SharePoint Team Services from Microsoft was designed as a web application for team collaboration. It offers many features for this purpose but we are going to focus on its ability to upload and store files in what is called a document library. This feature of SharePoint allows users to upload files to the web server and create a database entry for the file to be displayed in on a document library page. The link can then be clicked to download a copy of the file or in the case of office documents to be displayed in the browser.
For the purpose of a secure file transfer site the goal is to allow one transfer partner to access a secure document library site and upload a file to it via the internet. Then after the file has been placed on the web server the file can be downloaded by another trading partner with access to the same site. The key to this is security for both accessing the files and for protecting the data while it is in transit to the web server. The data transmission is the simplest to configure by requiring that all transfer sites only be accessed by using an SSL (Secure Sockets Layer) connection where all data is encrypted by both the client and server before it is sent across the network. This is best accomplished using a commercial 128 bit server certificate, which the WWRC server is equipped with. The commercial certificate not only allows strong encryption but it also insures that the server being accessed is the server the certificate was issued for or a warning message is displayed.
The second part of the security is performed by NTFS file security, user accounts, and the organization of the webs used to construct the transfer site. Login security in SharePoint Team Services is restricted on the sub-web level not at the document library level. For example https://center.wwrc.net/sphome shows sphome as a sub-web of center.wwrc.net and can be configured with specific user access security. Likewise https://center.wwrc.net/sphome/transfer is an additional sub-web and can have its own user access security independent from the sub-web above it. Due to this limitation to create a secure transfer site will require a separate sub-web be created for each group of trading partners. For the purpose of secure file transfer the only features needed in each sub-web are a single document library and optionally use of the SharePoint Team services subscription notification service. For this reason the default SharePoint home page template is modified on Transfer site pages to allow full access to a Transfer Files document library from the home page.
The first thing that must happen is the user must login into the web site. This is done using a user account supplied by the server if the transfer partner is from outside DSA. The login prompt can vary depending on the windows operating system used. The difference does not effect the needed domain, username, and password but changes how fields the user has to enter the domain, username, and password in. All operating systems prior to Windows XP will prompt the user with a separate box for each piece of information. However with the introduction Windows XP this prompt changed to only allow 2 fields to supply all 3 pieces of information. This requires that the user combine the domain and the user name into a single username field separating the items with a backslash (\) like this “domain or server\username”. In the case of accounts outside DSA the domain will always be WWRC-Web1. The following example shows the typical login dialog box on Windows XP for a non DSA user.
Windows XP Example:
Windows 2000 Example:
It is recommended that the end user does not check the “Remember my password” box preventing unauthorized access to the site if the end user’s computer is compromised.
After logging into the server the default home page will be displayed for the transfer site. It shows several pieces of information and navigation links but for file transfer the document library displayed in the middle of the page is all that is needed to drop off a file. The user dropping off a transfer file simply needs to click the “Upload Document” to begin the process
After clicking “Upload Document” a web page is displayed that allows you to click the browse button and locate a file local to the user to upload to the library. Once the file has been selected its path will be displayed in the web form. To begin the upload process simply click “Save and Close” and the file will be uploaded. For large files this can take several minutes and does not provide any progress indication so do not worry if the browser stops responding during large uploads.
After the file has been uploaded successfully a new entry will appear in the Transfer files list. To download the document the transfer partner will just need to log into the site click the document icon or the file link to be prompted to open or save the file. At this point they can save the file to their own network or computer.
Another issue with using SharePoint for file transfer is the need to clean up or remove files that no longer need to be transferred. This is done by clicking the Edit Icon on the documents listing on the home page. This takes you to the following screen where data about the document can be updated or the file can be deleted by clicking the “Delete Icon” on the pages internal toolbar. This will remove the file’s entry from the database and delete the actual file from the web server.
After clicking delete the user will be returned to the default view for the document library. The user can continue to work from this page or click the “Home” link on the sites common top menu to get back to the previous home page view.
SharePoint includes a mechanism for notification called subscriptions. In the case of file transfers both parties will likely want to subscribe to the document library where files are being transferred. To do this you will simply need to click the subscribe link on the Transfer Files document library menu bar. This will take you to the following page.
On this page you are able to set up a custom subscription for any content in the sub-web but the default will be for the item that you clicked the subscribe link for, in this case Transfer Files. You then need to select what changes you want to be notified about, for file transfers I suggest “anything changes” Then enter you internet formatted email address and how often you want to be notified. If you choose “when change occurs” the notification will be sent with in the next 15mins or sooner after the event occurs.
When you receive the notification it will inform you what document library has changed, who changed it and provide a link to the document library not the individual file. If you follow the link with in 24hrs of the file being dropped off you will see “New!” displayed by the new file where it can now be downloaded.
I suggest that all trading partners for a site subscribe to the document library used for transfers even if it is just a backup notification for a personal email that is sent in the current business process.
To provide a consistent navigation to the Transfer site a parent site will be created for each requesting organization. Security will only be set on this sub-web for members of that organization. For other transfer partners from other organizations additional sub-webs will be created and secured below the parent web and navigation links will be placed in the Links list located on the right hand side of the Home page. This provides a convenient and consistent location to view the lists of transfer site available for an organization. This home page and links list will be secured to organization members only and the links will not be displayed in the additional transfer webs. To access the transfer web simply follow the link. If you do not want to loose your view of the parent web we suggest right clicking on the link and choosing “Open in New Window”.
