Saturday, 31 March 2012

How to restrict Form pages from anonymous users

Recently i faced the issue with view all site content page from anonymous users and site users(those who have permission for add,edit and customize the pages and lists).
Using with below code hided SiteActions drop down form all users except who can 'MangaePermissions'.
Removing SiteActions from ribbon:
<!-- site Actions--><SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" runat="server" PermissionsString="ManagePermissions">site Actions control here</SharePoint:SPSecurityTrimmedControl>

Every thing is fine but sometimes most of organizations when dealing with public facing anonymous access sites. So you need to restrict /_layouts/viewlsts.aspx page from anonymous users because this page is displaying for anonymous users.  
So Anonymous users don’t have access to the Forms page (e.g. http://ServerName/Pages/Forms/AllItems.aspx).

The following steps will help you to restrict it. This feature is known as lock down feature which is by default enabled for publishing sites.
Firstly check with ViewFormPagesLockDown feature in your site if it is enabled or not.
You can check ViewFormPagesLockDown the feature from below command.

Using with Powershell script :
get-spfeature -site <URL>

Look at all the features listed and see if ViewFormPagesLockdown is enabled. If you see it listed then it is enabled, otherwise ViewFormPagesLockdown is disabled.
The lockdown feature can be enabled or disabled. To enable it first run the following command.
$lockdown = get-spfeature viewformpageslockdown

Now execute the following command to enable it.
enable-spfeature $lockdown -url <SiteCollectionURL>

Using with STSADM:
Open cmd prompt in Administrator mode
and go for C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN
and type
stsadm.exe –o activatefeature –url <site collection url> -filename ViewFormPagesLockdown

 Even when lockdown mode is enabled, anonymous users can still access certain application URLs, such as pages in the _layouts directory and Web services that are exposed in the _vti_bin directory. So, to increase security, you should enable lockdown mode and also modify the Web.config file. Click on this link to increase security

Saturday, 10 March 2012

Best ways to add a new line in to C# strings in Visual Webpart

There are a couple options to add new line in a strin using with C# programming language,

These C# programs use the Environment.NewLine property. NewLine equals \r\n.
String = st;
st="your account has been created successfully" + "<br />" + "Temporary pasword will be sent your email";
st=st.Replace("<br />", System.Environment.NewLine);

Using with '\r\n'  :
st="your account has been created successfully" + "\r\n" + "Temporary pasword will be sent your email";

How to hide or set permission to show the customized Yellow status bar

Last week i have customized the wiki pages using with SharePoint Designer 2010.

One of the side effect i have observed one yellow status bar, it shows up on the customized pages in the browser, "The current page has been customized from its template. Revert to Template". If end users clicks on the "Revert to Template", it would reset the page to the site definition.

After much research about this i noticed one DIV tag in masterpage. ie  
<div id="s4-statusbarcontainer">
    <div id="pageStatusBar" class="s4-status-s1">

set the DIV visibility status as 'none' so the div will not visible. 
<div id="s4-statusbarcontainer" style="display:none">
    <div id="pageStatusBar" class="s4-status-s1">

with above process status bar will not visible to administrators, Contributors,Viewers, or anonymous users. So that even administrators also can not see the status bar and its message.
If you want to show such alerts only administrators and contributors, not to viewers,anonymous users. Then you wiil need to play around with permission attribute.

Just put the above DIV tag in SecurityTrimmedControl with permission status "Manage web"
<SharePoint:SPSecurityTrimmedControl id="SPSecurityTrimmedControl" runat="server" Permissions="ManageWeb">
<div id="s4-statusbarcontainer" style="display:none">

    <div id="pageStatusBar" class="s4-status-s1">
with above code who can manage the web they can only see the status bar. Anonymous users can not see the status bar just like below screenshot