution.
this article might help you with the custom properties http://www.lamber.info/post/2010/05/21/How-do-I-create-custom-properties-in-Visual-Web-Parts.aspx
Editing web.config is almost always the wrong place to put something like this.
Maks answer is good and certainly the easiest option, if you want to store the address of the web service in one place to be used by multiple web part instances then this option may be better.
SO - What is a proper way to store site-level global variables in a SharePoint site?
My server side contains WCF4 REST services and I'm going to add RIA services for my future SL4 application. Currently I'm doing Basic authentication like this:
var auth = HttpContext.Current.Request.Headers.GetValues("Authorization");
And so on.. You get the idea.. I call this on every request. If header not present or I can't validate UN/Password - I do this:
outgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"Secure Area\"");
That got me by so far but I'm refactoring my server side. Implementing IoC for linked services. Created custom ServiceHost, ServiceHostFactory, InstanceProvider and all is well.
Now I need to figure how to properly handle authentication and authorization with WCF so I don't have to manually inspect headers. I do have my custom MembershipProvider so there have to be some method that get's UN/PW to process.
Any pointers? I looked at http://www.codeproject.com/KB/WCF/BasicAuthWCFRest.aspx but it uses RequestInterceptor and it is not available in WCF4. I found ServiceAuthenticationManager and ServiceAuthorizationManager but there is no samples available on how to code and wire those..
Can anybody suggest which way I should go?
Try to use this custom HTTP module. It will add new authentication mode to IIS and it will allow you using custom credentials validation.
I had all types of issues using the built-in annotations for WCF in a recent SOAP/C# project. I know this isn't the best solution, but for my purposes, I enabled basic authentication in IIS7 for my application, disabled anonymous authentication and created Active Directory users for the external clients that would call the web service endpoints. I then changed the application's permissions in IIS7 (it uses file system permissions) to allow a group containing those users.
This moves authentication outside your application, which may not be what you want, but does allow you to easily add users via the IIS7 console and deployment tools that can copy those permissions. The advantage is that you don't have to redeploy your application for permission changes. The disadvantage is you can't do fine grained permission control per function.
I can read the SP lists fine and pull data out of the SP context, but I am trying to get data from an external database as well and I don't know exactly how to do that. Is is possible to add WCF communication to the webpart that will allow the Silverlight app to communicate to a WCF service? If so, any examples on how to do this?
Or is there a better way to store/retrieve custom data that I don't want to be accessable through custom sp lists?
You could use a combination of BCS/External Content Types to surface the data in SharePoint, then the SharePoint client object model to access this.
Eric,
I am not sure if i have understood your question correctly. If you have a custom webpart that loads some silverlight content and silverlight needs to access external data using wcf, then you can do the following:
If you need to deploy your wcf service in sharepoint site, then follow this article from Sahil Malik: http://blah.winsmarts.com/2008-5-SharePoint_as_a_WCF_Host.aspx
Once the service is deployed and your able to access it from ie, Add service reference in your silverlight project.
Load the silverlight application in your webpart
This link might also help:
http://blah.winsmarts.com/2008-7-SilverLight_WCF_References_in_SharePoint_-_The_right_way.aspx