none
Required by regulations to enter username/password combination each time we need to enter data in a secure SharePoint list

    Question

  • We are required by regulations to enter username/password combination each time we need to enter data in a secure SharePoint list?

    How do we accomplish this? We need to authenticate a user again against an Active Directory through a popup login window or other means to capture the user's login before making a change to the data.This way we capture the current user making the change... for auditing purposes.

    The core reason for doing this is to protect the data in a list if a user forgets to log off from pc and someone else happens to be around the pc with the user logged in.

    Thanks

    Wednesday, December 12, 2012 11:15 PM

Answers

  • in your popup prompt for user login, create the Credentials (System.net.networkCredential) object with the explicit credentials they just typed in, then try to instanciate the SPSite with the Credentials, if it succeeds let the Create/Update event occur... if you get an unauthrorizedaccessexception then jump out and don't allow the update.


    ieDaddy
    Blog: http://iedaddy.com
    Twit: @iedaddy

    Wednesday, December 12, 2012 11:49 PM
  • There is no out of the box method of handling that scenario, are you comfortable with using code? You would probably want to do this via a HttpHandler. Below is the basic idea, you'll want to flesh this a bit but it's a good starting point.

    public class RequestAuthorization : IHttpModule
    {
    public void Init(HttpApplication context)
    {
    //intercept the request before any data is transferred from the web application
    context.BeginRequest += new EventHandler(context_BeginRequest);
    }
    
    void context_BeginRequest(object sender, EventArgs e)
    {
    HttpContext context = HttpContext.Current;
    //make sure the user has previously authenticated
    if(context.User != null)
    {
    if(context.Request.Url.AbsoluteUrl.ToUpper().Contains("EDIT") ||context.Request.Url.AbsoluteUrl.ToUpper().Contains("NEW"))
    {
    //force user to reauthenticate
    Response.StatusCode = 401;
    Response.End();
    }
    }
    }
    }


    My CodePlex - My Blog - My Twitter

    Wednesday, December 12, 2012 11:54 PM

All replies

  • in your popup prompt for user login, create the Credentials (System.net.networkCredential) object with the explicit credentials they just typed in, then try to instanciate the SPSite with the Credentials, if it succeeds let the Create/Update event occur... if you get an unauthrorizedaccessexception then jump out and don't allow the update.


    ieDaddy
    Blog: http://iedaddy.com
    Twit: @iedaddy

    Wednesday, December 12, 2012 11:49 PM
  • There is no out of the box method of handling that scenario, are you comfortable with using code? You would probably want to do this via a HttpHandler. Below is the basic idea, you'll want to flesh this a bit but it's a good starting point.

    public class RequestAuthorization : IHttpModule
    {
    public void Init(HttpApplication context)
    {
    //intercept the request before any data is transferred from the web application
    context.BeginRequest += new EventHandler(context_BeginRequest);
    }
    
    void context_BeginRequest(object sender, EventArgs e)
    {
    HttpContext context = HttpContext.Current;
    //make sure the user has previously authenticated
    if(context.User != null)
    {
    if(context.Request.Url.AbsoluteUrl.ToUpper().Contains("EDIT") ||context.Request.Url.AbsoluteUrl.ToUpper().Contains("NEW"))
    {
    //force user to reauthenticate
    Response.StatusCode = 401;
    Response.End();
    }
    }
    }
    }


    My CodePlex - My Blog - My Twitter

    Wednesday, December 12, 2012 11:54 PM