Working with FBA accounts via C #
In addition, MOSS 2007 supports form-based authorization (FBA), in particular, the use of an ASP.NET provider (in our example, this provider in the web.config was called aspnetsqlmembershipprovider). We initially created, modified and deleted such accounts and their profiles with a console application: when I found the time, I decided to optimize this process, and instead of the “GET request - parameter handler — launching the application on the server with these parameters”, work with users through a separate web application.
I want to share the pitfalls that I came across in the process, for example, deleting users.
In the console application, the uninstall procedure looked very simple:
When the same thing is done using the simplest form method (textbox to fill in the login and the “Delete” button), the code - in the part where you need to delete a profile from Sharepoint - changes a lot. First, you have to disable Form Digest Setting - otherwise the action “profileManager.RemoveUserProfile (sAccount)” will crash with the error “System.Runtime.InteropServices.COMException: The security checks on this page are not allowed”, since Sharepoint will notice that the operation with profile trying to produce not from its pages. To do this, add the following lines:
Secondly, it turns out that the context of the Sharepoint application, when trying to get it from a web application, does not contain several parameters, without which we get a new error: "System.NullReferenceException: The object reference is not specified in the object instance". To avoid such excesses, add this:
Oh miracle! Our form starts to work. But the goal is to get a username to delete from a GET request. If in the resulting method the user’s login is filled in from Request.QueryString, .NET gives us: “Updates are currently not allowed for GET requests. To enable updates for GET requests, set the 'AllowUnsafeUpdates' property on SPWeb, which hints. Well, let's add 2 more lines. As a result, we get the following code:
Yes, the earth and the sky in comparison with the console application. But - it works! :)
Perhaps, this topic will save someone from a couple of days of annoyed googling.
I want to share the pitfalls that I came across in the process, for example, deleting users.
In the console application, the uninstall procedure looked very simple:
using Microsoft.SharePoint;
using Microsoft.Office.Server;
using Microsoft.Office.Server.UserProfiles;
....
System.Web.Security.Membership.DeleteUser(login);
using (SPSite site = new SPSite("http://sharepoint")
{
ServerContext context = ServerContext.GetContext(site);
UserProfileManager profileManager = new UserProfileManager(context);
string sAccount = "aspnetsqlmembershipprovider:" + login;
profileManager.RemoveUserProfile(sAccount);
}When the same thing is done using the simplest form method (textbox to fill in the login and the “Delete” button), the code - in the part where you need to delete a profile from Sharepoint - changes a lot. First, you have to disable Form Digest Setting - otherwise the action “profileManager.RemoveUserProfile (sAccount)” will crash with the error “System.Runtime.InteropServices.COMException: The security checks on this page are not allowed”, since Sharepoint will notice that the operation with profile trying to produce not from its pages. To do this, add the following lines:
SPWebApplication spWebApp = site.WebApplication;
spWebApp.FormDigestSettings.Enabled = false;Secondly, it turns out that the context of the Sharepoint application, when trying to get it from a web application, does not contain several parameters, without which we get a new error: "System.NullReferenceException: The object reference is not specified in the object instance". To avoid such excesses, add this:
if (HttpContext.Current != null)
{
if (HttpContext.Current.Items["HttpHandlerSPWeb"] == null)
HttpContext.Current.Items["HttpHandlerSPWeb"] = site.OpenWeb();
if (HttpContext.Current.Items["Microsoft.Office.ServerContext"] == null)
HttpContext.Current.Items["Microsoft.Office.ServerContext"] = context;
}
Oh miracle! Our form starts to work. But the goal is to get a username to delete from a GET request. If in the resulting method the user’s login is filled in from Request.QueryString, .NET gives us: “Updates are currently not allowed for GET requests. To enable updates for GET requests, set the 'AllowUnsafeUpdates' property on SPWeb, which hints. Well, let's add 2 more lines. As a result, we get the following code:
using (SPSite site = new SPSite("http://sharepoint"))
{
using (SPWeb web = site.OpenWeb())
{
// GET
web.AllowUnsafeUpdates = true;
web.Update();
ServerContext context = ServerContext.GetContext(site);
// , Sharepoint
if (HttpContext.Current != null)
{
if (HttpContext.Current.Items["HttpHandlerSPWeb"] == null)
HttpContext.Current.Items["HttpHandlerSPWeb"] = web;
if (HttpContext.Current.Items["Microsoft.Office.ServerContext"] == null)
HttpContext.Current.Items["Microsoft.Office.ServerContext"] = context;
}
// Sharepoint
UserProfileManager profileManager = new UserProfileManager(context);
string sAccount = "aspnetsqlmembershipprovider:" + login;
//
profileManager.RemoveUserProfile(sAccount);
// GET
web.AllowUnsafeUpdates = false;
web.Update();
}
}
}
Yes, the earth and the sky in comparison with the console application. But - it works! :)
Perhaps, this topic will save someone from a couple of days of annoyed googling.
')
Source: https://habr.com/ru/post/83891/
All Articles