use ora:setCompositeInstanceTitle() in Java_Embedding or in an Assign Statement.
for example :
<assign name="assign_InstanceTitle">
<copy>
<from>ora:setCompositeInstanceTitle(concat("LOGIN:",string($inputVariable.request/ns5:Username))))</from>
<to>$instanceTitle</to>
</copy>
</assign>
puts the instance name as “LOGIN:User1″ in the em console
Cross-Site Request Forgery (CSRF) is an attack outlined in the OWASP Top 10 whereby a malicious website will send a request to a web application that a user is already authenticated against from a different website. Much detailed & better explanation is here
To prevent CSRF attacks in SharePoint application pages, which POST’s (http) data to the server, use SharePoint FormDigest Control. This FormDigest Control inserts a generated digest (token) into the form page, when it is requested (usually through GET )& in the code behind we can validate this token using SPUtility.ValidateFormDigest()to make sure that the form/page is not tampered with. Its a good practice to validate the FormDigest in the code behind, which writes data to the DB/Server/SP list,..ideally any write operation that uses RunWithElevatedPrivileges . Two steps:
1. Initialize FormDigest control in the custom application page.
<SharePoint:FormDigest runat="server"/>
2. Check for
SPUtility.ValidateFormDigest()
in the code behind POST methods of application pages to make sure that the form is not tampered with.
To deploy referenced project assemblies to GAC through SharePoint WSP:
1. Open the Package designer in the SharePoint project.
2. Select the Advanced tab.
3. Click the Add button.
4. Select the Add Assembly from Project Output menu item.
5. Use the Source Project dropdown to select which project in your solution should have its assembly included.
6. Make sure the Deployment Target is set to GlobalAssemblyCache.
7. Click OK, Build & Deploy the Solution, the referenced assemblies should be in GAC.
Get Domain level directory entry with username/password, get the property value for ‘maxPwdAge‘ (which would be System.__ComObject)
Convert System.__ComObject to datetime/int.
We have to use COM Interop Libraries for this one, ActiveDs.dll (you can find it on the web)
System.Int64 largeInt=0;
IADsLargeInteger int64Val = (IADsLargeInteger) ent.Properties["maxPwdAge"].Value;
largeInt = int64Val.HighPart * 0x100000000 + int64Val.LowPart;
Console.WriteLine(largeInt);
long ticks = Math.Abs((long)largeInt);
TimeSpan passwordAge = TimeSpan.FromTicks(ticks);
Console.WriteLine("PasswordAge={0}",passwordAge );
Console.WriteLine("PasswordAge in Days={0}", passwordAge.Days);
For more information on converting Large Integer Property Type, please check http://msdn.microsoft.com/en-us/library/ms817837
DO NOT use SPList directly from methods in webparts & application pages. SPList is a sharepoint object & will instantiate a new SPWeb Object,
if used outside of its parent SPweb object. Always perform operation on SPObjects with in the SPWeb(parent SPObject) context.
or else
We will get the exception with this message : “Please close SPWeb objects when you are done with all objects obtained from them, but not before“
Muchos Muchos Gracias to Jonas for the explanation & pattern in this article
We sometimes want custom application pages in SharePoint solution , which needs to be enabled for anonymous access, for example: SiteLogin.aspx or AppError.aspx. By default, when we create an custom application page in visual studio in a SharePoint 2010 solution, it inherits from Microsoft.SharePoint.WebControls.LayoutsBasePage . so by default this custom application page needs login
To make an application page anonymous, just Inherit from Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase & override AllowAnonymousAccess() property to return true;
While deploying SharePoint 2010 solution from Visual Studio 2010, we often stumble upon the below deployment error:
Recycle IIS Application Pool’: <nativehr>0×80070005</nativehr><nativestack></nativestack>Access denied
Solution: The Deploy Solution user that is running the visual Studio needs to be site collection Admin on the site , in my case, its Domain\Administrator
Active Directory user schema has enough properties/attributes to cover most user profile information, but in some cases , we might need to extend this schema to add our own custom attributes. Microsoft Active Directory provides this capability to customize the user schema at various domain/forest hierarchy levels. The below article was tremendously helpful for us to achieve this. Thanks a lot Kurt Hudson.
http://www.informit.com/articles/article.aspx?p=169630&seqNum=3
Unique X.500 Object Id: is an unique object identifier for an attribute. This is NOT auto-generated when extending user schema, we need to come up with one or use this script to generate one. For more information, please check Obtaining an Object Identifier from Microsoft
We all know the below way to get the current logged in user in SharePoint:
SPWeb web = SPContext.Current.Web;
SPUser user = web.CurrentUser;
but this actually returns the user account running the application pool identity for that site.(if the application pool is configured to run as a standalone/service user account))
Another way to get the current context logged in user is through ensuring the login name:
SPWeb web = SPContext.Current.Web;
string loginName = System.Threading.Thread.CurrentPrincipal.Identity.Name
SPUser user = web.EnsureUser(@"i:" + loginName ); // Had to Append "i:" in my case of Custom Authentication Providers
For more information, please check out SPWeb.EnsureUser
Once we have current SPUser Object, we can also get to his SP Security Groups :
SPUser user = web.EnsureUser(@"i:" + loginName );
SPGroupCollection userGroups = user.Groups;
foreach (SPGroup spgroup in userGroups)
{
}
