SharePoint Study Notes-exercise series-70-573 exercise analysis-(Q32-Q34)

Question 32
You create a custom web part.
You need to ensure that a custom property is visible in edit mode.
Which attribute shocould you set in the Web part?
A. personalizable
B. webbrowsable
C. webcategoryname
D. webdisplayname

Resolution:
This article aims to open a certain attribute of webpart for user setting. Knowledge points are webpart programming.
This is a recommended approach for Sharepoint Foundation to create Web parts from the Microsoft ASP. NET Web parts class. After adding a new Web part, you can add attributes that are personalized for the Web part. This Web Part property determines the text displayed in the Web part. It is personalized based on a single user.
For Web parts based on the ASP. NET Web parts page base class, the naming method for the tags used for custom attributes is different from that for Web parts based on the webpart base class. Each attribute is described in the following list:
• The webbrowsable attribute ensures that the custom attributes are displayed in the editing tool pane of SharePoint Foundation. It only allows the end user to modify the related webpart attributes defined by this definition. It only allows the end user to modify the property and does nothing about persistence.
• The webdescription attribute displays a tooltip that helps users edit custom attributes.
• The webdisplayname attribute displays the display name of the custom attribute.
• The personalizable attribute determines whether changes made to custom attributes affect all users or individual users. It is applicable to public control attributes that require saving personalized settings. ASP. NET Automatic Generation Code Save or retrieve these values from basic data to store the control in the Web parts Area of the Web parts page.
The following requirements must be met:
The A attribute must be public and have public get and set accessors.
The B attribute must be a read/write attribute.
The C attribute must be "yes" without parameters.
D. Index properties cannot be performed.
The code automatically generates loading and saving personalized settings. Properties that support personalized settings (propery) whether the attribute exists in the attribute and method condition attributes that meet the constraints in the list.

Note the differences between [webbrowsable] and [personalizable:
If [webbrowsable] is used to limit attributes instead of [personalizable], the end user can modify them on the user interface, however, the new value cannot be persisted (that is, the setting here does not affect other users ).
Otherwise, if you use [personalizable] to limit attributes instead of [webbrowsable], its value will be persisted (that is, the setting here will affect other users ), however, end users are not allowed to modify this attribute.
You can exclude option A personalizable from the above differences.
Option C. webcategoryname: Display name of the custom category of the webpart attribute
Option D. webdisplayname: Display name of a property of webpart.

Therefore, the correct option for this question should be B.
Refer:

Http://msdn.microsoft.com/zh-cn/library/system.web.ui.webcontrols.webparts.personalizableattribute.aspx
Http://msdn.microsoft.com/zh-cn/library/system.web.ui.webcontrols.webparts.webbrowsableattribute.aspx
Http://msdn.microsoft.com/zh-cn/library/gg491702 (V = office.14). aspx

Question 33
You Have A Web Part named webpart1. webpart1 runs on a Microsoft Office Sharepoint Server 2007 server.
you need to ensure that webpart1 can run as a sandboxed solution in Sharepoint Server 2010.
what should you do?
. create a new Web part by using the code from webpart1.
B. create a new visual web part by using the code from webpart1.
C. create an ascx file for webpart1, and then copy the file to the ISAPI folder.
D. create an ascx file for webpart1, and then copy the file to the controlstemplates folder.

Resolution:
The intention of this question is to port a webpart created in sharepoint2007 to sharepoint2010 and require it to support sandbox solution.
The related knowledge points are as follows:
1. sharepoint2007 only supports Farm solution.
2. sandbox solution does not support Visual Web part. (Of course, this is the earliest situation of sharepoint2010. Now there is a tool named Visual Studio 2010 SharePoint power tools. After installation, you can develop the Visual Web Part component in sandbox solution)
3. The visual web part in sharepoint2010 references the ascx custom control in the webpart.

So far, option A meets the requirements of this question.
Option B. Strictly speaking, it should not be an error. However, considering the early days of sandbox solution and relative to option A, there is no need to develop a visual web part, because it can also be ruled out.
The operations performed by option D.C are simply not in the Development of webpart components, so they can be ruled out directly.
Therefore, the correct option for this question should be.

Question 34
You create a visual web part in Sharepoint Server 2010.
You need to ensure that the Web part can access the local file system on the Sharepoint Server. You must minimize the amount of privileges assigned to the Web part.
What should you do?
A. Elevate the trust level to full.
B. Elevate the trust level to wss_medium.
C. Create a custom code access security (CAS) policy.
D. Deploy the Web part to the Global Assembly Cache (GAC ).

Resolution:
This question is intended to implement limited operations on the local file system in a visual web part.
The Web Part in Microsoft SharePoint Foundation provides a powerful way for users to interact with other systems. SharePoint Foundation has built-in security settings to restrict access to basic systems by Web components. Developers can create custom security policy files to grant Web Components higher access to the basic system.
Code access security (CAS) is a resource constraint policy used to restrict Program Set access to protected system resources and operations. SharePoint Foundation has some built-in security policies that are built based on ASP. NET's built-in security policies. By default, Sharepoint Foundation uses a set of minimum permissions to ensure that the server and infrastructure are not affected by malicious code.
If a Web part requires higher access permissions than the permissions provided in the minimum settings, you can improve the permissions of the Web Part in multiple ways, but only one of the methods is recommended. You can create custom CAS policies for Web parts, or increase the overall trust level of the server farm in the web. config file. This method has security risks and is not recommended.
By default, Sharepoint Foundation is a trusted application. SharePoint foundation can use ASP. NET built-in trust level, but it also defines its own trust level:
• Wss_usercode: Trusted level of the sandbox Solution
• Wss_minimal: by default, Sharepoint Foundation applies the wss_minimal trust level to virtual servers. This trust level grants the ASP. Net minimal trust and all permissions in the Web part connection. The wss_minimal policy limits Web parts to access many resources for advanced operations, including object model and file operations.
• Wss_medium: The trust level grants higher access to the environment. In addition, wss_medium allows access to SharePoint Foundation object models and file operations, including reading, writing, appending, and path discovery. This level of trust also allows access to environment variables. You may think that the answer to this question is it, but although this setting is simple, it has a major drawback: it grants you any new permissions that you may not need. Therefore, the security of this method is not as high as that of creating a trust policy file.
The above trust level extends the ASP. Net trust level to be used with SharePoint Foundation. The trust level is defined in the policy file on the file system of each web server. The specific operation is: in the web. config file in the Web application root directory, there is a tag named <trust>, whose default attribute is level = "wss_minimal ". You can change this level to wss_medium or back.

The options are analyzed as follows:
Option A. Elevate the trust level to full. The code's trust permission is raised to full, which is obviously in conflict.

Option B. elevate the trust level to wss_medium ., as described above, it does not meet the "minimize the amount of privileges" requirement in this question, because it may open some permissions that you do not need.

Option C. Create a custom code access security (CAS) policy. This is the answer to this question. (Recommended by Microsoft) create a trust policy file and direct the Web. config file to the new file. Although this method is more complex, it allows you to set precise permissions for Web parts.

Option D. Deploy the Web part to the Global Assembly Cache (GAC).
On the SharePoint site, you can deploy the Web part assembly to the following two main locations.
the bin directory-bin directory is a folder stored in the root directory of the Web application. When you create a website in Internet Information Services (IIS), the folder is located. In Windows SharePoint services, you can use the SharePoint 3.0 Administration Center website or manually create a new website in IIS manager.
Global Assembly Cache-can be used to deploy the Global Location of signed assembly. The Global Assembly Cache allows you to share an assembly across multiple applications. The Global Assembly Cache will be automatically installed along with the. NET Runtime Library. Normally, components are stored in c: \ winnt \ assembly.
Option D is the GAC layout method. The Code installed in the Global Assembly Cache in this way is not subject to CAS restrictions. Therefore, it loses the advantage of deep security protection.
digress: The latest sharepoint2013 is based on. NET framework4, And the. NET Framework Version 4 has deprecated the CAS Policy Section. Therefore, if you call obsolete policy types and members explicitly or implicitly (by using other types and members), you may encounter compilation warnings and runtime exceptions. Therefore, the assembly in the server farm solution of SharePoint 2010 can be deployed using custom access security (CAS) policies. However, this policy will be ignored in SharePoint 2013; all the assemblies in SharePoint 2013's server farm solution run in full trust.
therefore, the correct option for this question should be C

Refer:
Http://msdn.microsoft.com/zh-cn/library/cc768613 (V = office.14). aspx
Http://msdn.microsoft.com/zh-cn/library/cc768621 (V = office.12). aspx
Http://technet.microsoft.com/zh-cn/library/cc288040 (V = office.14). aspx