Skip to content

Day5 – Dev


web part definition file type is = namespace + assembly name
export a web part : auto generates the xml file
sensitive properties: are not exported
this behavior can be overriden.

For any file on visual studio – click the file in the solution explorer and view the file properties : Copy to output directory or not!.
Content: co -exist with the dll (chosen this)
Embedded: embedded in dll and then read

Build checks syntax only.
Copy to output directory: Assembly : bin : debug or release : output dir.

Web part gallery : delete item, then remove from web app sharepoint bin folder the dll and also comment the safe control entry in the web.config.

2 ways to deploy: one is deploy to the server gallery.

Deploy to all sites in all site collections for that n application
= Deploying to the server gallery does not require feature – in the root directory of the server.
Use dwpfiles
Deploy to particular application’s web part gallery. (Recommended way) – For this need to create a feature,it is in the database – deploying in the database means feature.

If necessary : three files copied to output directory.
Configuring a web part is only possible through one channel: Properties
Create all child controls as fields and refactor->encapsulate them , when properties are for controls then tell if these properties are to be shown in the property editor or not.
Metadata for classes, methods etc everything: put these attributes before elements – in square brackets and write them directly before the property.

If you add web part in shared view but cannot be editable in personal.!!!
If you say user: editable both in shared and personal view.!!!

All Files of our web part:


Always specify the defaultValue of an field. Mandatory attributes: Personalizable, DefaultValue, WebBrowser, Web DisplayName
render: chrome bit
renderContents: only for html
Rootweb – dont ever dispose the web objects.


Permission: Right only definitions and prinicipal (users or groups)
ACL : X user on Y object on Z op

CAS: Code access security: Access of one class to another class. Who is the user running the application is not imprt. An assembly – whole dll receives a set of permissions and based on that perm any class can call the other class. Demand side and Require side.
Permissions are also classes. Every one can define permission in their assembly.

How can one recv and send permission = code access security policy. Defined using:

1. Permission Set : Named set of perm : some predefine sets exists.

2. Code groups : Logical condition and any assembly that fulfills that condition is a part of that code group. For example: a dll loaded from xyz path is a condition.
Any dll which has this public key, or name etc, any condition can be specified.

For new library, new *casp needs to be created.
Special case of *pset is “Full Trust” : This is built in and it doesnt consist of any permission – like the *SiteColln role = which is above permissions level.
Any code can use that. Default CASP * in desktop is full trust.

ASP.NET does not have CASP for each application. Trust level is basically another name for CASP.
Trust level = web.config file, ASP.NET comes with five trust levels : Minimal,…..Full(Default is full).
Production ASP.NEt sites should not run at full trust level – or create your own trust level.
Sharepoint – uses trust levels,and forces us to use the trust levels.

1. We raise the trust level of Sharepoint – not recommended.
2. Everything that we put in GAC : we get full trust
3. Add CASP that augments or adds to M/s CASP policy.
Build part of pilicy: these components and these policies or full policy : one time activity to plan it.

Recommend Every class must mention it:
PermCalc.dll – pointed to any dll and it will produce a xml and states which class requires what?.

Layout pages run as full trust – since they are administration pages. But whatever code runs inside sharepoint – it runs according to the
security policy : wss.minimal

SecurityClasses: will have FirstMatchCodeGroup there in all policy file


Permission Set: combination of IPermission refcg security class name ASPNetHostingPermission, SecurityPermission.
Permission classes, Code Group = nested – since these can combine with IMembershipCondition.
FirstMatchCodeGroup : if group not matched then give no permission

ASPNetHostingPermission: All asp controls,
WebPart Permission: withouth which web parts will not work?.

AppDirUL: Bin folder dll will have permission set
CodeGen: Code which is directly written inline in aspx will get permission set

CodeGen: Full trust: WsS_Minimal. : SPRestructed

Load a dll: GAC / /Probe Path – default/define probe path is bin.
sharepoint redefines probe path so it can load dll from bin or _app_bin it will get full trust.
so if we remove from bin and put it in _app_bin.

Solution package: doesnt allow us any way to deploy to _app_bin, however the dll are shared (Replace dll )
private global assembly cache for an application, every .net application in the entire machine can access GAC.
for mannually _app_bin: manual restart app domain
for bin: auto restarted when dll is changed for app domain.

Web.config: No one should have access to this file. This file defines the default trust level that is to be used for the whole application
so if i say minimal then ASPNetHosting Permission is GRANTED to our running code – it is Granted by ways of trust tag!.

Digitally signed certificate? for code acccess policy? : The code would be allowed to access? OTherwise loopholes of manual checks by admin before deploying.
Class name : alias.
Permission: name Fully qualified class name and fully qualified assembly name.

WSS_custom : new trust level introduced and this has the file :

pre render: data on page.

The first web part will: selection of list: show name of the list
Second web part : Given the name of the list will show the details of the list.

ListSelector: In design mode it will contain a drop down list box containing the names of the non hidden list in the current site and it will allow the user to choose one.
In the display mode if the list has been chosen it will show the title of the list and the number of items of the list and if the user has the appropriate permission and add

Internal name lower case, Download m/ library developers guide on msdn. Contains complete set of conventions : FXCOP checks the
VS TeamSystem : Code analysis. Web browsable is false – no need to provide display name and display desc – since web browsable is false: stores only info and not displayed on user page.

Rule is: : createChildControls : if it has the same data always – then keep it there
Filling data: contents of listbox can change – therefore the list will be there will be uniform but the content will be somewhere else.

On reload page: createChildControls is called again.
First PreRender then OnLoad:

createChildControls: cannot get selected index

onPrerender, onLoad we can get the selected index.
Event handlers happen after onLoad. and before PreRender.

Sequence of events that execute:
a.On pre init
b.Create Child Init
c. OnLoad
d. EventHandler (index change)
e. Render happens is third. (on pre render- pure UI decision)

Selection change: page relaod: createChild refired. the current selected item set then come to onLoad then event handler. what do we when the user selects a list item?.
We should set the property.

Things to take care of:

RULE 1: before Property values are get/set before the createChildControls.
CreateChildControls:If we change the property after createChildControls =- so the changed values are NOT saved !!! Here we are changing in the event handler, so we need to call a special method, this.setPersonalizationDirty : Properties have changed – please save call it once = sufficient!.

Property is saved in the database: Initialize it from the property : at the time of createChildControls
CreateChildControl – may or may not finish before another method called, since createChildControl – is called ASYNCH!.
It is our job to ensure – that the control has been created – ensure this – this.ensureChildControls();

2Exceptions are:
(1) in Event handlers : need not call in ensureChildControls();
(2) do not write ensureChildControls() -> waits for CreateChildControls. – so waits forever.

Find out the current mode of the web part is.
WebPartManager has the display modes in static properties: by default page in browse display mode.
Add web part is in Catalog display mode and when we are editing properties then it is editDisplayMode.

Provider : Push, Provide the data
Consumer: Consume the data

Every time page the page refreshes, the web part manager , exposes the provider data of the web part .
A single consumer can recv input from multiple provider web parts.

Each provider channel to as many consumer web parts.
Each consumer channel can be connected only one provider channerl.

SHAREPOINT: Each provider, consumer can be same web part. Technically, provation: IConnProvider, (WebControls.WebParts) Interferces called by WebPartManager – on provider first, consumer .second, these methods are always called after Event Handlers BUT BEFORE Pre-Render.

Use THIS: ASP.NET: Can define one’s own interface: Being a provider I want to define these interfaces and giving capability of consumer web part of directly calling consumer web part. Web Part Manager gets Provider refc and hands over to consumer – thereafter DIRECT communication between provider and consumer.

Returns an interface and decorate this method with attribute – connection provider. Called everytime page refresh.
Consumer: This method recvs a paramter : the interface that comes from provider : Decorated with attribute named consumer method.
*WPM from provider web part it calls the provider method and it recvs the interface and then it calls the consumer method the interface, the consumer has the interface and directly calls the interface method. ConnectionConsumerAttribute, ConnectionProviderAttribute.

Event handler
Event Receiver: Before and After.
BeforeAdding (Synchronous) -ing’s = adding
and AfterAdding (Asynchronous) -ed’s = added.
Install a eventHandler via a feature.

Data uniqueness, one of the ways to do so is EventReceiver.
this.disableEventFiring() – to disable other events from firing !.

ItemAdding: Can access afterPRoperties
ItemUpdating: Use before and after properties

Any “ing” – cancel : adding will not happen.Corresponding is error message – which gives the error message in the case you want cancellation to occur, few others like web URL which gives the URL of the current site – the site on which the event occur.

In an EventRecevier we cannot use the class called SPContext.
Deploy the Event Handlers as FEATURES!

EventReceiver has to be installed to GAC – one of the reasons apply to all lists of that type in all sites and applications.
Activated on a per site basis. Assembly must be strongly named means it must have a pkt : Public key token.

In cryptography 2 ways in which things can be encrypted.
Reversible encryption : Cryptoalgo : Cipher text [Symmetric Key encryption Ppl need to share keys ,
Irreversible encryption : Hashing

ASymmetric Key : enc with A, dec with B, ( enc with B , dec with A) ]
Use private key to encrypt:
Use public key to decrypt: Guarentees authentication, Encrypt with public key only private key used to decrypt.

Sign library – using the assym key like this so that it guarentees that it has come from XXX person. It creates public / private key.
Embeds public key in the assemble and encrypts part of assembly using private key.
On loading of assembly : .NET framework -looks for public key and then decrypts the small part of code and if it is decrypted with public key then OK else error is raised!,

Create one key pair and use that to sign multiple assemblies.Shared key file. for key file generation – keep password.
.NET Framework Developer Toolkit = sn -T STEventRecv.dll
sn -Tp : complete public key
sn -T : Public key token
The moment you sign an assembly with a strong name: By default it cannot be loaded by anyone with less than Full Trust,
To make that – possible – to load assembly with PK’s with less than full trust – this is an attribute at assembly level.
For Sharepoint : it is even more impt – because even *SP doesnt run with full trust.
Assembly attribute can be put in any code file but we can put it in the file :AssemblyInfo.cs
Using System.Security . [assembly: AllowPartiallyTrustedCallers] : Good idea to add PK + Allow this.

Deploy to GAC : So we need to reset web server in the manifest.xml : Within the solution: Assemblies.
*********************************************************************************(1) How to set up an event handler and
(2) second how to view errors? and third is
SPQuery is also Security tRIMMED , means when we search for new items only within the limited items to which the user who is adding items has permissions.
(3) How do you make Search Results has everything in the list: Elevated Privileges: Normally code in any part of sharepoint runs as the person logged, if you want you can ask it to run – as the process ID: This scenarios requires elevated privileges.


No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: