I have a web application which consumes the SharePoint 2007 search web service (http://localhost/_vti_bin/search.asmx
). My scope contains several content sources, all of them contain business data (content is crawled via SQL queries on external databases). I need one of these content sources to provide me security trimmed results. To put it simple, I have two tables:
Now, the crawler indexes table A with no problems. My problem is though, that when doing a search with the query web service, I cannot find a solution to do a security trimming of the results. The web service is consumed with a service account, no impersonation of logged in user. Is there a possibility to pass somehow the username to the querypacket object, or any other way that would check the Table B, whether the username has access to the NodeId?
Since I'm planning to migrate onto SP2013, maybe some of you also know a solution for this Sharepoint version, if there is no way in MOSS2007?
There are a few 3 main options for doing security trimming of SharePoint search results. They include:
There is a great set of blog articles that show how to implement each option.
Also, here's a great video of a SharePoint Conference 2012 session on custom security trimming.
HTH
-Eugene