none
SharePoint Hosted add-in : How to use security trim control for SharePoint hosted app parts? RRS feed

  • Question

  • We have departments and each department can only view their own app parts? 

    Problem: any person know url of sharepoint hosted app part can brows it in browser and view app part functionality? 

    how we can restrict access on sharepoint hosted app parts and pages with SharePoint Group like security trimmed control? 

    Ahsan Ranjha

    Sunday, February 25, 2018 8:16 AM

Answers

  • Hi,

    SharePoint hosted app part will come with like such url:

    <Content Type="html" Src="~appWebUrl/Pages/AppPart/Simple.aspx?DisplayType=iframe" />

    And please not use Secruity Trim Control in SharePoint hosted app part page directly, as this control usually is used for host web page or master page and not for app web.

    In host web, you can create a application page layout to show the web parts, then you can add the Security Trim Control in this page wrap each app part based on your requirement.

    Thanks

    Best Regards


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, February 26, 2018 1:42 PM

All replies

  • Hi

    Are not your departments in different sites?


    Justin Liu Office Servers and Services MVP, MCSE
    Senior Software Engineer
    Please Vote and Mark as Answer if it helps you.

    Monday, February 26, 2018 5:32 AM
  • They are not in different sites

    We have more than 100 clients and their departments, all departments use one sharepoint hosted app and add-in part pages?

    how we can secure client app app parts using security trim controls?


    Ahsan Ranjha

    Monday, February 26, 2018 9:02 AM
  • Hi,

    SharePoint hosted app part will come with like such url:

    <Content Type="html" Src="~appWebUrl/Pages/AppPart/Simple.aspx?DisplayType=iframe" />

    And please not use Secruity Trim Control in SharePoint hosted app part page directly, as this control usually is used for host web page or master page and not for app web.

    In host web, you can create a application page layout to show the web parts, then you can add the Security Trim Control in this page wrap each app part based on your requirement.

    Thanks

    Best Regards


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, February 26, 2018 1:42 PM
  • The user can get Iframe source and open in new tab, the can find url for app pages and can open other pages for other departments. how we can restrict user if they know page url but they should not have access to that app page?

    there should be a way to secure app part pages inside sharepoint apps?

    Ahsan Ranjha

    Tuesday, February 27, 2018 5:09 AM
  • The .aspx page associate has tags for master page? I will try to add a custom master page to SharePoint hosted app.

    https://www.iotap.com/blog/entryid/271/implementation-of-custom-master-page-in-sharepoint-hosted-apps

    Ahsan Ranjha

    Tuesday, February 27, 2018 5:15 AM
  • Hi,

    You can use the combination of User+Apps permission to your SharePoint hosted app.

    In your list set the unique permission and hosted your app in SharePoint, in this case, even user know the URL of the app, they cannot add,edit and delete the list items or the App Data.


    Murugesa Pandian MCSA,MCSE,MCPD

    Gear up for some solid action by doing. Slide,theory and blog won't useful much. 
    After all world likes only doers not sayers/speakers .

    Tuesday, February 27, 2018 5:37 AM