Using multiple site collections is easy enough, but then you'll encounter navigation issues. There are a number of cross site navigation web parts, but I didn't like any of them.
Most inherit some for sitemap provider and require you to edit the layouts.sitemap... anyway I figured I could do better so I did, and I'm sharing it with you.
Introducing the Web Application Navigator
Get source and solution file from: http://wan.codeplex.com
Features:
- List based navigation.
- Multiple navigation list support.
- Menu or tree view.
- Security trimming.
- Display, or hide without deleting navigation item.
- Add the IIOS.SP.WebParts.Navigation.wsp to your farm solutions.
- Deploy the Solution to a Web Application.
- Enable the Feature in Site Collection.
- Add the web part to your master page or web part page.
- When you activate the Feature it will create a Navigation list in the root site, go to the Web Application and loop through all the Site Collections, and their Sites the user who is activating the feature has access to (so probably a good idea for a Farm Admin to activate it) and save the URL, Position and Site name in the Navigation list.
- The Feature will create a Custom Action on the settings page under Look and Feel, so you can access the Navigation list
- And finally adds the web part definition to the web part gallery.
- All navigation links are stored in a Navigation list. Activating the feature will create one, but you can create more if required. The list implements a simple Parent> Child relationship to render a hierarchy. You can have n level children. You can also add as many navigation links as required.
- The list contains the metadata to render the navigation. All the fields are self explanatory maybe with the exception of...
Position: This is the position the link will have in relation to it's siblings .
Display: This shows or hides the link.
Security Trim: If this is disabled, it won't check if the user has access to the site and will render the link regardless. This is useful if you want to give users access to a child site, but not the parent site. - To render the navigation menu, you need to add the web part to a page, or a master page.
- Once the web part has 3 properties you can edit.
List Name: this is the name of the list that contains the Navigation items. If you create another list just enter the name here.
Display Tree: If enabled it will render the navigation as a tree. This is implemented with the help of GTreeView by Per GĂ„rdebrink with his permission.
Use Full Width: If you want the menu to cover the full width select this, otherwise it will only use the minimum required.
You have a web application with 10 Site Collections, these Site Collections have a combined 30 subsites.
You want to implement consistent navigation across all sites.
- Deploy the Solution to the web app.
- Activate the Feature on the root Site Collection of the web app.
- Modify all the Site Collection master pages by adding the web part in
or modify the SharePoint hive master page by adding the web part in
or add the web part in to a page. - If you modified the master page/s, then the web part will be visible on all Site Collections, and there's no further action required.
If you added it to a page, then you'll need to export the web part definition and import it to every Site Collection web part Gallery.
- Q: What if I activate the feature in other Site Collections of the same web app?
A: The root Site Collection list will be ignored. The web part first tries to get the Navigation list from the current site, then works it's way to the root. - Q: What happens when I deactivate the Feature?
A: It will delete the default Navigation list and remove the web part definition from the Gallery. - Q: People see different links, why is that?
A: Because Security Trim is enabled on that link and the person does/doesn't have access. - Q: Does it work on SharePoint 2013?
A: I've only done minimal testing, and it works except the Feature icon doesn't deploy properly, but you could copy it over manually.
This web part meets all our critical requirements for configuring a portal menu across multiple site collections within one web app. After getting it configured in the master pages of all site collections, I am starting to test the security trimming. Since our portal is an extranet with both FBA and AD users, I tested an FBA account and no security trimming occurred. Looking at the source code, I am wondering if the line in the has Access method "flag = web.DoesUserHavePermissions(this.oWeb.CurrentUser.LoginName, SPBasePermissions.EmptyMask | SPBasePermissions.ViewPages);" actually supports FBA accounts. Can you confirm either way? And if it does not, is there any possibility of that being included in the web part, and/or can you provide what the code might look like? Thanks.
ReplyDeleteHi Anonymous.
ReplyDeleteI haven't tested it with FBA, and at present don't have an environment with FBA available; BUT it should work bcos SP exposes the "CurrentUser" as FBAProvider:LoginName, and an AD account as NetBios\LoginName.
Now that I think of it... this would apply to MOSS2007, but with 2010/2013 FBA uses claims tokens, so it would append the claim string type to the user string.
So... you will need to create a SPClaimProviderManager to convert the claim to a user object... it's like an extra 3 lines.
Have a look at http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.administration.claims.spclaimprovidermanager.decodeclaim.aspx
PS: You might just be able to create an SPUser object by stripping the claim strings of it's i:0#.f|
DeleteThank you for the feedback. We are using SP 2010, and I also got feedback from testers after I posted that AD users are not being trimmed either. I had a hunch that it was the claims-based configuration of our extranet portal web app based on the couple posts I could find on the topic. One talked about encoding the claim user name before passing it to DoesUserHavePermissions rather than decoding it, but I'm sure it is along those lines (and I would start with your second reply's idea, which I am actually doing with a separate ASP.NET app framework where I strip the domain off of domain account names before auto-authenticating them against a SQL data source).
DeleteOne issue I am dealing with is that I do not have a 64-bit developer machine and so cannot install SP to modify the source code and recompile it. I really like your web part, and will hopefully get to the point where I have a viable dev environment where I can tweak the code (including making the Location field optional!). I will be happy to share anything I can come up with.
Btw, my work email is jpratt@crec.org. - John C. Pratt
Hi John.
DeleteSecurity Trimming definitely works with AD (NTLM), it hasn't been tested with Kerberos/FBA claims tokens... but the SPUser object will be the same in all cases; it's just a simple matter of the way it gets instantiated.
Any chance you could update either create another "Issue" or update https://wan.codeplex.com/workitem/1 on codeplex? I just realised another user has experienced issues with AAM's and security.
Btw, I usually use Windows Azure now for developing... the templates make it very quick to spin a machine up + they have free trails.... my rollover date isn't until 19th of December so I'm out of credit :(.
All the best, Ray.
Will do. I read the issue post and checked the attached CS code. I will continue with additional info there, including some other functional needs. I may pursue a 64-bit VM PC with our IT dept. after the holidays so I can work on this ASAP. Because your solution addresses a core issue with SharePoint, I definitely think we can get some collaboration on the code and create the go-to solution for cross-site collection navigation in multiple environments.
ReplyDeleteHello,
ReplyDeleteWe had implemented this on our Team site web application and it was working great. However, we switched our security to SSL, where everything is going into the environment via https://. After doing so, the links that display in the tree view are no longer security pruned, meaning that you can see all the sites whether you have access to them or not.
Is there anything that can be done for that?
Thanks!
Hi.
DeleteI replied to you via codeplex.
It's just a matter of updating: hasAccess(string sURL) to also cater for https.