Embed Size (px)
Citation preview
Synapse india Reviews on Security for the SharePoint Developer
Security for the SharePoint Developer
Overview
What does security refer to?Code access securityUser authenticationUser authorizationChanges in SP2 for WSS and SPSThe SharePoint authorization modelRobust authentication code
Why worry about security?
Why worry about security? If the code or the user cannot do something, there will be an exception.Cryptic or vague error messages lead to more helpdesk calls.
Bad way to do things, especially with a multi-step process. Can lead to data loss or inconsistent data.
Don’t show options users don’t have rights to.
Types of security
Code Access SecuritySecurity for executing code
User security – comes in two flavorsAuthentication – proving that a user is who he/she says he/she is
Actual credentials
Mapping credentials – think SSO
Authorization – making sure that a user has access to the resources he/she should and nothing else
Code Access Security
Why have CAS?ASP.Net and SharePoint allow administrators to install black-box software that run in process with other components
Lack of CAS would allow unproven code to access any resource on the network without administrator knowledge
One component could access private fields, properties, and methods from another component
Working with Code Access Security
SharePoint trust modes affect what resources assemblies can accessUse demand statements to check for code permissions before collecting data from users or beginning implicit transactionsProvide administrators with informative error messages to configure systems to give your code correct access security
User Authentication
Accessing remote resources with Default Credentials - the double hop Pre SP2 this may fail
SP2 supports Kerberos
Can’t rely on a Kerberos enabled site
Steps to enable Kerberos on a site
User Authentication Issues
What happens when users authenticate with PKI certificates?Remote web resources cannot be accessed using Default Credentials
The remote web request does not have access to the private key that was used to authenticate to the portal site
Server side code (ASPX pages and web parts) can detect PKI certificates and make alternate access provisions
Changes with WSS and SPS SP2
Strongly signed assemblies must be in the GACThe error SharePoint reports is “The assembly is not registered as safe”
This is a requirement even if the site is configured to run in Full trust mode
Kerberos is now a selectable security mode for IIS sitesAllows default credentials to work properly in web parts and ASP.Net applications that access remote resources
The SharePoint authorization model
Authorization is stored at three levels –Area, Site, ListAny object (area, site, list) may contain a reference to another object for authorization inheritanceThe SiteData web service returns a _sWebMetadata structure that contains the ACLs list for sites and areas
The _sWebMetadata structure
Relevant items:InheritedSecurity
The Permissions member will contain a URL to the site or area from which permissions are inherited
Permissions
If InheritedSecurity is false, an XML document that contains the site groups and Windows users and groups with authorizations to the site or area, as well as their permissions
Permissions XML
<?xml version="1.0" encoding="utf-8" ?><GetPermissionCollection xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/"><Permissions><Permission MemberID="1073741829" Mask="-1" MemberIsUser="False" MemberGlobal="False"
RoleName="Administrator" /><Permission MemberID="1073741828" Mask="1029638927" MemberIsUser="False" MemberGlobal="False"RoleName="Web Designer" /><Permission MemberID="1073741827" Mask="1027801615" MemberIsUser="False" MemberGlobal="False"RoleName="Contributor" /><Permission MemberID="1073741826" Mask="138608641" MemberIsUser="False" MemberGlobal="False"RoleName="Reader" /><Permission MemberID="1073741825" Mask="134283264" MemberIsUser="False" MemberGlobal="False"RoleName="Guest" /></Permissions></GetPermissionCollection>
Parsing the Permission XML
MemberIsUser indicates whether the Permission element is a role, or a Windows user or groupMask is a bit mask that corresponds to values in the SPRights enumeration. Example: To check for AddListItems (0x00000002) permission, use:(Mask & 0x00000002) == 0x00000002 For Windows users or groups, the Permission element may contain these attributes:IsDomainGroup, IsSiteAdmin, LoginName, Name, SID, UserLoginIf the Permission element is not a Role but the IsDomainGroup attribute is not present, we can look up the user information by using:UserGroupService.GetUserInfo(permission.UserLogin)If the Permission element is a Role, we can resolve the user membership for role by using:UserGroupService.GetUserCollectionFromRole(perm.RoleName)
Get All User Collection From Web sample return
<?xml version="1.0" encoding="utf-8" ?><GetAllUserCollectionFromWeb
xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/"><Users><User ID="1" Sid="S-1-5-21-1935655697-287218729-682003330-1934"
Name="Eugene Rosenfeld"LoginName=“meanwesel\erosen03" Email=“[email protected]" Notes=""
IsSiteAdmin="True"IsDomainGroup="False" /></Users></GetAllUserCollectionFromWeb>
Robust Authentication Code
Request use SP 2 Kerberos so default credentials can be passed to remote resourcesSupport multiple authentication models to access remote resourcesEncapsulate login process in code
Passing default credentials
Using SSO to map credentials when site is not running in Kerberos or when user is authenticating with PKI – Storing credentials as web part properties is not secure!
