Inconsistent behave of SPSecurityTrimmedControl:

SPSecurityTrimmedControl: SPSecurityTrimmedControl is very power full control came with wss 3.0 it basically control that allows you to conditionally display/hide pieces of your site Microsoft.SharePoint.WebControls.SPSecurityTrimmedControl we can display / hide content using a few different criteria like
1. authentication for anonymous / authenticated users only
2. page Mode [ page in display or edit mode
3. And Current user’s Permission.
We would have to use the Code like below in Our Master Page or Page Layout Code.

Write your code here…………………………………………

Even if the SPSecurityTrimmedControl worked as it should, it would still have a major flaw. SPSecurityTrimmedControl is meant to display conditionally content: this can be plain text, HTML or ASP.NET controls. The problem is with how it determines whether it should show its contents or not. As the SPSecurityTrimmedControls performs the check almost at the end of its lifecycle in the Render method, almost every method of every child control gets executed: even if it won’t be included in the generated HTML!
With all that I decided to create a custom SecurityTrimmedControl that would:
a. Work as you would expect it to.
b. Prevent the child controls from being executed if the whole control is hidden.
Proudly introducing the ImtechSecurityTrimmedControl:
[ParseChildren(true)]
public class ImtechkkSecurityTrimmedControl : Control
{
public ITemplate ContentTemplate { get; set; }
public AuthenticationRestrictions AuthenticationRestrictions { get; set; }
public SPControlMode PageMode { get; set; }
private static AuthenticationRestrictions CurrentAuthenticationRestriction
{
get
{
AuthenticationRestrictions currentAuthenticationRestriction = HttpContext.Current.Request.IsAuthenticated ? AuthenticationRestrictions.AuthenticatedUsersOnly : AuthenticationRestrictions.AnonymousUsersOnly;

return currentAuthenticationRestriction;
}
}

private static SPControlMode CurrentPageMode
{
get
{
SPControlMode pageMode = SPControlMode.Invalid;

if (HttpContext.Current != null)
{
HttpRequest request = HttpContext.Current.Request;
if (IsDocLibListItem)
{
pageMode = (request.Form.Get(“MSOAuthoringConsole_FormContext”) == “1”) ? SPControlMode.Edit : SPControlMode.Display;
}

if ((pageMode == SPControlMode.Display) && (request.QueryString.Get(“ControlMode”) == “Edit”))
{
pageMode = SPControlMode.Edit;
}
}

return pageMode;
}
}

private static bool IsDocLibListItem
{
get
{
return SPContext.Current != null &&
SPContext.Current.ListItem != null &&
SPContext.Current.ItemId != 0;
}
}

private bool ShouldRender
{
get
{
return AuthenticationRestrictionMatchesCurrentRequest(AuthenticationRestrictions) && PageIsInMode(PageMode);
}
}

internal bool PageIsInMode(SPControlMode pageMode)
{
return pageMode == 0 ||
CurrentPageMode == pageMode;
}

private static bool AuthenticationRestrictionMatchesCurrentRequest(AuthenticationRestrictions authenticationRestrictions)
{
return authenticationRestrictions == 0 ||
authenticationRestrictions == AuthenticationRestrictions.AllUsers ||
CurrentAuthenticationRestriction == authenticationRestrictions;
}

protected override void CreateChildControls()
{
base.CreateChildControls();

if (ContentTemplate != null && ShouldRender)
{
Control container = new Control();
ContentTemplate.InstantiateIn(container);
Controls.Add(container);
}
}
}
Code given above is pretty straight-forward and simple After performing a few checks the control uses a template to instantiate its children if required. Because the ImtechSecurityTrimmedControl doesn’t have any HTML markup of its own, it derives from the System.Web.UI.Control base class. Because of that the ParseChildren attribute has to be explicitly set to true to make the control parse the ContentTemplate. If we inherited from the WebControl base class this would be done for us, but then we would end up with a pretty div in the generated HTML.
One thing that I didn’t include is the support for permissions. The reason for this is pretty simple: in all the projects I’ve worked on so far, I have never had a need to use that kind of functionality. And in case you need it: you can easily extend the control to support it.

About Krishana Kumar

Krishana Kumar is SharePoint Architect/Trainer having Architecture experience with high volumes at Enterprise level and global scale - creation of highly scalable solutions with global user base and geographically distributed architectural components. Good knowledge of SharePoint best practices and governance models. I hold Two Master degree in Computer Science with over 11 years of experience working on Microsoft Technologies specially SharePoint, Project, .NET and other Information Worker Technologies. Having good exposer in Client side scripting Angular.js, backbone and Node. I am currently responsible for SharePoint Infrastructure set up and leading teams in various medium and large scale projects, architecting, designing & installing SharePoint farms, developing custom components,, and providing advanced SharePoint administration and development training to teams and customers. I regularly speaks in various SharePoint User Groups and other Events. I have MCSA Windows Azure, MCSA Office 365, MCSE & MCSD SharePoint 2013, Microsoft Certified Developer (MCD) and holds MCPD, MCTIP and MCTS for SharePoint 2010, MCTS MOSS 2007 & WSS 3.0, MCPD, MCITP (EPM 2010 & 2007) and MCSD .NET.
This entry was posted in General Interest. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *