IN THIS CHAPTER
Identity is quite often at the top of the priority list for intranet and Internet applications, even if it is agreed that anonymous users will have access. For system administrators (and, potentially, compliance investigators) to know which users made changes to the system, and when they made the changes, the system needs to keep track of who is using it.
In addition to keeping track of which users are on the system, Microsoft Office SharePoint Server (MOSS) needs to give administrators the ability to control and secure access to the system through user groups and permissions. This chapter shows you how to use the User Groups Web Service, the User Profile Web Service, and how to work with security remotely via web services.
Microsoft Office SharePoint Server (MOSS) 2007 provides many enhancements to user profiles over previous versions as well as additional functionality above and beyond the functionality provided by Windows SharePoint Services v3.0. The following is a list of just a few of the enhancements and additions that have been made to user profile support in MOSS:
If you don’t have local access to the SharePoint object model and you want to access and manipulate user profiles, you can use the User Profile Web Service. This web service can be found at http://[server]/_vti_bin/userprofileservice.asmx. This web service is a portal-scoped web service that works with the MOSS (not Windows SharePoint Services [WSS]) user profile data store.
Table 24.1 provides a list of methods available on the User Profile Web Service.
Table 24.1. User Profile Web Service Methods
All of the methods relating to commonalities among profiles, such as GetInCommon
or GetCommonManager
, deal with the new social networking features inherent in MOSS 2007, such as the concept of “social distance” and implicit and explicit linking of user profiles through common links.
There are a lot of methods on the User Profile Service, some of which are more commonly used than others. One of the most common reasons why client applications consume the MOSS User Profile Service is to read profile properties.
To see how to write code that will examine profile properties, take a look at the code in Listing 24.1. This is the code for the main form of a Windows Forms application. The user of the application supplies an account name in a text box and then clicks a button to retrieve all of the profile properties (stored as name:value pairs) for that user account. The profile properties are then added to a list view on the main form.
Listing 24.1. Retrieving User Profile Properties
When this application runs and loads a valid user profile, the main form looks like the one shown in Figure 24.1.
Figure 24.1. User profile properties.
One thing you might have noticed from the code in Listing 24.1 is that the application actually has two references to web services. The first reference is to the User Profile Web Service, whereas the second is a reference to the User Profile Change Web Service. The latter provides methods for querying the change log as it pertains to user profiles.
The sample application has a button on the main form that loads a second form called ChangeLogViewer
. The form is invoked by retrieving a UserProfileDataChangeContainer
instance from the user profile change service:
The code for this form is shown in Listing 24.2.
Listing 24.2. Code to Display Changes to a User Profile
Although the preceding code samples are far from paragons of good Windows Forms application design, they do illustrate one of the most common use cases for the user profile services—obtaining user profile properties and a list of changes made to those properties over time. A sample of the user profile change log output is shown in Figure 24.2.
Figure 24.2. User profile change history.
Table 24.2 shows the methods available on the User Profile Change Web Service, which can be accessed at http://[MOSS root]/_vti_bin/userprofilechangeservice.asmx.
Table 24.2. User Profile Change Web Service Methods
Change tokens are mentioned quite a bit in Table 24.2. A change token is really nothing more than a string representing the last moment in time that a change took place. These tokens are useful in retrieving all changes that have taken place since that token occurred. If you were to examine the internals of SharePoint’s change audit log, you would see that every change is associated with a change token.
A change token is a delimited string with the following parts in the following order:
If you have access to the SharePoint object model, you can use the SPChangeToken
class for dealing with change tokens. The form displayed in Figure 24.2 displays the change token associated with the set of changes displayed on that form.
The User Group Web Service has a fairly obvious purpose—it provides access to read and manipulate groups, roles, and group and role memberships. See Table 24.3 for a list of User Group Web Service methods. The User Group Web Service is a WSS-provided service. As such, you connect to the service at the site collection level.
Table 24.3. User Group Web Service Methods
All of the operations performed by the User Group Web Service are done with regard to the site collection to which the client was bound. For example, operations on server/siteA/_vti_bin/usergroup.asmx
will take place in an entirely different scope than methods called on server/siteB/_vti_bin/usergroup.asmx
.
To illustrate how to use the User Group Web Service to obtain a list of groups on a given site as well as enumerate the list of security principles contained within those groups, this chapter includes a sample written using the Windows Presentation Foundation (WPF; part of the .NET Framework 3.0). Don’t worry if you’re not familiar with WPF; this sample makes extensive use of the monostate
(see Agile Principles, Patterns, and Practices in C# [ISBN: 0131857258], pg. 331) pattern, so all you need to worry about is how to populate a business object with data from the web service and WPF takes care of the rest.
The code in Listing 24.3 shows the code for the main window of the WPF application. It simply populates an object model and lets WPF’s powerful data-binding capabilities handle the rest. Make sure that you modify the web service URL and credentials to suit your own environment.
Listing 24.3. Code-behind for a XAML Window Bound to Data from the User Group Web Service
Figure 24.3 shows an example of this application running on Windows Vista.
Figure 24.3. WPF data binding to data from the User Group Web Service.
This chapter illustrated how to work with user profiles, user profile changes, and change history, as well as how to access and manipulate user groups, roles, and group and role memberships. Knowing the difference between roles, groups, group and role memberships, user profiles and user profile changes, and how to programmatically access all of that functionality remotely via web services will add even more tools to your ever-growing arsenal of potential SharePoint development solutions.