RIC for Intranet Use Only

Oct 7, 2010 at 12:07 AM

Hi

I just wanted to confirm that whether RIC can be used for just internal (instranet) use. What I can observe from vanilla installation of RIC that each site is available for both windows and form based authentication scenarios but we only require to use it for internal users.

For internal users, can a project owner request user creation on his/her site in the same way as of external users?

 

Also, is there any documentation available describing the architecture of a typical RIC installation?

 

 

Thanks in Advance.

Oct 7, 2010 at 11:15 AM

Hi,

<<whether RIC can be used for just internal (intranet) use>>
Yes, you can use RIC for just internal (intranet) users. RIC supports both windows as well as form based authentication, since it allows  both internal and external usage.

<< For internal users, can a project owner request user creation on his/her site in the same way as of external users>>
Yes, a project owner can request user creation on his/her site. For more information on how to do this, please refer the RIC Administration Guide .

<<is there any documentation available describing the architecture of a typical RIC installation>>
Yes, you can refer the RIC Installation guide. It describes how to install and configure the RIC Framework.

Please let us know if this helps in solving your concerns.
Regards,
Support Team

Oct 8, 2010 at 2:47 PM

Hi,

Thanks for the reply. Following is my response.

<<whether RIC can be used for just internal (intranet) use>>
Agreed, I can see two versions of each websites being created by IIS. One based on forms authentication and other on windows.

<< For internal users, can a project owner request user creation on his/her site in the same way as of external users>>
Would the new users being created can be active directory users? I don't think so because there is no active directory membership provider being used. Can you clarify this.

 

Cheers

Hameer

 

Oct 8, 2010 at 3:40 PM
Edited Oct 8, 2010 at 3:41 PM

Hi Hameer,

We are looking into your question. We will get back to you as soon as possible.

Please let us know if you have any further comments/issues.
Regards,
Support Team

Oct 12, 2010 at 1:21 AM

Hi,

While waiting for your reply, I have made some other observations and I am having a feeling that RIC is not designed to be used in Windows Authentication only scenarios.

May be I have missed something and you can enlighten me on this. Follwoing are my observations:

===============================================================================

“RIC’s User Creation Control does not allow to add active directory users. So, it will add only SQL Membership Users.

So, definitely the only method for adding users to a windows based site is through Site Settings. Now if we add users from site settings it will only give access to the current site not the other ones.

Windows based sites are using ASP.Net Impersonation so all code running behind the scenes will run in the context of currently logged in windows user.

Some areas of RIC Sites (such as RequestNewProject page in mysite) are accessing lists stored in Admin Site as well, so the users being added through Site Settings should also be granted Read permissions to the admin site. This will definitely not be done by Site Settings page itself as it is a default SharePoint way of adding users.

So, how does it all work with form based users? This is because form based users are being given access to admin site as well automatically by User Creation process (through Request User Control) and I have mentioned in the start that the User Creation process is not meant to be used for creating windows based users. “

===============================================================================

 

Desperately awaiting your reply on this.

Thanks

Oct 12, 2010 at 11:31 AM

Hi,

We are currently working with our product team on this issue on the highest priority and we will keep you posted on the updates.

Please let us know if you have any concerns/questions.
Thanks,
Support Team

Oct 15, 2010 at 1:20 AM

Hi,

Any updates on this?

Your response is very important to our project and we are desperately waiting for it.

Thanks

Oct 15, 2010 at 9:36 AM
Edited Oct 15, 2010 at 9:37 AM
Hi,
 
Thank you for your patience.
 
<<RIC’s user creation control does not allow to add Active Directory users>>
RIC’s user creation allows to add Active Directory users . This is supported out of box by SharePoint.
 
<<Would the new users being created can be Active Directory Users>>
Yes, we can add users from Active Directory to RIC sites using the Windows authenticated sites.
You can check the Authentication Provider for Project sites in Central Administration of SharePoint central administration site. It will list all sites with Windows Authentication. There is no need of providing any configuration in the central admin for us to enable windows authentication.
 
Please let us know if this helps in answering your questions.
Regards,
Support Team
Oct 18, 2010 at 6:43 AM

Hi,

Thanks for your response.

I believe you need to look at the specifics.

<<RIC’s user creation control does not allow to add Active Directory users>>
To be specific. It's not RIC's User Creation Control that is creating any active directory user. We can add users to the site by using sharepoint out of the box method through site settings (as you said so).
SO WE ARE NOT USING THE "REQUEST USER" Link on RIC's project sites to create or add active directory users.
 
Now having said that, please clarify the following issues that I see while using RIC's windows sites with only AD accounts:
 
1.  Users being added through site settings, would not be automatically added to the Researcher Group so they wont have automatic read access to the admin site. This will prevent users from accessing pages that query data from admin site i.e. "Request Project" page. Well this can be made to work by adding all RIC Users to a domain group and giving read rights to those groups on admin site. However, this is tedious and has to be done with every user being added.
 
2.   On the MySite page, there is a Projects List. This lists all projects added to the user's profile. This will be done only if the user is being added through the "Request User" link. In case of active directory users, this link will not be used. So, user being added through site settings would not see which projects they have been asssigned to on their MYSite page.
 
I have already tested the two issues mentioned, so kindly respond with specific answers to those two.
Thanks in advance.
 
Cheers
Hameer
  
Oct 19, 2010 at 4:37 PM

Hi,

Thanks for your patience. We are currently working with our product team on this issue on the highest priority and we will keep you posted on the updates.

Please let us know if you have any concerns/questions.
Regards,
Support Team

Oct 28, 2010 at 7:07 AM

Hi,

After going through code, it seems like RIC is built for membership provider user (form based).

Site will work with windows authetication, but place were custom code is written (with user deatils captured) won't work as expected sometime as membership provider name is used to fetch user.

Thanks & regards,

Chinmay

 

Oct 28, 2010 at 7:48 AM
Hi Hameer,
 
Thanks for your patience. Please find the responses below to your questions.
 
1.       Yes, Users being added through site settings, would not be automatically added to the Researcher Group , The users name will requested by Project owner for approval.Then the administrator will approve the request and will add this in sharepoint  group, Then the user  can read access for admin site.
Here Administrator must be a member of the RIC Framework server’s administrators group to have   full use of the admin portal.
 
2.       Yes, the user is being added through the "Request User" link the project list will added in that particular user’s profile.
But in case of Active directory users, When Administrator/project owner approves the new users request . Either administrator /project owner will add the user in specific project group. Then that project will be listed in user’s profile.
 
Please let us know if this answers your questions.
Thanks,
Support Team
Nov 5, 2010 at 5:58 AM

Hi,

Can you please let us know if our response helped in answering your questions?

Regards,
Support Team

Nov 21, 2010 at 11:09 PM

The development phase is over and all queries are resolved.

Thanks for your help,
Mark Kosten

Nov 22, 2010 at 1:03 AM

Hi Rahul,

Thanks for following up. We managed to customize the site to work with windows users.

Initially, I was told that RIC should work seamlessly with windows users as well which was not 100% correct.

Thanks for your help.

Everything is fine now.