VSTO Add-In for Project 2003 and Project 2007 using Project Secuit

P

Powers

I need to allow the admin people rights to by-pass an addin I have created to
stop people from being able to delete baseline tasks.

I am looking for information for coding with the security class in MS
Project 2007.
 
J

Jack Dahlgren MVP

How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?
 
P

Powers

Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.
 
A

Assaf

Hi Powers,
There are 2 solutionss I can recommend you should use - using the PSI
secuirty service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.



HTH
 
A

Assaf

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.



HTH
 
A

Assaf

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.

HTH
 
P

Powers

Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.
 
P

Powers

OK. Nothing is working for me. How do I use the PSI Security Service when I
can't seem to create the web reference. Am I missing something. I am not
able to create the web reference with the wizard or on my own. It won't
compile. I have the path to the Security.asmx and I am told that I have the
permissions. You mention needing to use Impersonation to an Admin user.
What is that about? Do you know why I can't create the web reference so as
to use the PSI Sercurity classes if I have the proper permissions?
 
A

Assaf

Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.


Regarding the reference to the security web service - I assume you checked
this sample link - http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.



Powers said:
Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?

Powers said:
Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.
 
P

Powers

Ok. I did get a proxy class created. It is called WebService1 by default.
I thought this class was inherited from class Security. I am not able to
use the Security class as it is shown in that documentation. It won't
compile. I don't see why not. I code my web service class just like the
docs using security.CheckGlobalPermission... and it won't compile. It won't
recognize security. My class is called WebService1, so I code
WebService1.Security security in my .cs file to use my class. My class
WebService1 itself has the URL as you have mentioned. I am not able to use
the class this way. In the docs, you see the URL listing and the use of
[SecurityWebSrv] in the same file. I don't see how it can be that way if I
have to have a class [SecurtiyWebSrv] which is my WebService1. The
WebService1 will compile. I have included it in my solution and I try to
make a call to it from my .cs file and I can't get to the WebService1 class.
Not only that but I can't use the Security class in either file. It doesn't
compile. I am referenceing the Microsoft.Office.Project.Server.Library too.
I know I am coding something wrong. I just can't see what it is. The docs
don't show the actual [SecurityWebSvc class. The docs only reference it with
a call which indicates that the SecurityWevSvc class inherits from the
Security class. Do you know of docs that actually show the code for the
proxy web service class and its methods?

Assaf said:
Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.


Regarding the reference to the security web service - I assume you checked
this sample link - http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.



Powers said:
Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?

Powers said:
Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.

:

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.

HTH

:

Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.

:

How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?


I need to allow the admin people rights to by-pass an addin I have created
to
stop people from being able to delete baseline tasks.

I am looking for information for coding with the security class in MS
Project 2007.
 
P

Powers

I understand the impersonation requirement now. I have actually been able to
create a web reference to the correct asmx Security. I am trying to make the
call to CheckUserGlobalPermission(requires GUID) and returns a bool. I do
not know what to pass this method in the form of guid. If I use the
Project.Server.Library PSSecurityGlobalPermission I get an error for no
reference or assembly available. I have the Microsoft.Office.InterOp... but
not the Microsoft.Office.Project.Server.Library. I think this is because I
am using VSTO.

Assaf said:
Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.


Regarding the reference to the security web service - I assume you checked
this sample link - http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.



Powers said:
Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?

Powers said:
Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.

:

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.

HTH

:

Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.

:

How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?


I need to allow the admin people rights to by-pass an addin I have created
to
stop people from being able to delete baseline tasks.

I am looking for information for coding with the security class in MS
Project 2007.
 
A

Assaf

Microsoft.Office.Project.Server.Library is a namespace found in the file
microsoft.office.project.server.library.dll.
You should be able to get it from the server machine,
I think it should be in C:\Program Files\Microsoft Office Servers\12.0\Bin
or in the GAC
Get a copy of it and add it as a reference to your project.

Powers said:
I understand the impersonation requirement now. I have actually been able to
create a web reference to the correct asmx Security. I am trying to make the
call to CheckUserGlobalPermission(requires GUID) and returns a bool. I do
not know what to pass this method in the form of guid. If I use the
Project.Server.Library PSSecurityGlobalPermission I get an error for no
reference or assembly available. I have the Microsoft.Office.InterOp... but
not the Microsoft.Office.Project.Server.Library. I think this is because I
am using VSTO.

Assaf said:
Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.


Regarding the reference to the security web service - I assume you checked
this sample link - http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.



Powers said:
Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?

:

Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.

:

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.

HTH

:

Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.

:

How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?


I need to allow the admin people rights to by-pass an addin I have created
to
stop people from being able to delete baseline tasks.

I am looking for information for coding with the security class in MS
Project 2007.
 
A

Assaf

Maybe you can add sample of the code you wrote so we can evaluate if it has
any problems.

Powers said:
Ok. I did get a proxy class created. It is called WebService1 by default.
I thought this class was inherited from class Security. I am not able to
use the Security class as it is shown in that documentation. It won't
compile. I don't see why not. I code my web service class just like the
docs using security.CheckGlobalPermission... and it won't compile. It won't
recognize security. My class is called WebService1, so I code
WebService1.Security security in my .cs file to use my class. My class
WebService1 itself has the URL as you have mentioned. I am not able to use
the class this way. In the docs, you see the URL listing and the use of
[SecurityWebSrv] in the same file. I don't see how it can be that way if I
have to have a class [SecurtiyWebSrv] which is my WebService1. The
WebService1 will compile. I have included it in my solution and I try to
make a call to it from my .cs file and I can't get to the WebService1 class.
Not only that but I can't use the Security class in either file. It doesn't
compile. I am referenceing the Microsoft.Office.Project.Server.Library too.
I know I am coding something wrong. I just can't see what it is. The docs
don't show the actual [SecurityWebSvc class. The docs only reference it with
a call which indicates that the SecurityWevSvc class inherits from the
Security class. Do you know of docs that actually show the code for the
proxy web service class and its methods?

Assaf said:
Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.


Regarding the reference to the security web service - I assume you checked
this sample link - http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.



Powers said:
Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?

:

Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.

:

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.

HTH

:

Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.

:

How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?


I need to allow the admin people rights to by-pass an addin I have created
to
stop people from being able to delete baseline tasks.

I am looking for information for coding with the security class in MS
Project 2007.
 
P

Powers

Yes, I figured that out. I copied from the server machine. I am still
having a problem passing the guid into the CheckUserGlobalPermission. I get
an exception. When I check it with the try/catch the guid is null. I try
assigning the guid before passing it in and it doesn't work. I will have to
keep looking for a valid guid I guess. I saw something about that in the
docs but I can't seem to find it again. Thanks.

Assaf said:
Microsoft.Office.Project.Server.Library is a namespace found in the file
microsoft.office.project.server.library.dll.
You should be able to get it from the server machine,
I think it should be in C:\Program Files\Microsoft Office Servers\12.0\Bin
or in the GAC
Get a copy of it and add it as a reference to your project.

Powers said:
I understand the impersonation requirement now. I have actually been able to
create a web reference to the correct asmx Security. I am trying to make the
call to CheckUserGlobalPermission(requires GUID) and returns a bool. I do
not know what to pass this method in the form of guid. If I use the
Project.Server.Library PSSecurityGlobalPermission I get an error for no
reference or assembly available. I have the Microsoft.Office.InterOp... but
not the Microsoft.Office.Project.Server.Library. I think this is because I
am using VSTO.

Assaf said:
Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.


Regarding the reference to the security web service - I assume you checked
this sample link - http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.



:

Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?

:

Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.

:

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.

HTH

:

Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.

:

How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?


I need to allow the admin people rights to by-pass an addin I have created
to
stop people from being able to delete baseline tasks.

I am looking for information for coding with the security class in MS
Project 2007.
 
P

Powers

OK. I am sorry I am such a pain here. I really do appreciate your help! I
did get it to work. At least I think so. I have to check it now with the
impersonation code. Of course, you have already mentioned that to me. If
you have any information on impersonation, please let me know. Thanks.

Assaf said:
Microsoft.Office.Project.Server.Library is a namespace found in the file
microsoft.office.project.server.library.dll.
You should be able to get it from the server machine,
I think it should be in C:\Program Files\Microsoft Office Servers\12.0\Bin
or in the GAC
Get a copy of it and add it as a reference to your project.

Powers said:
I understand the impersonation requirement now. I have actually been able to
create a web reference to the correct asmx Security. I am trying to make the
call to CheckUserGlobalPermission(requires GUID) and returns a bool. I do
not know what to pass this method in the form of guid. If I use the
Project.Server.Library PSSecurityGlobalPermission I get an error for no
reference or assembly available. I have the Microsoft.Office.InterOp... but
not the Microsoft.Office.Project.Server.Library. I think this is because I
am using VSTO.

Assaf said:
Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.


Regarding the reference to the security web service - I assume you checked
this sample link - http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.



:

Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?

:

Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.

:

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.

HTH

:

Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.

:

How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?


I need to allow the admin people rights to by-pass an addin I have created
to
stop people from being able to delete baseline tasks.

I am looking for information for coding with the security class in MS
Project 2007.
 
A

Assaf

Glad to hear you have made some progress, it's makes thing worth while :)
Some ways for you to use impersonation:
- Setting the credentials used to access the service as some generic or
amdin user you know of (if there is one, of course).
- Use or create a forms authentication user with admin permissions and call
the service using its credentials (it's a bit more complicated if you don't
have form authentication set up, but in the long run it can serve you with
other scenarios)
- I once heard of impersonating using the sharepoint environment web
services but I don't have the full details so I can only recommend further
reading on this issue.

Powers said:
OK. I am sorry I am such a pain here. I really do appreciate your help! I
did get it to work. At least I think so. I have to check it now with the
impersonation code. Of course, you have already mentioned that to me. If
you have any information on impersonation, please let me know. Thanks.

Assaf said:
Microsoft.Office.Project.Server.Library is a namespace found in the file
microsoft.office.project.server.library.dll.
You should be able to get it from the server machine,
I think it should be in C:\Program Files\Microsoft Office Servers\12.0\Bin
or in the GAC
Get a copy of it and add it as a reference to your project.

Powers said:
I understand the impersonation requirement now. I have actually been able to
create a web reference to the correct asmx Security. I am trying to make the
call to CheckUserGlobalPermission(requires GUID) and returns a bool. I do
not know what to pass this method in the form of guid. If I use the
Project.Server.Library PSSecurityGlobalPermission I get an error for no
reference or assembly available. I have the Microsoft.Office.InterOp... but
not the Microsoft.Office.Project.Server.Library. I think this is because I
am using VSTO.

:

Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.


Regarding the reference to the security web service - I assume you checked
this sample link - http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.



:

Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?

:

Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.

:

Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).

Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.

2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.

HTH

:

Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.

:

How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?


I need to allow the admin people rights to by-pass an addin I have created
to
stop people from being able to delete baseline tasks.

I am looking for information for coding with the security class in MS
Project 2007.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top