January 21, 2021
Hot Topics:

WebControls Versus WebParts in SharePoint

  • By Gustavo Velez
  • Send Email »
  • More Articles »

The main function only looks at the current user and his/her groups, compares it with the group in the property, and displays the disclaimer if the user belongs to the target group:

protected override void RenderContents(HtmlTextWriter output)
   SPWeb myWeb = SPControl.GetContextWeb(Context);

   foreach (SPGroup myGroup in myWeb.CurrentUser.Groups)
      if (myGroup.Name.ToLower() == DisplayForGroup.ToLower())

As always, take special care in error handling: If an exception occurs and it is not dealt with, the stability of the system can be compromised. Every potential error-prone situation must be addressed with care and resolved with finesse. Exceptions can be shown on the page or logged to the Server's Event Viewer.

Finally, open the "AssemblyInfo.cs" file from the "Properties" directory of the Visual Studio project and change the "assembly: AssemblyVersion" to "".

Sign the assembly with a safe name: In Visual Studio, select the properties of the project, go to the "Signing" tab and select the check box "Sign the assembly". After choosing "New" from the "Choose a strong name key file" combo box, insert a name in the "Key file name" spot, uncheck "Protect my key file with a password", and accept all the changes.

After compilation, the assembly can be installed in the GAC or in the bin directory of the IIS root of the SharePoint Application. In this example, the second approach will be employed: copy the assembly to the directory "C:\Inetpub\wwwroot\wss\VirtualDirectories\80\bin" in the server. Note that the name of the IIS root can be different (the name was produced at the time of configuration when the Application was created), and that the "bin" directory is not created by default (you can add it, if it is not present).

WebControls can be debugged as any other DotNet component: Install and configure the control in a page (described in the next section), run the page at least one time, and then you will able to attach the worker process ("w3wp.exe") to the debugger in Visual Studio.

Installating and Configurating the WebControl

WebControls need to be installed and configured in the hosting content aspx file. In the SharePoint Site where the page is shown, create a new "Basic Page" ("Site Actions" – "Create"), selecting a name and the Library where the page will reside. Then, proceed to the chosen Library and download a copy of the created "Basic Page" to the local machine. Open the copy using an ASCII text editor (or Visual Studio), and add a registration statement at the beginning of the page:

<%@ Register TagPrefix=" DisclaimerControl"
   Assembly="Disclaimer, Version=, Culture=neutral,
             PublicKeyToken=f86952eb89b3f2ea" %>

The "PublicKeyToken" can be found with the "sn" Visual Studio tool with the parameter "-T". At the point on the page where the disclaimer will be displayed, an instance of the WebControl can be added, in this case, at the end of the Content PlaceHolder table:

       DisclaimerText="This is the Disclaimer Text"
       runat="server" />

The instance of the control shows the text of the "DisclaimerText" property to the users who belong to the group configured in the "DisplayForGroup".

The control must be registered as a safe control in the web.config file of the IIS root Application to be allowed access. Open the "C:\Inetpub\wwwroot\wss\VirtualDirectories\80\web.config" file (the path can be different in each server), and add a new entry in the "<SafeControls>" section:

<SafeControl Assembly="Disclaimer,
             Version=, Culture=neutral,
             Namespace="Disclaimer" TypeName="*"
             Safe="True" />

This is achieved using the same parameters as in the registration in the .aspx page. If the code requires special rights, it is possible that the "trust level" of the web.config needs to be adapted or, preferably, that a custom policy grants only the necessary rights.

From the Library where the WebPage was created, upload the edited .aspx page (the original .aspx will be overwritten). If an individual who is included in the configured users group uses the page, the disclaimer will be shown:

Click here for a larger image.

Figure 2: The page with the disclaimer text

Note: A user outside the authorized group views the same page minus the disclaimer.

Be aware that WebControls, as with WebParts, run under SharePoint and the user context. Consequently, user rights are determined by SharePoint and a "normal" user is unable to read or modify certain information in the system. But all the 'tricks of the trade' used with WebParts can be also be applied to WebControls, and any of the Impersonator possibilities present in SharePoint can be exploited.

Page 2 of 3

This article was originally published on January 11, 2008

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date