Managed code vs JavaScript client object model sharepoint 2010

When using the various client object models, be aware that there are some small differences, especially between the managed code and JavaScript implementations.

Absolute and Relative URLs

JavaScript you have to provide a server-relative URL:

[JavaScript or ECMAScript]
var clientContext = new SP.ClientContext("/mySiteCollection/mySite");

When working with the managed object models for Windows or Silverlight applications, you need to use either an absolute URL or an object of type System.Uri:

ClientContext clientContext = new ClientContext("http://SPservername");

ClientContext clientContext = new ClientContext("http://SPservername)

Different Data Types

Keep in mind that between the managed object model and the JavaScript object model, there are some differences regarding the data types. Most of the data types behave similarly to each other, but there are some language-specific particularities, like the NaN (Not a Number) value in JavaScript, which has no equivalent in managed code. On the other hand, complex list objects like StringCollection in managed code do not exist on the JavaScript side and therefore are implemented as normal arrays—in our example, as string[]

Authentication Mode

When using JavaScript you do not need to worry about authentication because the page that runs your JavaScript is already authenticated either by Windows Authentication or Forms Authentication. If you are using the managed object models and you want to use Forms Authentication instead of Windows Authentication, use code like this:

clientContext.FormsAuthenticationLoginInfo = new FormsAuthenticationLoginInfo("user","password");

Using the Digest Web Control

Before you can use the JavaScript object model on a page, you have to ensure that the page contains the FormDigest web control. This web control inserts a security validation token within the form of an ASPX page. When making a call to the server—for example, to retrieve data—this token will also be included and validated by the server. A security token is specific to a user, site, and time period—thus, it expires after a configurable time interval.

Using the FormDigest to validate requests prevents attacks wherein a user is tricked into posting data to the server.


Post a Comment


This is a personal weblog. The opinions expressed here represent my own and not those of my employer or anyone else. Should you have any questions or concerns please e-mail me at .

Copyright (c) 2010 @ All rights are reserved.Do Not Copy.

@ Learning