Adding SPGroups via SharePoint Web Services

I ran across a task the other day to use Sharepoint web services to create new Sharepoint groups and apply permissions to sub sites for the newly created groups. The current SP site I am working on does not inherit permissions from parent. For a full list of out of the box service offered with WSS 3.0 then visit MSDN and search for WSS 3.0 Web Services. Below are the code segments I used to accomplish this task.

First we need to add the new SPGroup to the Site Collection:

using (UserGroupService.UserGroup UserGroup = new UserGroup())
    UserGroup.CookieContainer = GetFbaAuthenticationCookie();
    UserGroup.Url = Url + @"/_vti_bin/UserGroup.asmx";
    UserGroup.Credentials = 
        new NetworkCredential(username, password, Domain);

    UserGroup.AddGroup(groupName, owner, 
        "group", defaultUser, description);

Notice this is a simple call to the “AddGroup” method of the UserGroup web service. This current example site uses Form based authentication. If FBA is not in use then just do not set the CookieContainer on UserGroup. To get the FBA login I use the Authentication Service like so:


private CookieContainer GetFbaAuthenticationCookie()
    AuthenticationService.Authentication fbaAuth = null;

        fbaAuth = new Authentication();
        fbaAuth.CookieContainer = new System.Net.CookieContainer();
        fbaAuth.AllowAutoRedirect = true;
        LoginResult loginResults = fbaAuth.Login(Username, Password);

        if (loginResults.ErrorCode != LoginErrorCode.NoError)
            // throw exception
            throw new Exception("Authentication Service Login Error.");
    catch (Exception ex)
    { /* Custom Logging */    }

    return fbaAuth.CookieContainer;

Now we have created the SPGroup but we need to give Site Permissions to the Site and/or Sub Sites that the user in the group will have access to. To accomplish this we will use the Permissions web service from WSS. Below is the code segment:

using(PermissionService.Permissions permissions = new Permissions())
permissions = new Permissions();
permissions.CookieContainer = GetFbaAuthenticationCookie();
permissions.Url = Url + @"/_vti_bin/Permissions.asmx";
permissions.Credentials = new NetworkCredential(Username, Password, Domain);

    // Get group mask from Root Site
    XmlNode permNodes = permissions.GetPermissionCollection(webName, "Web");
    XmlNode permNode = permNodes.SelectSingleNode(
        string.Format("/*[local-name()='Permissions']/*[local- name()='Permission' " +
        "and @MemberIsUser='False' and @GroupName='{0}']", groupName));

    System.Int32 mask = int.Parse(permNode.Attributes["Mask"].Value);

    // Change to Sub Site to apply permissions
    permissions.Url = webUrl + @"/_vti_bin/Permissions.asmx";

    // Add group to have permissions to the web
    permissions.AddPermission(webName, "Web", groupName, "group", mask);

This code first gets the permission mask from the root site collection for the SPGroup. Next we set the permission service to the sub site we are applying the group to. Now the group will have permissions to the sub site with the same rights as the root site SPGroup. The code could be altered easily to apply the SPgroup to have differing rights for each Sub Site if needed. I would recommend against that though for governance becomes impossible to manage in large scale site collections.


One response to “Adding SPGroups via SharePoint Web Services

  1. This is a really good tip especially to those new
    to the blogosphere. Simple but very precise info… Thanks for sharing
    this one. A must read article!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s