Wednesday, April 30, 2008

Security architectures for portal platforms

[16 oct 2008 - There is a new better version of this post at 
Regards, Tomas]

Do you want to secure more than one application? Manage identities efficiently? This is a first post in a upcoming series around the subject of security in terms of access and identity management solutions managing the security functions for a portal platform.

The idea is to centralize the authentification, authorization, administration and delegation of user identities (to create, update, delete and block user accounts) and access control of to user data to a company-wide common platform of reuseable components, instead of doing that in each and every application. For instance, a user’s address may be changed and the identity management solution immediately propagates that into every application and system integrated by the identity management solution. In extranet solutions you may even delegate the user management of a partner company’s users to a superuser in the partner company’s organization by making the identity management solution accessible on the internet (this scenario requires the identity management solution to be used in conjunction with an access management solution).

Login methods (such as userid/pwd, digital certificates, smartcards etc) may be added to a separate login service. The access management platform ties different login methods to different applications. By choosing this way, you don’t use the built-in security functions of the portal product at all. You trust the access management platform to secure all portal applications. The access management platform may also be used to secure a web services environment in a SOA architecture implementation. Yet another scenario is to secure both an existing web site and a new site during migration.

© Copyright 2008, Tomas Elfving

Monday, April 7, 2008

Setting multivalue properties in User profile

More on User profiles; MOSS 2007 supports multivalue properties in the User profiles, but how do you set these fields? The this[] operator on the UserProfile object returns an ArrayList called UserProfileValueCollection. This code example shows you how to add multiple values to a multivalue property:

Add references to Microsoft.Office.Server, Microsoft.SharePoint and System.Web in your Microsoft Visual Studio project.

using System;
using System.Collections.Generic;
using System.Text;

using Microsoft.Office.Server;

using Microsoft.Office.Server.Administration;

using Microsoft.Office.Server.UserProfiles;

using Microsoft.SharePoint;

using System.Web;

namespace UserProfilesDemoApp


class UserProfileProgram


static void Main(string[] args)


using (SPSite site = new SPSite("http://servername"))


ServerContext serverContext = ServerContext.GetContext(site);

UserProfileManager userProfileManager = new UserProfileManager(context);

UserProfile userProfile = userProfileManager.GetUserProfile("domainname\\username");

// Insert your database access code here to get the values to set!



userProfile.Commit(); }




© Copyright 2008, Tomas Elfving