SharePoint 2013: Crawl [non-SharePoint] IIS Web Sites and capture user ACLs

  • Article

Use case

Crawl [non-SharePoint] IIS web sites and ensure the search results will only display pages that the user has permission to see.

Problem

The crawl is performed as a super user with access to all pages. Therefore, users are able to see all pages in the search results.

Solutions

Primary recommendation (A) (The letters A,B,C are to signify priority in choosing options)

The primary recommendation is to migrate the secure sites to SharePoint 2013. There are many advantages to this approach. The two primary benefits are: 1) SharePoint automatically provides crawl security; 2) SharePoint provides a platform for users to contribute and share content.

Alternative Option 1 (C)

One option is to crawl the sites several times with separate content sources. Then, attach a custom "security" field/value to the document at crawl time. Use that value to create several search centers that use scopes. This may not be too difficult to manage if there are only several security levels. But, it definitely feels like a hack.

Alternative Option 2 (C)

Implement a BCS custom connector to crawl the remote source and add ACLs via BCS. This solution would crawl the sites and access each page multiple times based on a list of credentials. The determined ACL list would then be added to the document for indexing. With SharePoint 2010 the ACLs must map to Active Directory users and groups. For SharePoint 2013 the ACLs could be Claims and map to the SharePoint user via a mapping other than Active Directory.

SP2013 Specific Solutions

Option (B)

Leverage the SharePoint 2013 post security trimmer API to implement a query time post security trimmer. The API provides access to the urls that should be considered for trimming and provides access to the user’s identity.  

Ref: http://msdn.microsoft.com/en-us/library/ee819930.aspx#Implementing_the_interfaces

SP2010 Specific Solutions

Option (B)

Upgrade the search farm to SharePoint 2013. This option will enable a business to implement SharePoint 2013 post security trimmer option.

Option (C)

Engage Microsoft MCS or a Microsoft Partner to identify another creative solution. 

Unsuccessful Option 1

Post security trimming does not work with FAST Search for SharePoint 2010.

Unsuccessful Option 2

The custom security added specifically for Documentum will not solve the stated Use Case.