Locking down your custom sharepoint code

This might be truely obvious to anyone who is a web developer or an application developer, I'm neither of those.   I recently created a set of custom web parts to administer user access on a hosted MOSS solution, and one of the challenges I have just come across was locking these pages down so that only administrators could use them.

The first one was pretty easy : Only display the actual link in site settings if you are an administrator :

    Title="Create User">
      Url="_layouts/CreateUser.aspx" />

While this hides the menu link, it you know the URL you can still access it without appropriate permissions.  Finding an answer to this was more challenging and when I eventually did find it, it wasn't really the fix I wanted – but it works.

public class ApplicationPage3 : LayoutsPageBase {
    protected override bool RequireSiteAdministrator
        { get { return true; }

    protected override void OnLoad(EventArgs e) {
       // Your code goes here 

This (to the non coders) will check to see if the user accessing the page is a Site Administrator.  If Not, they get a standard access denied splash page.  If they are, the code in the // Your code goes here area will be run happily.

Both of these little gems can be found here – http://msdn2.microsoft.com/en-us/library/bb892187.aspx – and I really hope that this saves someone else the amount of time I spent looking for it.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: