Application Security Testing: An Integral Part of DevOps
Enterprise portals are an important part of today's enterprise IT infrastructure. Portals are used as an entry point for a specific topic, organization, project, or team. Many enterprises have an enterprise portal, opened by default when an employee opens a browser, that shows general information about the enterprise, its strategy, its departments, and so forth. From this top-level enterprise portal, you find links to departmental or project and team specific portals. Departmental portals focus on information about the department itself, such as Marketing, Sales, Engineering, Professional Services, and so on. Project and team portals focus on an ongoing project or virtual team created for a specific objective. You also can find portals for specific topics, such as a learning portal or a management portal that provides information geared towards that topic. Each portal has relevant information, links to other Web sites, documents or resources, and the like. It is the starting point for a user to find information about a specific topic.
Microsoft provides two portal solutions—Windows SharePoint Services (WSS) and SharePoint Portal Server 2003 (SPS). The first article of this series explained the difference between WSS and SPS as well as how to install and administrate each. This second article focuses on how to use and customize portals provided by WSS and SPS. The third article in this series explains how to create your own Web parts that you then can place on WSS and SPS portals. This article assumes that you are familiar with the first article, especially the described administration features.
Users Used Throughout This Article
Are there any browser settings neccessary for integrated Windows security to work?
For integrated Windows authentication to work, you need to enable the "Enable Integrated Windows Authentication" option in your browser (go to the "Tools | Internet Options" menu and then to the Advanced tab). The zone to which the site belongs needs to have the "Automatic logon with current username and password" or "Automatic logon only in Intranet zone" (only for the "Local intranet" zone) option enabled (go to the "Tools | Internet Options" menu, choose the "Security" tab, select the zone the site belongs to, for example "Trusted sites", and then click the "Custom Level" button).
Which site groups are availible in SharePoint and what are the default permissions?
When creating a portal, you enter the name of the primary and secondary site owner (in the format of "machine name\user name" or "domain name\user name"). These two users are added automatically as administrators to the portal. WSS and SPS have four different site groups that define which access users have to the portal:
- Reader—Can access the portal and read information. Is not allowed to make any modifications to the information.
- Contributor—Has read and write access and can modify the information and documents on the portal.
- Web Designer—Has read and write access to the portal and is also allowed to modify the portal structure itself.
- Administrator—Has full access, including administrative access to the portal.
Adding new users to your SharePoint site
Create the following four Windows users on the machine where you run WSS (go to "Computer Management" and then "Local users and Groups"): Reader, Contributor, WebDesigner, and Administrator. Each user will be added by default to the "Users" windows group. Open the portal you created in a browser running under the user credentials of the primary or secondary owner so you can add new users. In the top menu bar, select "Site Settings;" this shows the site settings. Under the "Administration" section, select the "Manage users" item. You already see the primary and secondary site owner added as administrators. Now, add the four users you created and make the user member of the site group with the same name. For example, you add the user "Reader" and make it part of the "Reader" site group. These four users are used throughout the article to demonstrate the differences among the different access rights.
Running your browser under a differnet user credential
You can run a browser or any other application under different user credentials by using the "runas" command. Open the command line and run the following command: runas /profile /user:machine name\user name "c:\program files\internet explorer\iexplorer.exe". You also can achieve this by right-clicking the browser icon in the "quick launch" Windows toolbar (in Windows 2000, you also need to press the SHIFT key) and selecting "Run as" from the popup menu. In the following dialog box, you select "the following user" and enter the user name and password. This works only for users which have already once logged on to the machine and have already a profile created. Without that, the browser will show you a logon dialog as soon as you hit a portal. It appears this happens when no Windows profile has been created yet for that user.