SharePoint 2013: Crawl [non-SharePoint] IIS Web Sites and capture user ACLs

SharePoint 2013: Crawl [non-SharePoint] IIS Web Sites and capture user ACLs

Use case

Crawl [non-SharePoint] IIS web sites and ensure the search results will only display pages that the user has permission to see.


Problem

The crawl is performed as a super user with access to all pages. Therefore, users are able to see all pages in the search results.


Solutions

Primary recommendation (A) (The letters A,B,C are to signify priority in choosing options)

The primary recommendation is to migrate the secure sites to SharePoint 2013. There are many advantages to this approach. The two primary benefits are: 1) SharePoint automatically provides crawl security; 2) SharePoint provides a platform for users to contribute and share content.

Alternative Option 1 (C)

One option is to crawl the sites several times with separate content sources. Then, attach a custom "security" field/value to the document at crawl time. Use that value to create several search centers that use scopes. This may not be too difficult to manage if there are only several security levels. But, it definitely feels like a hack.

Alternative Option 2 (C)

Implement a BCS custom connector to crawl the remote source and add ACLs via BCS. This solution would crawl the sites and access each page multiple times based on a list of credentials. The determined ACL list would then be added to the document for indexing. With SharePoint 2010 the ACLs must map to Active Directory users and groups. For SharePoint 2013 the ACLs could be Claims and map to the SharePoint user via a mapping other than Active Directory.


SP2013 Specific Solutions

Option (B)

Leverage the SharePoint 2013 post security trimmer API to implement a query time post security trimmer. The API provides access to the urls that should be considered for trimming and provides access to the user’s identity.  

Ref: http://msdn.microsoft.com/en-us/library/ee819930.aspx#Implementing_the_interfaces


SP2010 Specific Solutions

Option (B)

Upgrade the search farm to SharePoint 2013. This option will enable a business to implement SharePoint 2013 post security trimmer option.

Option (C)

Engage Microsoft MCS or a Microsoft Partner to identify another creative solution. 

Unsuccessful Option 1

Post security trimming does not work with FAST Search for SharePoint 2010.

Unsuccessful Option 2

The custom security added specifically for Documentum will not solve the stated Use Case.


Leave a Comment
  • Please add 4 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Gokan Ozcifci edited Revision 3. Comment: change design and added tag

  • Gokan Ozcifci edited Revision 2. Comment: added toc

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Gokan Ozcifci edited Revision 2. Comment: added toc

  • Gokan Ozcifci edited Revision 3. Comment: change design and added tag

Page 1 of 1 (2 items)