Guest Portal in SharePoint

Guest Portal

A Guest Portal is a portal for displaying projects to guest users without access to the main portal. Since we don't want to provide the main portal's access to a guest user, we create a new portal in another site collection and provide access to guest users and display projects that are shared with the user and share information stored in the list.

Guest Portal Implementation

Guest User List

A Guest Portal contains a list for storing the Project URL and the guest user's information.


Figure 1 : Guest User List

Custom Action in Main Portal

Create a Share Project custom action button in the Manage tab of the Document Set.


Figure 2 : Share Project custom action

In the custom action we've used a JavaScript for calling the New Item form of the Guest User List and passed parameters as a Query String.


Figure 3 : Ribbon Custom Action

The following is the JavaScript code used in the Navigate to URL:

  1. javascript: var getQS = function ()  
  2.     {  
  3.         var params = {}, queries, temp, i, l; queries = location.search.substring(1).split("&");  
  4.         for (i = 0, l = queries.length; i < l; i++) {  
  5.             temp = queries[i].split('='); params[temp[0]] = temp[1];  
  6.         }  
  7.         return params;  
  8.     };  
  9.     var qs = getQS(); OpenPopUpPage('http://GuestPortalUrl/Lists/Guest User List/NewForm.aspx? Source=' +  
  10.         qs["RecSrc"] + '&PID=' + qs["ID"] + '&ListId={ListId}&Site={SiteUrl}'function (result, target)  
  11.         {  
  12.             if (result == SP.UI.DialogResult.OK) SP.UI.Notify.addNotification("Project shared successfully"false""null);  
  13.         })  
Ribbon Location is set to the share section of the manage document set: Ribbon.ManageDocumentSet.MDS.Share.Controls._children

Share Project

On clicking Share Project from the ribbon, the new/edit form of the guest user list opens in a popup depending on whether this project is previously shared or not:


Figure 4 : New Item form of Guest user list

In the new/edit form, we have used a JavaScript to retrieve the project's information from the main portal using the REST API. As you can see in the preceding JavaScript code used in the custom action, we are passing 4 query string parameters to the new item form of the Guest User List:

 

  1. Source: relative URL of the project being shared.
  2. PID: value of auto generated ID column of Project.
  3. ListId: GUID of the Project list.
  4. Site: Site collection URL.

The following is the JavaScript that is used in the forms to fetch data and process the URL.


Figure 5: JavaScript used in new form

On the page load event, the JavaScript code checks if the project exists then the loads edit form otherwise fetches the project information using query string parameters and the REST API.

Display Shared Projects

We've used the DataView webpart for displaying shared projects.

Data Sources

We've used web services for fetching data from the main portal. Used the List.asmx web service and called the GetListItems method of that service by passing the List GUID and View GUID as a parameter. Also used impersonation by passing authentication information in the Login tab.


Figure 6 : Web service Data Source

Since guest users will not have access to the Projects List and Guest User List, so we've created 2 separate data sources, namely:

  1. Guest Projects: Data source for fetching data from the Projects List in the main portal.
  2. Guest Users: Data source for fetching data from the Guest User List in the guest portal.

Linked Data Source

We've created one linked source for joining data from Guest Users and Guest Projects data sources.


Figure 7 : Linked Data Source

Data View webpart on Page

In the dataview webpart we've used a linked data source created in the previous step. In the Guest Users data source we added the filter “Guest User = Current User” and in the Guest Project data source we added the filter “z:row[contains(@ows_FileRef,$relURL) and @ows_Contract_x0020_Status = 'Ongoing']”. And then modified display xslt. The attached is the code for the webpart.


Figure 8 : Guest Projects dataview webpart

Downloading Project documents

Since a guest user doesn't have access to the main portal, if they try to download or open the documents uploaded in the projects then they will get an access denied error. So for downloading the documents on the behalf of a guest user we have created a handler that is running with elevated privileges.

The code in HttpHandler checks in the Guest User List, whether the project is shared with the login user or not. If the project is shared then it downloads the document by running code with under SPSecurity.RunWithElevatedPrivileges code block.

The handler takes 4 arguments passed as a query string:

  1. Listguid: GUID of the Projects list
  2. Itemguid: GUID of the document to be downloaded.
  3. url: URL of the main site.
  4. gulid: GUID of the Guest User List.

Handler Code Overview

  • Checked if the user has access to the Guest Portal.
  • Under the RunWithElevatedPrivileges code block, accessed the project's URL.
  • In the Guest User List, checked if they exist with the project's URL and the currently logged in user as Guest User.
  • Then started downloading the file from the SPFile object of that document.


Figure 9 :
HTTPHander Code snippet

Problems in Accessing data through web service

Https problem


When we are accessing data using a web service from an HTTPS enabled site then it will throw “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel” error if the certificate is not in the Trusted Root Certification Authorities.


Figure 10 : Trusted Root Certification Authorities

Once the Certificate Error is resolved then you are able to login on the server.

Loopback check enabled on server


Since the web service is running on the server, if we try to access the web service then it will throw a “HTTP 401.1 - Unauthorized: Logon Failed” error since the user is not able to login to the web service because a loopback check is enabled on the Windows server.

A loopback check is a security feature designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

Follow the procedure specified in this Microsoft support document to disable the loopback check. http://support.microsoft.com/kb/896861

Up Next
    Ebook Download
    View all
    Learn
    View all