Saturday, March 5, 2016

Http Handler to redirect Security Urls for Non Site Collection Administrators

Hi,

There were certain security urls where only site collection administrator should view.

Non site collection administrator should get AccessDenied Page of the site collection.

To achieve this, we have written the below code in the class library as below

public class Redirect : IHttpModule
    {
        public void Init(HttpApplication context)
        {
            context.PreRequestHandlerExecute += new EventHandler(ProcessRequestHandler);
        }

        private static void OnPreSendRequestHeaders(object sender, EventArgs eventArgs)
        {

        }

        private void ProcessRequestHandler(object sender, EventArgs e)
        {
            try
            {
                //using (StreamWriter writer = new StreamWriter("C:\\log.txt", true))
                //{
                    //writer.WriteLine(System.DateTime.Now);
                    HttpApplication context = (HttpApplication)sender;
                    string requestUrl = Convert.ToString(context.Request.Url);
                    string User = context.User.Identity.Name;
                    string strAbsoluteUri = context.Request.Url.AbsoluteUri.ToLower();
                    // check if request is accessing aspx page
                    if (strAbsoluteUri.Contains("/_layouts/15/sitemanager.aspx") || strAbsoluteUri.Contains("/_layouts/15/savetmpl.aspx") || strAbsoluteUri.Contains("/_layouts/15/mngsiteadmin.aspx") || strAbsoluteUri.Contains("/_layouts/15/mngsubwebs.aspx") || strAbsoluteUri.Contains("/_layouts/15/sitedirectorysettings.aspx") || strAbsoluteUri.Contains("/_layouts/15/mngctype.aspx") || strAbsoluteUri.Contains("/_layouts/15/adminrecyclebin.aspx") || strAbsoluteUri.Contains("/_layouts/15/areanavigationsettings.aspx") || strAbsoluteUri.Contains("/_layouts/15/user.aspx") || strAbsoluteUri.Contains("/_layouts/15/spusageweb.aspx") || strAbsoluteUri.Contains("/_layouts/15/subedit.aspx") || strAbsoluteUri.Contains("/_layouts/15/subchoos.aspx") || strAbsoluteUri.Contains("/_catalogs/wt/forms/common.aspx") || strAbsoluteUri.Contains("/_catalogs/wt/forms/allitems.aspx") || strAbsoluteUri.Contains("/_layouts/15/mngfield.aspx") || strAbsoluteUri.Contains("/_catalogs/lt/forms/allitems.aspx") || strAbsoluteUri.Contains("/_catalogs/theme/forms/allitems.aspx") || strAbsoluteUri.Contains("/_catalogs/wp/forms/allitems.aspx") || strAbsoluteUri.Contains("/_catalogs/solutions/") || strAbsoluteUri.Contains("/_layouts/15/sharepointdesignersettings.aspx") || strAbsoluteUri.Contains("/_layouts/15/areawelcomepage.aspx") || strAbsoluteUri.Contains("/_layouts/15/areatemplatesettings.aspx") || strAbsoluteUri.Contains("?pageview=shared&toolpaneview=2") || strAbsoluteUri.Contains("/_catalogs/users/simple.aspx") || strAbsoluteUri.Contains("/_layouts/15/newsbweb.aspx") || strAbsoluteUri.Contains("/_layouts/15/create.aspx") || strAbsoluteUri.Contains("/_layouts/15/spcf.aspx") || strAbsoluteUri.Contains("/_layouts/15/appregnew.aspx") || strAbsoluteUri.Contains("/_layouts/15/srchvis.aspx") || strAbsoluteUri.Contains("/_layouts/15/spcontnt.aspx") || strAbsoluteUri.Contains("/_layouts/15/role.aspx") || strAbsoluteUri.Contains("/_layouts/15/createpage.aspx") || strAbsoluteUri.Contains("/_layouts/15/sitesubs.aspx") || strAbsoluteUri.Contains("/_layouts/15/prjsetng.aspx") || strAbsoluteUri.Contains("/_layouts/15/bpcf.aspx") || strAbsoluteUri.Contains("/_layouts/15/mcontent.aspx") || strAbsoluteUri.Contains("/_layouts/15/people.aspx") || strAbsoluteUri.Contains("/_layouts/15/viewlsts.aspx") || strAbsoluteUri.Contains("/_layouts/15/recyclebin.aspx") || strAbsoluteUri.Contains("/_catalogs/masterpage/forms/allitems.aspx") || strAbsoluteUri.Contains("/_layouts/15/user.aspx") || strAbsoluteUri.Contains("/_layouts/15/groups.aspx") || strAbsoluteUri.Contains("/_layouts/15/managefeatures.aspx") || strAbsoluteUri.Contains("/_layouts/15/changesitemasterpage.aspx") || strAbsoluteUri.Contains("/_layouts/15/settings.aspx"))                       
                    {

                        using (SPSite site = new SPSite(SPContext.Current.Site.Url.ToString()))
                        {
                            using (SPWeb web = site.OpenWeb())
                            {

                                if (!web.CurrentUser.IsSiteAdmin)
                                {
                                    redirectToRegistrationPage(context);
                                }
                            }
                        }

                    }
                    //writer.WriteLine(System.DateTime.Now);
                //}
            }
            catch (Exception ex)
            {
            }
        }



        private void redirectToRegistrationPage(HttpApplication context)
        {
            context.Response.Redirect(SPContext.Current.Web.Url.ToString() + "/_layouts/15/AccessDenied.aspx");
        }


        public void Dispose()
        {

        }
    }

Deployment

1)      Copied and Pasted the dll into the bin folder of the web application
2)      Update the below in the web app web config under modules section in the below format
<add name="solutionname" type=" solutionname.classname, solutionname " />

Now non site collection administrators get the current site collection Access Denied Page as below

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)