Ensuring application integrity on Sharepoint Foundation 2010

Question

I would like to develop a custom application (multiple screens, complex processes) on top of Sharepoint Foundation 2010. I decided to write visual web parts for simple logic and Silverlight web parts for complex application logic. First of all: Is this decision ok?

My application will use it's own data in a separate DB. The only connection between my DB and Sharepoint will be users. Users will authenticate against Sharepoint and access my application from there. They will belong to certain roles which will define their rights within my application (either admins - hierarhicaly managing data of subtree users - or they will be regular users - only able to see their own data).

Within my application (and DB) all these users will be hierarchically related. Users with subtree of users are admins of their subtree.

Problem?

If I do write web parts (of whatever kind), how do I ensure that these same web parts are not used in other Sharepoint sites as well? It would most probably break the application and it could of course make it possible to replicate the same application but using different users...

I thought I could as well write application pages (so my application would be in _layouts folder as I understand it), which would make it possible to not reuse my application, but users and rights are assigned on site level so I'm not able to define security in Sharepoint directly... So I can't win this way either...

These are all specualtions on my thin Sharepoint development experience, so correct me of I'm wrong in any of the above... But beside all that what would you suggest? How would suggest I should do this?

Answer 1

To get straight to the point WebPart are for reuse and personalization when you develop a web part.

To Answer your first question : Is WebPart development okay, Partially yes because, you have multiple option to prevent a web Part being accessed or used in other SharePoint Web Application or website.

1. First way is to deploy your webpart to the Applications Bin Directory so that your code is accessible only to your application not others.
2. Second way is that WebPart can be used in a SharePoint web application only if there is a Safe Control entry in the Web.Config.
3. Third Way is to prevent the users from Personalizing any page in SharePoint so that they cannot deploy any Web Parts even in their own Personalized Pages. (this can be achieved by removing personalization rights).

Farm Admin should be a Good guy that he will not add that safe control entry in other websites that doesn't want this webpart functionality.

Application Pages are not good idea because by the name you could guess they are shared across the farm & is accessible to all the SharePoint websites deployed in the server.

In cases if you are not okay with the above to Web Part approach , I would suggest to create sub sites as per the permission requirement you want and provision pages that will go in to each of the sub sites. Each of these pages will have a ASP.NET User control that hold the Business Logic you have written.