SharePoint / MOSS and (ASP.NET) Server Side Code


It’s well documented that ASP.NET pages when hosted in SharePoint / MOSS should not include server-side / inline code scripts such as shown below, for various security related reasons.

<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
     // some C# code which does stuff!
}
</script>

More importantly, SharePoint does not allow such pages to be shown. If you try to run such a page you’ll get shown a “helpful” error messages such as;

An error occurred during processing of {some file}. Code-blocks are not allowed in this file.

So far so good, obviously, if you have an ASP.NET page in SharePoint, your code-behind should go into a compiled assembly and placed in the GAC, and your aspx page references the GAC’d assembly. What wasn’t so obvious at first (at least to me!) is that other aspects of an ASPX page are also considered “code”, such as;

  • The AutoEventWireup attribute of the Page directive
  • Macro code such as <%= someControl.ClientID %>

The later I use quite a lot in a pages client-side JavaScript.  Any how, to get around these problems isn’t insurmountable, you can manually wire up event handlers for Page events by overriding the Page OnInit() function, and the later can be fixed by creating and registering a startup script with the Script Manager to create client-side Javascript variables containing ASP.NET client-side control ID’s, e.g.

private void RegisterControlClientIDsScript()
{
	var script = new StringBuilder();
	script.AppendFormat("var fcdi_rdAreaVariation='{0}';", rdAreaVariation.ClientID);
	script.AppendFormat("var fcdi_ddlAreaFacet='{0}';", ddlAreaFacet.ClientID);
	if (script.Length > 0)
	      ClientScript.RegisterStartupScript(GetType(), "PageStartupScripts", script.ToString(), true);
}

But, you can instruct SharePoint to allow server-side code in Pages, I do this for pages of this kind, like I said all “code” goes into a GAC’d assembly. To do this, enter a fragment such as shown below into the <SharePoint>/<SafeMode>/<PageParserPaths> section of web.config.

<PageParserPath   VirtualPath="/mortality/tools/*"
		AllowServerSideScript="true"
		CompilationMode="Auto"
		IncludeSubFolders="true" />

Reset IIS and fill your boots 🙂

The VirtualPath attribute can target all files within a specific folder (as shown, using the wildcard *), including (or not) subfolders, or the VirtualPath attribute can target a single file (replace the wildcard with the filename itself).

Published by

Phil Harding

SharePoint Consultant, Developer, Father, Husband and Climber.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s