Expression Evaluation Time: ms / Round trip: ms
MatchPoint 3.1.4 Feature Overview
19. Jun
by Jens Category:

MatchPoint 3.1.4 is released and it comes with some new features and changes, including bugfixes as well. This blog post provides a description about the most important changes and features.

Configuration: Web Part Security

The following two changes are intended to control security-related behavior.

MatchPoint basically provides a flexible configuration mechanism for web parts: They can be stored centrally or locally, a central web part can be copied to a local web part configuration. Data aggregation can be done either within the current user context or within the context of an elevated user (e.g. "RunAsUser" configuration element in a ListItemDataApapter).

To avoid abuse of these flexible mechanisms the following two changes were implemented.

Disable / restrict local web part configurations

This parameter in the MatchPoint configuration controls the behavior for security-related configuration elements in local web part configurations such as "RunAsUser" or the "ToggleView" switch.

The table below shows the possible parameter values:

Value Copy to Local Security-related elements
Enabled Allows to copy central web parts to local configurations. Enabled.
Disabled Copy to local is disabled, local web part editing not possible. Editing of central web part configurations possible (security-related elements are shown), local web part editing general not possible.
Restricted Copy to local is enabled, local web part editing is possible. Enabled for central web part configurations, restricted for local web part configurations.

Security Token for Web Parts with Central Configuration

With MatchPoint 3.1.4 it is possible to download a Web Part Definition file (".dwp") from the MatchPoint user interface. The ribbon button "Export Web Part Definition" is shown for all central web part configurations. The ".dwp" contains the type name of the web part configuration, the configuration file name and a configuration file token. If a .dwp file is downloaded, the ConfigFileName could be changed easily and the dwp can be uploaded again. This represents a possible security leak (users could have Access to configuration files they are not allowed to use).

To avoid this, the security token was introduced. If the configuration file name does not match the security token an error message is shown: "Invalid configuration file token".

Workflow Kit: Run Workflow As Current User

A workflow running on a list item always opened the list item as system account. This flag can be set in the MatchPoint configuration to open the list item with the current user.


Configuration: Culture as Pattern String

The "Culture" configuration element in the provisioning configuration (Level "WebDefinition") is now a pattern string.

Allow Custom values for BaseTemplate

The "BaseTemplate" configuration element in the provisioning configuration (Level "WebDefinition") now allows custom values.

Configuration: Web Part Page Definition available in Provisioning

A web part page definition can be used in a list definition (items collection) and allows to use a template to create the page with it.

Tags: 3.1.4

This blog is about technical and non-technical aspects of the product MatchPoint and other SharePoint topics.

If you would like to post an article or if you have an idea for a post, please contact us.

Matthias Weibel
09.04.2018 01:12
Link is updated and works now. | Goto Post
09.04.2018 12:21
Link doesn't work. Could anyone explain what does... | Goto Post
14.03.2018 02:05
Hi Markus
We I use the config for SiteCollectionSe... | Goto Post
Reto Jeger
04.10.2017 09:15
Hello Reiner,
Thanks for pointing out the missing ... | Goto Post
29.09.2017 09:56
Hi, I downloaded the ZIP-file for MatchPoint Versi... | Goto Post