1

First of all, I know the title sounds strange, but it is a valid and qualified requirement we have from one of our customers. What we hope to do is to show them just the record name and location (read only) of all records that were not displayed in their search results due to no access.

public class VisualWebPart1 : Microsoft.Office.Server.Search.WebControls.CoreResultsWebPart
{
    protected override void ConfigureDataSourceProperties()
    {
        base.ConfigureDataSourceProperties();

        CoreResultsDatasource ds = DataSource as CoreResultsDatasource;

        if (ds.UserCredentials.ContainsKey(ds.Location))
            ds.UserCredentials.Remove(ds.Location);

        ds.UserCredentials.Add(ds.Location, new NetworkCredential("user", "password", "domain"));
    }
}

Now, the first way we wanted to do this was by calling the FAST search web service directly using the search API. However, we wanted this to work seamlessly with the existing fast search centre, i.e. they can still use the existing search box, advanced search, etc. As we understand it, the API may not integrate well with URL based search queries unless we convert the query to FQL. We would rather not go down this path if there is an alternative such as the below;

We had an idea to extend the CoreResultsWebPart component to simply elevate the users privilages to an admin account temporarily while the search is executed. After decompiling and looking at the code for CoreResultsWebPart, I thought this would be super easy with the following code;

However, we were mistaken, this doesn't work at all. It's strange as looking through the code for CoreResultsWebPart, I don't see any other access control mechanism, what I mean is, I don't see anywhere where the user credentials are being handled except here in the data source (UserCredentials.) I'm sure the CoreResultsWebpart must be making a direct call to the web service but I have no idea where else the credentials are passed.

Any help would be greatly appreciated before we start looking at simply creating a custom web part. Even if it's to tell me we're on the wrong path!

Thanks!

Adrian

Adrian
  • 49
  • 5

1 Answers1

0

IF your RunWithElevatedPrivileges isn't passing the user token for the System Account you might want to attempt a WindowsIdentity impersonation similar to the link, you would have to have a fixed user/password for the searches but this is usually what you have to fallback to when talking about code impersonation.

Community
  • 1
  • 1
Francisco Aquino
  • 9,097
  • 1
  • 31
  • 37