Manage Web Parts pages and control security (Office SharePoint Server)

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2016-11-14

Web Parts are user interface elements used in pages on SharePoint sites to present information pulled from multiple data sources. Administrators can create information dashboards on corporate portals and Web sites. A site owner or a site member with the appropriate permissions can create and customize Web Parts pages by using a browser to add, reconfigure, or remove Web Parts.

For more information about Web Parts, read the Web Parts in Windows SharePoint Services ( section of the Windows SharePoint Services 3.0 SDK.

In Microsoft Office SharePoint Server 2007, a Web Parts page is a collection of Web Parts that combines list data, timely information, or useful graphics into a dynamic Web page. The layout and content of a Web Parts page can be set for all users and optionally personalized for individual users.

The Web Part infrastructure in Windows SharePoint Services 3.0 exists on a layer above the ASP.NET 2.0 Web Part infrastructure. To effectively implement security on SharePoint sites, server administrators need to be familiar with security guidelines and best practices for ASP.NET 2.0. For more information, see Security Guidelines: ASP.NET 2.0 ( in the MSDN Library Online.

Security for Web Parts pages and controls

Security for Web Parts pages and controls must be maintained through multiple means. Developers, site administrators, and server administrators need to work together to secure Web Parts and Web Parts pages. Developers should validate Web Part input to prevent server attacks. Server administrators need to configure Internet Information Services (IIS) and establish an appropriate authentication mechanism. Server administrators also configure and deploy Web Parts solutions to a Web server or Web farm. Once the solution is deployed, site administrators or server administrators use Office SharePoint Server 2007 to define the access levels and permissions to Web Parts pages. The following are the recommended security roles to secure Web Parts pages and Web Parts.

Role Category Applies to Description Recommended guidelines


Input Validation

Web Part code

Input validation refers to how your application filters, scrubs, or rejects input before additional processing. This includes verification that the input that your application receives is valid and safe.

Building Secure ASP.NET Pages and Controls ( (MSDN Library Online)

Walkthrough: Creating a Basic SharePoint Web Part ( (MSDN Library Online)

Server administrator



Authentication is the process where an entity validates the identity of another entity, typically through credentials, such as a user name and password.

Plan for authentication (Office SharePoint Server)

Site administrator/ Server administrator


Site collections

Authorization is the process that provides access controls for Web sites, lists, folders, or items by determining which users can perform specific actions on a given object. The authorization process assumes that the user has already been authenticated.

Authorization and Authentication ( (MSDN Library Online)

Determine permission levels and groups to use (Office SharePoint Server)

Enable access for end users (Office SharePoint Server)

Server administrator

Configuration Management

.NET Framework configuration

Configuration management encompasses a broad range of settings that allow an administrator to manage the Web application and its environment. These settings are stored in XML configuration files, some of which control computer-wide settings, while others control application-specific configurations. You can define special security constraints in configuration files and computer-level code access security permissions.

"Code Access Security" in "Securing Your Web Server" ( (MSDN Library Online)

Microsoft Windows SharePoint Services and Code Access Security ( (MSDN Library Online)

Using Code Access Security with ASP.NET ( (MSDN Library Online)

The following are tasks for managing security on Web Parts pages and controls.

See Also


Configure and deploy secure Web Parts to your server (Office SharePoint Server)
Manage Web Parts page authorization (Office SharePoint Server)