Managing Web Parts
A Web Part is a modular element that renders information on a page on a SharePoint site.
A Web Part Page is a collection of Web Parts that can combine list data, instant information, or useful graphics into a dynamic Web page. The layout and content of a Web Part Page can be set up for all users, or it can be personalized for each user.
Web Parts can be used in Web Part pages, wiki pages, content pages, publishing pages, and so on.
Site owners or site members with appropriate permissions can create and customize a Web Part Page by adding, reconfiguring, or removing Web Parts by using a browser.
You can configure a Web Part to run in a sandboxed solution that protects other content and solutions on a SharePoint server farm by preventing Web Parts from accessing certain local or network resources. By implementing a sandbox solution, users can add their own Web Parts to the hosting environment, and developers can add Web Parts that have not been thoroughly tested for production.
In SharePoint server, the Web Part infrastructure is located on the previous level of the ASP.net Web Part infrastructure. To effectively protect SharePoint sites, server administrators must be familiar with ASP.net security guidelines and best practices.
Security for Web Part Pages and controls
Protecting Web parts Pages and controls is a work that needs to be done collaboratively. Developers, site administrators, and server administrators must work together to improve the security of Web Parts and Web Part Pages. Developers should validate Web part input to prevent server attacks. The server administrator must configure Internet information Services (IIS) to use the appropriate authentication method.
The server administrator also configures the Web Part solution and deploys it to a Web server or Web server farm. After the solution is deployed, site administrators or server administrators can define permission levels and access rights for Web Part Pages.
The security role that is responsible for configuring permissions for Web Part Pages and Web Parts.
Role |
Category |
Applicable to |
Description |
Development staff |
Input validation |
Web Part Code |
Input validation refers to how an application filters, cleans, or rejects input before performing other processing. This includes verifying that the input received by the application is valid and secure. |
Server administrator |
Authentication |
Iis |
Authentication is the process by which an entity verifies the identity of another entity, typically with credentials, such as a user name and password. |
Site administrator/server administrator |
Authorized |
Site collection |
Authorization is the process of providing access control over a Web site, list, folder, or item by determining which users can perform specific operations on a given object. The authorization process assumes that the user has been authenticated. |
Server administrator |
Configuration Management |
. NET Framework Configuration |
Configuration management includes a variety of settings that enable administrators to manage WEB applications and their environments. These settings are stored in an XML configuration file where some settings control computer-wide settings, while others control application-specific configuration. You can define special security constraints in a configuration file, or you can define computer-level code access security permissions. |
Configuring and Deploying Web Parts
Microsoft SharePoint Server contains a set of Web parts that users can add to a page after the product is installed. If your organization requires custom Web Parts, developers can write custom asp.net Web Parts and ask you to install them in a deployment of SharePoint Server. This procedure typically requires testing and approving code before you can deploy a Web part in a full-trust environment. Developers who use Visual Studio 2010 can deploy a WEB part to SharePoint Server by right-clicking the project and choosing Deploy. The goal of a WEB part is determined by the level of trust established by the SharePoint server when the developer creates the project in Visual Studio 2010.
Microsoft SharePoint Server 2010 Enables you to configure a sandbox environment in which site collection administrators, site administrators, or information workers can deploy and run partially trusted WEB parts and solutions in a sandbox worker process. Web Parts and solutions that run in a sandbox environment have limited access to the server's operating system and hardware, and they are isolated from other parts of the WEB application