SharePoint Blogs / SharePoint University
SharePoint Blogs and SharePoint University - all in one place!
Tommy Segoro » MOSS BDC, Search and Web Service: Securing the Search Results for Particular User
Need SharePoint Training? Attend a SharePoint Bootcamp!

Please delete cookies related to sharepointblogs.com and sharepointu.com to resolve login issues!

MOSS BDC, Search and Web Service: Securing the Search Results for Particular User

INTRODUCTION

MOSS BDC is an excellent offering from Microsoft. It allows you to pull data from external sources and bring the meta-data into MOSS which can then be indexed in Search. I have no problem in setting up User Profiles, OOTB MOSS Search, NTFS Search, etc but I'm very-very interested in setting up BDC with Web Service. MOSS has already had capability to securing search results on file system and Exchange public folder search but what about web service? What about if I want to search my custom CRM using PHP and I want to filter the security based on the user who performs the search? How do we do that?

In this post I will share with you what I've done. The example I posted is searching file system using web service but you can modify the code easily to accomodate your needs.

 

KNOWLEDGE LEVEL

This article is quiet advanced. You have to understand how BDC works (the use of Entity, Finder, etc).

 

THE STEPS

1. Define your Entity. Entity is an object which BDC can understand. BDC can't understand your PHP CRM but it can understand BDC Entity if you wrap your PHP CRM into an Entity. For example:

[Serializable]
public class FileEntity
{
public FileEntity(){} public FileEntity(string name, string filename, DateTime dateCreated, DateTime dateLastUpdated)
{
this.name = name;
this.filename = filename;
this.dateCreated = dateCreated;
this.dateLastUpdated = dateLastUpdated;
}

private string name;
private string filename;
private DateTime dateCreated;
private DateTime dateLastUpdated;

public string Name
{
get { return this.name; }
set { this.name = value; }
}

public string Filename
{
get { return this.filename; }
set { this.filename = value; }
}

public DateTime DateCreated
{
get { return this.dateCreated; }
set { this.dateCreated = value; }
}public DateTime DateLastUpdated
{
get { return this.dateLastUpdated; }
set { this.dateLastUpdated = value; }
}

}

Step 2. Use Microsoft's BDC Editor to create your BDC Definition .XML file.
I will not explain how to use the tool in this blog. Please read the documentation. I've supplied with an XML file resulting from that tool so you can modify yourself.

Step 3a. Define the methods for each finder in your web service.
Step 3b. Define your Finder.
Finder is the method that is used by Search to retrieve search results for your entity. There are some finders that are used:
- Finder: To retrieve ALL entities. Used by search results.
- SpecificFinder: To retrieve a particular entity. Used when you click on a search result and that link will bring you a specific Entity details.
- IdEnumerator: Enumerate the ID of each Entity. Each entity must be identified by an ID and this method will collect the IDs.
- AccessChecker: This is the method that is called by the search results whether an Entity can be accessed or not by a particular user. If user doesn't have access to a particular entity, that entity won't be displayed in the search results.

It will be clearer if you download the source code. Open the XML and the web service project then you will know how to assign web service method to a finder.

And this is how the AccessChecker is configured as web method:

[WebMethod]
public System.Int64 CheckAccess(string name, string username)
{
IMPLEMENT YOUR SECURITY CHECK HERE!

if (username.ToLower().Contains("sharepoint"))
return 0; --> RETURN 0 MEANS THE USER DOESN'T HAVE ACCESS

return 1; --> RETURN 1 MEANS THE USER HAS ACCESS

}

The username input variable will be populated by the current logged in user in Sharepoint.

In BDC XML please have a look below:

- <Method Name="CheckAccess"> -->> The Web service method name as above
- <FilterDescriptors>
  <FilterDescriptor Name="fd" Type="UserContext" /> --->> Return current logged in user in Sharepoint
  </FilterDescriptors>
- <Parameters>
- <Parameter Direction="In" Name="name">
  <TypeDescriptor TypeName="System.String, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" IdentifierName="name" Name="name" />
  </Parameter>
- <Parameter Name="username" Direction="In">
  <TypeDescriptor Name="username" TypeName="System.String" AssociatedFilter="fd" />  -->> Pass logged in user to username variable of the method
  </Parameter>
- <Parameter Name="out" Direction="Return">
  <TypeDescriptor Name="out" TypeName="System.Int64" />
  </Parameter>
  </Parameters>
- <MethodInstances>
  <MethodInstance Name="CheckAccess" Type="AccessChecker" ReturnParameterName="out" />
  </MethodInstances>
  </Method>
  </Methods> 

Step 4. Create a crawl rule with the following settings:

- Path: bdc2//*
- Include all items in path, Crawl complex URLs

Step 5. Register security trimmer.

stsadm -o registersecuritytrimmer -ssp "MOSS SSP" -id 0 -typename "Microsoft.Office.Server.ApplicationRegistry.Search.QueryProcessorSecurityTrimmer, Microsoft.SharePoint.Portal, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" -rulepath "bdc2://*" 

Step 6. Configure MOSS Search and add BDC as your content source. 

Any questions please let me know.

 

KNOWN ISSUE

The AccessChecker method will not be called if you perform search only from one content source (eg. only the web service). You need to run at least 2 content sources. 

 

DOWNLOADS

Download the Microsoft BDC Editor here: http://www.microsoft.com/downloads/details.aspx?FamilyId=6D94E307-67D9-41AC-B2D6-0074D6286FA9&displaylang=en. Please note that you need to upgrade the SQLEXPRESS to SP2 before you install the tool to avoid Windows to keep asking you to update the SQL Express. You can't do this after you install the SQL Express. The update somehow failed all the time (happened to me using Windows Vista). Anyway, to do this:
- Download the BDC Editor then there is a folder where SQLEXPR.EXE is located. 
- Download SQL EXpress with SP2 from http://www.microsoft.com/downloads/details.aspx?FamilyID=31711d5d-725c-4afa-9d65-e4465cdff1e7&DisplayLang=en
- Replace SQLEXPR.EXE in BDC installation folder with the one you just downloaded (has to be renamed to SQLEXPR.EXE).
- Install the tool. It will then use the updated SQLEXPR.EXE.

Download the web service and BDC project here: http://www.smallbusinesshosting.com.au/WebServiceTest.zip

The Test.XML is the BDC entity that you can upload to BDC. Please change to suit your needs.

 

SCREENSHOTS

Logged in as normal user, he cannot see the Entity in search results:

 

Logged in as Admin I can see the Entity

 

Posted 09-17-2008 6:33 PM by tommysegoro

Comments

Tommy Segoro wrote MOSS BDC, Search and Web Service: Modifying Search Results Web-Part
on 09-19-2008 3:49 AM

INTRODUCTION This post is related to my other post regarding securing search results for currently-logged

jrun wrote re: MOSS BDC, Search and Web Service: Securing the Search Results for Particular User
on 04-11-2009 12:15 PM

Can you expand on what you mean by this? :

The AccessChecker method will not be called if you perform search only from one content source (eg. only the web service). You need to run at least 2 content sources.

I have a similar web service with an AccessChecker that is never getting called.  I'm not sure what I'm supposed to do to meet the requirement for at least 2 content sources.  Do I need to upload a second Application Definition and add it as a content source just to get the first one to work?

Add a Comment

(required)  
(optional)
(required)  
Remember Me?
Need SharePoint Training? Attend a SharePoint Bootcamp!
Posts (c) their respective authors. Everything else (c) 2009 SharePoint Experts, Inc.