Show / Hide SharePoint 2010 Ribbon based on Permissions / Privileges

A very common requirement in SharePoint 2010 is to hide the Ribbon control when exposing the site for external users.  It can be easily achieved by using the below code in the master page.  Open the SharePoint site in SharePoint Designer and navigate to  _catalogs/masterpage/v4.master.   Since I am using the V4 master as the default for my site, I can include the below code to hide the ribbon control from being visible to external users who doesn’t possess the “AddAndCustomizePages, ManageLists” permission.

Continue reading

2,758 total views, no views today

Preventing CSRF attacks in ASP.NET Web API calls.

In spite of securing the assets of a web application using folder permissions and SSL for secure transmitting of data over the wire, ASP.NET MVC applications using Web API’s are very much vulnerable to CSRF (Cross Site Request Forgery) attacks that permits malicious code to inject data by invoking the Web API actions resulting in serious consequences.

Continue reading

2,555 total views, no views today