Grokking the AzureAD OAuth2 Implicit Grant Flow


References: Authentication Scenarios for AzureAD The OAuth2 Implicit Grant flow is designed for use by applications which cannot maintain the security of an application registration client secret, typically applications which run in a browser. Unlike the Authorization Code grant flow, the implicit grant flow returns to the client an access token upon successful authentication when the … Continue reading Grokking the AzureAD OAuth2 Implicit Grant Flow

SharePoint: Checking Arbitrary User Permissions and why SPListItem.DoesUserHavePermissions is a Big Fat Dirty Liar


To clarify, the object model method isn’t a big fat dirty liar, but the documentation certainly is. This blog post is about checking permissions of arbitrary users against SharePoint objects which expose the ISecurableObject (this interface is marked obsolete in 2010 in favour of the new SPSecurableObject class) interface using the overloaded DoesUserHavePermissions method of; SPListItem.DoesUserHavePermissions(SPUser … Continue reading SharePoint: Checking Arbitrary User Permissions and why SPListItem.DoesUserHavePermissions is a Big Fat Dirty Liar

Mixing RunWithElevatedPrivileges and SharePoint List Permissions


Checking user permissions against SharePoint artefacts is straightfordward enough, many types within the object model expose a range of overloaded DoesUserHavePermissions(…) methods, the example below checks that the current user has ViewListItems permissions against a list. This example assumes that you’ve already got a reference to the list to check, SharePoint security trimming means that you may … Continue reading Mixing RunWithElevatedPrivileges and SharePoint List Permissions

Ad-Hoc or Bulk Testing of Windows Login Credentials


I’m doing a SharePoint deployment right now, I’ve planned out the service accounts I’m going to use, handed off those requirements to the IT department, who responded back that, yep, they’d been done. Call me paranoid but I’m thinking “did all those accounts get created with all the right passwords and user names”, I’m also … Continue reading Ad-Hoc or Bulk Testing of Windows Login Credentials