What is safe control in SharePoint 2010?

In SharePoint Environment a developer can add ASPX file very easily. An ASPX file contains code which may affect SharePoint environment. In simple word, there might be security risk of security injection.

To reduce the risk, SharePoint differentiate the assembly which need to protect against script injection. This can be done by marking a control as "Safe Control" in SharePoint web.config file.

Code snippet of Safe Control:

SharePoint>
     <SafeControls>
       <SafeControl Assembly="[Assembly Name]" Namespace="[Namespace]" TypeName="*" Safe="True" />
     </SafeControls>
</SharePoint>


To mark controls as safe or unsafe in the Package Designer


  • Create a SharePoint solution with a Visual Web Part project.
  • Add two controls to the Web part: a text box and a button. Leave the names at their default values, TextBox1 and Button1, respectively.
  • Take note of the namespace of the control because it is used later.
  • On the menu bar, choose Build, Build Solution to build the project.
  • Create another SharePoint solution.
  • In Solution Explorer, open the shortcut menu for the Package.Package file, and then choose Open to open the Package Designer.
  • In the Package Designer, choose the Advanced tab.
  • Under Additional Assemblies, choose the Add button, and then choose Add Existing Assembly from the list.
  • In the Add Existing Assembly dialog box, choose the ellipsis (ASP.NET Mobile Designer ellipse) button next to Source Path.
  • Choose the assembly from the SharePoint solution that you created in Step 1, and then choose the Open button.
  • For this example, leave the Deployment Target option as GlobalAssemblyCache.
  • This step causes the assembly to deploy to the system Global Assembly Cache (GAC). If you want the assembly to deploy to the Web application (Bin) folder, select that option instead. For more information, see Deploying Web Parts in SharePoint Foundation.
  • In the Safe Controls box, choose the Click here to add a new item button.
  • Enter the values for the properties from the following table.
Property Name
Value
Namespace
The fully-qualified namespace for the control, such as MyProject.VisualWebPart1.
Type Name
Button1
Assembly Name
A strong assembly name, such as: Microsoft.Office.SharePoint.Client, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71c9bce111e9429c.
Safe
Clear the Safe check box.
Safe Against Script
Leave the Safe Against Script check box clear.

  • Choose the Tab key to create another safe control entry.
  • Choose the Click here to add a new item button again.
  • After selecting properties, choose the Tab key, and then choose the OK button to close the dialog box.

Popular posts from this blog

Calling REST APi from server side code - C#

All about SharePoint 2010 Content Type Hub

Calling ASP.Net WebMethod using jQuery AJAX