Jean Paul's Blog

There are 2 types of People in the World, One who Likes SharePoint and..

    Advertisements
  • Microsoft MVP

  • MindCracker MVP

  • CodeProject MVP

  • eBook on SharePoint 2010

  • eBook on Design Patterns

  • eBook on Windows Azure

  • NLayers Framework @ CodePlex

  • MSDN Forums

  • .Net vs. Java

    Due to Public Demand
  • Advertisements

Posts Tagged ‘event receiver’

70-488 Create Content Type Event Receiver

Posted by Paul on December 16, 2014

In this article we can explore how to create a content type event receiver.

Scenario

We are using an existing content type of template type Contact. We are adding an event receiver which operates on the Item Add event. For time being, we are just using the event receiver to block the item adding with an error message.

Steps

Open Visual Studio and create a SharePoint 2013 Farm Solution.

image

Add a new Event Receiver as shown below.

image

Open the XML file and choose the template id as 105.

image

In the event handler code, use the following statements.

image

Now you are ready with the event receiver. Build & Deploy the project.

image

Testing the Event Receiver

Create a new Contacts list in SharePoint.

image

Try adding a new item & Save it. You should get the following error.

image

This concludes our simple example of using event receiver against content types. The above event receiver will fire for all the Contact content type instances.

You may wish to use advanced property manipulation based on your business scenario.

image

You can use SharePoint Manager a free tool for examining events for a content type. The tool is downloadable from: http://spm.codeplex.com/

References

http://msdn.microsoft.com/en-us/library/ee231563.aspx

Summary

In this article we have explored how to create an event receiver for a content type.

Advertisements

Posted in SharePoint, SharePoint 2013 | Tagged: , , , | Leave a Comment »

Global Event Receiver to Block Malicious Files

Posted by Paul on August 20, 2012

In this article we can explore the scenario to block malicious files by content.

Scenario

Your customer reported a specific feature on All the document libraries in a site.  The document libraries should accept uploading of Executable files (.exe) plus a virus check has to be done on the content.  If the exe files are infected then the upload should be aborted.

Solution

In this case you can create a Global Event Handler for all the document libraries.  This event handler is invoked whenever a file is being uploaded.  A virus check can be performed based on the Antivirus software installed.  The upload can be aborted using the Cancel property in the event handler method.

Implementation

Following are the steps involved in implementing the solution:

·         Manage the Blocked File Types

·         Test an exe file insertion into Library

·         Create the Event Receiver

·         Make the Event Receiver Global

·         Test the Application

Manage the Blocked File Types

As you might have noticed the executable extension (.exe) is blocked in all SharePoint libraries.  This restriction can be removed by using Central Administration.

In our case we need to allow this extension (.exe) and later our own event handler will do the file scanning for adding to the library.

To change the restriction open Central Administration > Security link.

clip_image002

In the appearing page click on the Define blocked file types link as shown below:

clip_image004

In the appearing page you can see that there are lots of extensions being blocked.  Remove the exe entry from the list and click the OK button.

clip_image006


 

Test an exe file insertion into Library

After making the change (removing exe extension) you can try inserting an exe file into a document library.  For the time being I tested inserting Calculator (c:\windows\system32\calc.exe) into my library.

Now I was able to successfully insert an exe file into the library.

clip_image008

Note: Please make sure that you selected the right web application from the right top menu.

Create the Event Receiver

Our job is not finished yet.  The current situation may create a Security Threat of malicious exe files being uploaded by users unknowingly.  Later other users may execute it and create chaos.  So we need to ensure that the content of the Executable file is not having any malicious code inside it.

The actual way of scanning the exe file is to integrate some third party Anti-Virus SDK with our application.  As this exceeds our scope of the article I prefer checking the exe file name containing any special characters like !, @, #.   If any of the characters found the file will be cancelled from insertion and a message will be shown to the user.

Now let us create the event handler which blocks the file if file name contains special characters.


 

Create a new project of type Event Receiver inside Visual Studio 2010.  Name the project as GlobalEventReceiver.

clip_image010

Choose the site for the project and In the Event Receiver Settings dialog select the options like Document library and Add, Update events as shown below:

clip_image012 

Click the Finish button to continue.


 

In the appearing event file replace the Item Adding event as following:

public class EventReceiver1 : SPItemEventReceiver

{

    public override void ItemAdding(SPItemEventProperties properties)

    {

        if (properties.List is SPDocumentLibrary)

        {

            if (properties.AfterProperties != null)

            {

                if (properties.AfterProperties["vti_filesize"] != null)

                {

                    if (properties.AfterUrl != null)

                    {

                        if (properties.AfterUrl.Contains("!") || properties.AfterUrl.Contains("@") || properties.AfterUrl.Contains("#"))

                        {

                            properties.Cancel = true;

                            properties.ErrorMessage = "Potential malicious content in file!";

                        }

                    }

                }

            }

        }

    }

 }

The event is invoked with the SPItemEventProperties server object model which contains the document, url and related properties.  As we are making this event Global, all the lists and libraries will be invoking this event handler.

To prevent the event being blocked in Lists/Folders we are ensuring the properties.List is of type Document Library in the first if block.

In the second and third if blocks we are ensuring the file size is not null.

In the fourth and fifth if blocks we are ensuring the file url does not contains the special characters like !, @, #.  (our dummy malicious check)

If the malicious check resulted in true, then the Cancel property is set to true, which will prevent the file being inserted.  An Error Message is set for the user.


 

Make the Event Receiver Global

The current event receiver is hard coded for document template Id 101.  We need to make this global so that all the document libraries will be attached to this event.

Open the Elements.xml from the EventReceiver1 folder.

clip_image013

Remove the  ListTemplatId=”101” attribute from the Receivers tag (third line) as below:

<?xml version="1.0" encoding="utf-8"?>

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">

  <Receivers>

      <Receiver>

        <Name>EventReceiver1ItemAdding</Name>

        <Type>ItemAdding</Type>

        <Assembly>$SharePoint.Project.AssemblyFullName$</Assembly>

        <Class>GlobalEventReceiver.EventReceiver1.EventReceiver1</Class>

        <SequenceNumber>10000</SequenceNumber>

      </Receiver>

      <Receiver>

        <Name>EventReceiver1ItemUpdating</Name>

        <Type>ItemUpdating</Type>

        <Assembly>$SharePoint.Project.AssemblyFullName$</Assembly>

        <Class>GlobalEventReceiver.EventReceiver1.EventReceiver1</Class>

        <SequenceNumber>10000</SequenceNumber>

      </Receiver>

  </Receivers>

</Elements>

 

Now build the application.

Test the Application

Execute the application and in the launched SharePoint site, open a document library and try to add an exe file with a “@” character in the file name.

For example: calc@renamed.exe

You should get the following error:

clip_image015

So this confirms the Global Event Handler at work.

Note: The Item Add event handler is needed to handle document insert event.  The Item Update event handler is needed to handle the document update event.Note: The scenario explained above is for conditional blocking purpose and in the real world the same Global Event Handler mechanism can be used to handle other situations like:

·         Prevent PDF file insertion on Document Libraries

·         Disable Copy Paste between different document library types

·         Disable file insertion based on validation etc.

References

In this article we have explored the problems with updating multiple web configuration file

Summary

In this article we have explored the problems with updating multiple web configuration file and the usage of SPWebConfigModification model to resolve it.  In real world scenarios this model should give an advantage edge for the developer and it is the recommended way for doing configuration modification.  The attachment contains the sample application we have discussed.

Posted in SharePoint | Tagged: , , , , , | Leave a Comment »