We are building a new web application that needs to run inside the SP Context for authentication. Unfortunately the person logged into the machine is not necessarily the person logged into SharePoint. I could not figure out a way to detect who was logged into SharePoint from an application outside of SharePoint. So, the solution is to deploy the application to the LAYOUTS folder within the 12 hive. This works great in that I can use a custom master page, go crazy with fancy user controls, AND be within the SP Context. I also locked down access to the page by detecting which web app the user was on so no one can access it from a different SP web app.
The problem is the URL. It is ugly. I want the url to be something like this: www.sitename.com/ instead of www.sitename.com/_layouts/appname/
I tried created creating a new web site within IIS that points directly to the app in the LAYOUTS folder. That failed because I was no longer within the SP Context.
I also tried an IIS redirect which worked, but the URL still switched over to the ugly URL.
Does anyone have any ideas for this?
My orginal problem was not being able to detect the currently logged in user for SharePoint outside of SP, so if you have a solution to that problem, that would be great too.
Your best option is to rewrite the URLs and HTML with a proxy. Apache with the mod_rewrite and mod_html_rewrite options are an option. However this kind of setup is not trivial.
You can use URL rewriting in IIS.
Related
We're trying to setup IIS so that is uses its IIS AppPool identity when going against ACL permission checks (when getting static files from the filesystem) so that we don't have to add "everyone" or "authenticated" users to the main app folder or specific folders.
We've found that setting authenticatedUserOverride to UserWorkerProcessUser achieves the above, but no longer lets us access the specific windows user hitting the website from within the MVC application.
Is there a better way to accomplish this? Again, we're trying avoid having the specific user's credentials validated against ACLs when accessing files.
You can still get the authenticated user that is accessing the site using the LOGON_USER in the Request:
Request["LOGON_USER"]
Scott Forsyth details this on his blog under option #4 (http://weblogs.asp.net/owscott/iis-using-windows-authentication-with-minimal-permissions-granted-to-disk).
As for the best way to accomplish this, I think you are on the right path. I have used this approach along with the roles authorization aspect of ASP.NET to allow/deny access based on membership.
I have deployed three mvc pages to my server as virtual directories using IIS (which there are plenty of tutorials for). I need one of the apps to run when the base URL is requested. So, for example, I have a Help app which can currently be accessed via help.contoso.com/help but I want that app to run when a user simply goes to help.contoso.com instead. I gather there is some sort of redirect option but can't find an example for this type of request anywhere (they're all way more complicated and don't address my simple need). I also think there should be a way to just host the app as the 'root' web 'page' but can't find anything around that either...
I have built an application in Visual Studio, ASP.NET MVC for the company I work at. It is only accessible on our intranet, and uses Windows Authentication to validate the user. There are a few pages that I only want a few users to be able to view, and have restricted access to only those few. The problem is that multiple people use one computer. I need the people that are able to view the few pages to log out when they are done so that others cannot access the page. Right now, I have them closing out the browser, and that logs them out.
The log off button is visible at the top of the screen, but does nothing. Is it possible to use the log off button as well as Windows Authentication?
I have impersonation set to "on" within IIS.
I want my site to be hosted like this:
mysite.com/en/default.aspx
mysite.com/en-gb/default.aspx
mysite.com/de-ch/default.aspx
Originally I just hosted the site in application folders in IIS for each culture I support and everything was fine. I had a separate application in the root which forwarded the user to the appropriate culture. This was all grand.
However, now we're going to host with Azure and I need to get my site to fit into one web role (for those not familiar with Azure, just think of it as me only being able to host the website once - so no application folders). To this end, my site correctly collects the webfolder for the culture and sets the threading appropriately, all this is fine. My problem is that now as far as IIS is concerned the page 'default.aspx' does not exist in the folder 'en-gb'. That folder doesn't really exist. I need to get my site to ignore that first webfolder when it considers what content to get.
It's an interesting one, I suspect my solution lies in URL rewriting. Does anyone have any advice on this?
Thanks for the help!
Well I have found the answer.
It turns out that a web role is capable of much more. I understood that it was a web site running under a virtual machine, but that virtual machine could be torn down and moved at any point. However there is a facility to control what is going on in IIS on that virtual machine within your project. By editing your ServiceDefinition.csdef file you can add virtual applications and virtual directories. More details here:
http://www.dotnettwitter.com/2012/03/publishing-multiple-sites-sub-sites.html
I didn't need to use any fancy URL rewriting. I now have several sites running under one web role.
Well... I will do once I figure out what is stopping my main site working under Azure, but this question is answered.
I'm building a .Net MVC app, where I'm using one particular view to generate an internal report. I don't want the users of the site to gain access to this page at all.
I've a console app that fires every so often which will scrape some of the details from this page by hitting it's URL.
I don't like the idea of having the URL hanging out there but I'm not sure of another way to go about it.
Thoughts on what might be the best practice way for tackling this?
Edit:
Here's what I ended up doing, created a new WCF Service project in the solution. I also copied basically what was the MVC view page into a new standard web forms page in this project. On top of adding security via the regular .net Authentication methods (eg set only valid windows users can access the page), I can also lock down the vhost to only be accessed by certain IP's.
The best practice would be to expose a wcf service for this, and set up a security model that is different than website.
If you must use MVC the best approach use forms authentication with mvc and set
[Authorize(Roles = "SecureUser")]
On the View.
If the view never needs to be rendered at all except to provide data for the console app, then why not have the console app simply connect to your database to get the data directly instead of going through the web app? You could still do this for the console app even if the view does need to be available for some users, then control access to the view using the Authorization attribute, which could suitably restricted now that an external app need not have access to it.