Enterprise Search Custom Security Trimmer
SharePoint's search engine can remove particular search results from view by using what Microsoft call a "security trimmer".
A custom security trimmer is implemented as a .NET class that implements the ISecurityTrimmer interface, which provides for two methods:
BitArray CheckAccess(IList<string> crawlUrls, IDictionary<string, Object> sessionProperties) void Initialise(NameValueCollection staticProperties, SearchContext searchContext)
The CheckAccess method typically iterates through each 'documentCrawlUrl', and sets a flag within a bit array that says whether the result should or should not be displayed to the user.
Microsoft's example is adapted below to perform this. In our example, we trim out search results that contain the word "internal" in the Url.
public BitArray CheckAccess(IList crawlURLs, IDictionary sessionProperties) { BitArray retArray = new BitArray(crawlURLs.Count); // Windows authentication string strUser = WindowsIdentity.GetCurrent().Name; //For Forms authentication, uncomment the next line: //string strUser = HttpContext.Current.User.Identity.Name; for (int x = 0; x < crawlURLs.Count; x++) { // Determine whether user is allowed to see this Url retArray[x] = IsUserAllowed(strUser, crawlUrls[x]); } return retArray; } private bool IsUserAllowed(string username, string url) { // perform authorization logic here based on the user's identity // and the resource being requested. // for this example, we check if the Url contains the word "internal", // and if so, block it out if ( url.Contains("internal") { return false; } return true; }
Deployment
The class is compiled into a .NET .dll and deployed into the GAC, and then associated to a particular search crawl rule by using the stsadm.exe command line tool.