.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

MySites vs. Sub-sites - Can security be unique for each subsite

Posted By:      Posted Date: September 05, 2010    Points: 0   Category :SharePoint
Good Day; I have a sharepoint farm with several 100,000 mysites, each of these mysites consumes 2MB of space when being set up.  There is no need for this in the way we implement and use sharepoint.  As we are moving from Sharepoint 2007 to Sharepoint 2010 I am looking to change our format if possible.  What I am thinking is to change from individual MySites for each user and move to 1 MySite for each organization and then a sub-site for each user in that organization.  My question is, if I create an MySite named Company-A and then have 600 sub-sites below it, named User-1, User-2,...User600 for example, can I set up individual security on each sub-site or is their security profile inherited from their main MySite.  For further detail I need to offer individuals the ability to control their own security or have the company control the security for them but some users will have more permissions that others, some will be able to use difference services and service apps while others will have very limited access.  I can do this when I give each user their own MySite but that is a lot of overhead, so by switching to 1 MySite per Orgnaization and individual sub-sites, I save a lot of space, overhead, and increase my performance of crawls, etc... Can what I am thinking be done? How granular is security trimming for sub-sites? Thanks C

View Complete Post

More Related Resource Links

ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and


Forms authentication is one of the most compelling and useful new features of ASP.NET. It enables developers to declaratively specify which files on their site can be accessed and by whom, and allows identification of a login page. When an unauthenticated user attempts to retrieve a page protected by forms authentication, ASP.NET automatically redirects them to the login page and asks them to identify themselves. Included here is an overview of forms authentication and what you need to know to put it to work. Also included is hard-to-find information on the security of cookie authentication and on combining forms authentication with role-based URL authorizations.

Jeff Prosise

MSDN Magazine May 2002

ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and


ASP.NET and Microsoft Internet Information Services (IIS) work together to make building secure Web sites a breeze. But to do it right, you have to know how the two interrelate and what options they provide for securing access to a Web site's resources. This article, the first in a two-part series, explains the ABCs of Web security as seen through the eyes of ASP.NET and includes a hands-on tutorial demonstrating Windows authentication and ACL authorizations. A range of security measures and authentication methods are discussed, including basic authentication, digest authentication, and role-based security.

Jeff Prosise

MSDN Magazine April 2002

Report on Sites, Lists and Libraries with Unique Permissions

I would like to get a report on Sites, Pages, Lists, Libraries, Items and Documents under a Site Collection having Unique Permissions. What is the best way to accomplish that ?

sharepoint security groups, ACL of site collection or subsite need to move in to sql server 2008 usi


HI Team,

I am new to sharepoint here is my query. i am working on MOSS 2007, SQL server 2008

I want to move the sharepoint security groups, ACL(access control list), user groups all the security and permission related data to sql server 2008 from a particular site collection or subsite. After getting the data in to sql server we should be able to update the users from sql server itself which should reflect in sharepoint sites.

Routing users after authentication to different sites/applications preserving the security context?



We want to authenticate our users on our main site (default port 80, default.aspx, login page) and once a user successfully authenticated, we go grab a list of possible urls for that user and present it as links. Once the users clicks a link, we want to preserve the authentication context so that the app living on the chosen url does not have to re-authenticate the user.

Is something like that possible?

Is it recommended to do something like that?

Are there other ways to route users to their destination?


Thanks in advance, regards,


SharePoint Tutorial - Team Sites

Team sites are small web sites that are created to store everything about a particular thing. For example a site can be created for a department in an organization like human resources. I site can be created for a particular project. A site can even be created for a meeting. Everything about the thing (department, project, meeting) like documents, lists, calendars, etc. is stored in that site.

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Creating Sites/Lists/List Items under Current User Context in SharePoint By Using SPUserToken

Usually we do this by performing the action under RunWithElevatedPrivileges method and updating the listitem using SPListItem.SystemUpdate() method (see here). but this approach has its own flaws like (RunWithElevatedPrivileges will run under system account, we cannot use SystemUpdate for SPSite,SPWeb,SPList, since it runs under system we will "CreatedBy" by as SystemAccount).

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.



hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

Unique content within master page based on conditions met


 Hi all-

I would like to present users with unique content based on certain conditions being met as they land on the home page (default.aspx).  The condition logic will be in the VB code behind Page Load event. The content will go in a content placeholder as specificed from the master page. 

However, the content change wouldn't be something small (ie making a panel or label visible or not) but rather it will be different HTML,  Divs and databound gridview content.  The HTML content will be stored in the database.

Can someone point me in the right direction for best practices on how to accomplish this?


Unique ID throughout entire request



I am hoping somene here could advise me on a better solution to my present problem.  First a little background information on the application. 

I have a web application using the 3.5 framework.  The structure of this application is as follows: UI -> WebService   -> Business Layer -> DataAccess Layer.   What I want to accomplish is for every request (click on a link or button) have a unique identifer that follows this request through its entire lifecycle.  This unique identifer can be accessible anywhere within this request.  We use Response.Redirects which could easily be changed to Server.Transfers (although I do not want to do that) but  the problem lies with the web service calls.  Currently, a GUID is set in the ApplicationRequest.  This GUID checks for a guid value in the RawURL and if so, assigns this value to a HttpContext Item.  If not, HttpContext.Items gets a new one created.  However, this idea is wrong and will need to be revisisted.  The bigger problem is with the web service calls.  Without changing every web service method signature, and every call for that matter, is there a way of getting this GUID there.  I created a web method in every web service so that each time I instantiate a web service object in the UI, before calling any

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

XBAP Security


We have a small XBAP file upload app that we are having trouble deploying. We were getting security errors when we were pushing this application that we don't get when running in our development environments on our machines. We gave the XBAP app full permissions and still got errors. Then we created a personal certificate and were able to get this to work. But that means we have to load a client side certificate for each and every machine that wants to run this which is ridiculous. Does anyone have a solution for this?

Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend