.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

BCS Method Security / External Content Type Permissions / Custom List Security Provider / Security T

Posted By:      Posted Date: September 21, 2010    Points: 0   Category :SharePoint

I have an external list setup with the usual CRUD methods.  The external SQL table is also being populated by another source.  I want to enable/disable deleting depending on whether the record was created from SharePoint.  I would also like the normal list permissions to work.  So if a user has permissions to delete on the list, they can only delete items created for SharePoint. 

Where should this logic be incorporated?  On the BCS Delete method, somewhere in the External Content Type or on the list instance?  Most examples I find relate to security trimming for search.  I'm only concerned about the delete method.

I'm sure there are multiple ways to accomplish this.  Which is the best?


View Complete Post

More Related Resource Links

BCS : How to set permissions to an external content type's method

guys, Environment: sp 2010, BCS using SPD I have created an external content type from a LOB sql server 2008 DB, created list and form pages, created read, update, delete, edit methods( all the default operations that SPD shows), from the list page i am able to read and write data back the LOB DB also successfully. Also i know there are permissinos that i can set on the external content type but the problem that i am facing is that i dont see any place\ option where i can assign\ restrict permissions of the content type's method to a certain SP group from neither CA nor SPD i.e if i want a certain group to have only execute permissions only on READ method. Would be great if anyone can tell me if at all this is possible. thanks sameer

Custom Action for specific External Content Type List


I have an External Content Type list instance feature in Visual Studio. Deploying the instance works fine. However, I can't create a custom action using RegistrationId="{$ListId:Lists/yourlistname;}" RegistrationType="List"

Even if I specify the list Id as follows RegistrationId="{8F595340-5D08-4287-8BF6-30D50989D2F4}" or RegistrationId="8F595340-5D08-4287-8BF6-30D50989D2F4" I get nothing.

However, RegistrationId="600" works fine, but for all External Content Type lists.

I added the custom action with SharePoint Designer and it works as expected. When I generate a site template and import it into Visual Studio, the custom action uses RegistrationId="{$ListId:Lists/yourlistname;}" RegistrationType="List"

Creating a new site based on the site template creates the custom action correctly. However, deploying just the custom action does not work (feature deploys, but no custom action appears). I also tried RegistrationId="0x0100D67E541CC4BB6A4A9D62D22657ECFF68" RegistrationType="ContentType" with no luck. The content type id was pulled from the list instance using the object model.

I have to tie the custom action to a specific list instance. Because the li

BDC Model / External Data Type Security - Getting a SqlException


Hello All :)

I have some BDC models setup and they're working great. A problem arises when anyone else tries to see the models on my virtual machine.
We're all on the same domain. I have created a number of web parts that have lists bound to the bdc models. When another user on the network attempts to view these webparts, I can see the following in the SP logs;


10/08/2010 14:50:42.57 	w3wp.exe (0x12E4)      	0x070C	SharePoint Foundation   	Web Parts      	89a1	High 	Error while executing web part: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.  at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)  at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)  at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)  at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)  at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)  at Sys...	fe8d9c74-fdf0-4d54-a47a-cc0855196b9c

10/08/2010 14:50:42.57*	w3wp.exe (0x12E4)     

Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version


I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error

Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

it is this bit of code that is causing this


string imagepath = "C:\\BMSApplicationFiles\\PDFImages\\bullfrogWeb.gif";

//add the Image to the DOC
  Image bullfrogImage = Image.GetInstance(imagepath);
  bullfrogImage.SetAbsolutePosition(10, doc.PageSize.Height - 36);

If i comment this out, the PDF builds and no errors are thrown (there is just no image)

I don't understand cause I am am trying to do is read a file.

The directory does have full permission granted to IISUser

Any ideas why I am still geting this permissions error?

Need help setting up a Custom Security Trimmer, CheckAccess method not working.


I'm implementing the custom security trimmer for SharePoint server as outlined here: http://msdn.microsoft.com/en-us/library/ee819923.aspx

I have been able to successfully deploy the solution on to the server, but know I need to write the script that will check whether users have access to particular documents or not. The code in the walk-through is the following:

public BitArray CheckAccess(IList<String> documentCrawlUrls, IDictionary<String, Object> sessionProperties, IIdentity passedUserIdentity)
            BitArray retArray = new BitArray(documentCrawlUrls.Count);
            //Use passedUserIdentity to get the identity of the user who issued the query.
            IClaimsIdentity claimsIdentity = (IClaimsIdentity)passedUserIdentity;
           //IClaimsIdentity is defined in Microsoft.IdentityModel.Claims;
            for (int x = 0; x < documentCrawlUrls.Count; x++)

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

WCF The Security Support Provider Interface (SSPI) negotiation failed


I am using a wcf service that I created, when both hosting machine and the client machine are on the same domain everything works just fine. When I publish the client app to the webserver in the DMZ I am getting the following error:

SOAP security negotiation with '' for   
'' failed. See inner exception  
for more details.The Security Support Provider Interface (SSPI) negotiation failed.

Here is my service main where I set up the service


 Uri baseAddress = new Uri("Http://");
      ServiceHost selfHost = new ServiceHost(typeof(QBService), baseAddress);


Geneva Framework: Building A Custom Security Token Service


A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009

Desktop Security: Create Custom Login Experiences With Credential Providers For Windows Vista


Why is a change to the Windows logon plug-in interface so exciting? Because with credential providers you can customize the logon experience for your users.

Dan Griffin

MSDN Magazine January 2007

Security Briefs: Access Control List Editing in .NET


Access control lists (ACLs) can be complex beasts, and user interfaces for editing them are incredibly tricky to implement properly. That's why I was really excited when Windows® 2000 shipped with a programmable ACL editor, shown in Figure 1.

Keith Brown

MSDN Magazine March 2005

Security in .NET: The Security Infrastructure of the CLR Provides Evidence, Policy, Permissions, and


The common language runtime of the .NET Framework has its own secure execution model that isn't bound by the limitations of the operating system it's running on. In addition, unlike the old principal-based security, the CLR enforces security policy based on where code is coming from rather than who the user is. This model, called code access security, makes sense in today's environment because so much code is installed over the Internet and even a trusted user doesn't know when that code is safe.In this article, Don Box explains how code access security works in the CLR. He discusses the kinds of evidence required by policy, how permissions are granted, and how policy is enforced by the runtime.

Don Box

MSDN Magazine September 2002

BCS Updater Method in External Content type


HI, I have a List (External Content type ) with CRUD methods written.for example. Employee with fields






If want to update only Remarks field and want to display the other fields.(other field should not be editable). How can i do it throught VS2010. If I made those fields readOnly and preupdaterField true. those fields not displays while editing. I want to show those fields but not to edit. any suggestions????

2)while displaying (ReadList )if I want to display only EmpName and EmpID.How can i do it?


or please try to give some links about all the properties for a Type Decriptor and how they are related with CRUD methods.



System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlCli

I have created a windows library control that accesses a local sql database I tried the following strings for connecting Dim connectionString As String = "Data Source=localhost\SQLEXPRESS;Initial Catalog=TimeSheet;Trusted_Connection = true" Dim connectionString As String = "Data Source=localhost\SQLEXPRESS;Initial Catalog=TimeSheet;Integrated Security=SSPI"   I am not running the webpage in a virtual directory but in C:\Inetpub\wwwroot\usercontrol and I have a simple index.html that tries to read from an sql db but throws the error System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)   at System.Security.PermissionSet.Demand()   at System.Data.Common.DbConnectionOptions.DemandPermission()   at System.Data.SqlClient.SqlConnection.PermissionDemand()   at System.Data.SqlClient.SqlConnectionFactory.PermissionDemand(DbConnection outerConnection)   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, etc etc  The action that failed was:DemandThe type of the first permission that failed was:System.Data.SqlClient.SqlClientPermissionThe Zone of the assembly that fa

Custom security via connection string

Hi Is it possible to pass information into the SQL Server relational engine via the connection string in the same way as it can be done for Analysis Services? I need to generate a user context for a forms authentication application (i.e. no windows user accounts). SSAS allows you to pass in a list of database roles or a customdata parameter on the connection string. These can be used inside the database in lieu of a windows identity. I am wondering if there are equivalent parameters available for the SQL connection string.  I guess that I could create SQL logins from each of the forms users with a system generated password and then pass the uid and password on the connection string but this seems unnecessarily complicated. Andrew Wiles - www.it-workplace.com - MDX made simple

Webshop Security - Membership provider useful?

Hello,I have to implement a small webshop. Basically it's just a website with a huge backend ERP System and with the possibility to sell one (yap, really only one!) product on the website. The only requirement is a MySQL Server. The backend is almost finished (about 95%) and is secured with the .net MemberShip Provider for MySQL (the one in MySql.Web from the MySql Connector .NET).Now to my question: I can set up the membership system easily but I do not need such things like username or password-question but I would need a reference to an address table to store the users home address. So, it is possible to change or customize the membership system to for eg. a unique customer id instead of the username column and set this in codebehind when the user is creating a new account? And is it possible to insert new users/customers from codebehind in an easy way? (I mean without checking each foreign key and inserting the customer reference to the userinrole table and so on...)Some tips appreciated.. :-)Thanks and regardsChris 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend