Update:Features Project in CodePlex

April 6th, 2008 4 comments

I just uploaded another feature to our CodePlex project called Global Web.Config Feature. It is basically a feature that gives you the ability to add some of the most requested modifications such as connectionstring, appsettings , membership and providers to the Web.config files of all Web apps across the farm. The feature is scoped at farm level , but nothing stops you to change its scope to “Web Application” with some slight modifications in FeatureActivated and FeatureDeactivating event handlers. I have tested this feature for both WSS and MOSS and it should work just fine. That’s why I decided to use SPWebConfigModificationType.EnsureSection for the parent nodes instead of SPWebConfigModificationType.EnsureChildNode. If you find any issues or if you have any suggestions please let us know here.

I will be working with Scot Hillier (Project Coordinator and Developer) and other project members to clean up some of the already deployed features and incorporate some of your requests logged in the issue tracker , specially for AJAX Config and Debug Config features .Stay tunned!

You can find the complete code and solution files for this project in the CodePlex project. In the meantime , you can have a look at my post here about some of the SPWebConfigModification’s limitations.

Update (13/April/2008 ): Ajax.Config Feature is cleaned up.
Update (13/April/2008 ): 3.5 Cinfig Feature is now part of the project. This Feature makes all the Web.config modifications to support 3.5 framework so you can can easily deploy the wonderful BluePrint demo.

Categories: MOSS 2007 Tags:

SPRSS

March 30th, 2008 No comments

No, don’t read it SSRS (good old days :)) . It is called SPRSS and it is a fantastic , security-trimmed content Aggregator that my pal , Sahil Malik, has developed and released to the public in the codeplex. SPRSS comes in two main flavors :

1) CleanRSS.aspx: It can be replaced the ootb listfeed.aspx (http://yoursite/_layouts/listfeed.aspx) to extract much cleaner and XSLT friendly RSS feeds.

2) RSSWebPart: It can aggregate multiple RSS feeds across site collections, web apps and farms (and maybe in the future releases across our globe and milky galaxy ;)) into one security-aware bucket with the ability of applying XSLT to it.

Here are a couple of interesting usage scenarios for SPRSS.
Here is a good overview and future plans.
Here is a usage guide.

And FINALLY here is the codeplex project – http://www.codeplex.com/SPRSS

Categories: MOSS 2007 Tags:

Guest Account Enabler – Code Download and more!

March 30th, 2008 45 comments

Almost two months ago , I wrote three blog posts (part1,part 2 and part 3) about Anonymous Users In SharePoint, how to set it up ,challenges you might face dealing with these creatures and couple of solutions. Since then , I have received quite a few emails from people asking for two main things :

1) The source code for the solution I provided in part 3.

2) If there is any way to NOT use global.asax in a farm installation where there are multiple WFEs sitting behind a load balancer. In this case , the feature responsible for copying the global.asax file from the feature folder to the root folder of your SharePoint web application (hosted in IIS) only copies the global.asax to the WFE server on which you activate the feature. For the rest of WFEs , you need to manually replace the global.asax files. Not acceptable! Actually I am covering this issue in more details in my upcoming post : The Importance of Network Load Balancing.

Please download the source code from the link below. Take a look at the two projects included in the download.

Source Code
 

This download contains two folders:

I) GuestAccountEnabler_GlobalASAX

This folder contains the source code for “Guest Account Enabler” functionality as a feature scoped at a site collection. The fact that it is a site collection feature might introduce some permission issues (read the comments at FeatureActivated and FeatureDeactivating methods) wen using global.asax approach. Good news is that nothing prevents you to change the scope of the feature to Farm or WebApplication or run the code in FeatureActivated and FeatureDeactivating methods in an elevated context to make sure that activation and deactivation methods are executed with required access level to the file system. Bottom line is , it is not a fully automated approach for Farm installation. Please make sure you also read the ReadMe.txt for configuration steps.

II) GuestAccountEnabler_HttpHandler

To overcome the issues mentioned above , I went a head and implemented the Guest Account Enabler functionality in a Http Module. Remember, global.asax is just a specialized Http Module , but by placing our code into a Http module instead , it is much easier to share it between multiple Web applications plus it introduces much easier deployment in a farm installation. Our Http module sits on the top of the Http Request and check the authentication cookie , if It is not presented and the feature is enabled it injects the virtual “Guest” account into the current request and forces a new http request (reentering the http pipeline) to pick up the new [virtual] Forms identity. Please remember to read the ReadMe.txt file for configuration steps spscific for Http Module approach. Here is the gist of it:

< View plain text >
C#

  1. public class GuestModule : IHttpModule
  2.     {
  3.         public virtual void Init(HttpApplication context)
  4.         {
  5.             // Subscribe to events.
  6.             context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
  7.         }
  8.         void context_AuthenticateRequest(object sender, EventArgs e)
  9.         {
  10.             OnAuthenticateRequest(((HttpApplication)sender).Context);
  11.         }
  12.         public virtual void Dispose(){}
  13.         /// <summary>
  14.         /// Authenticates the authorization request.
  15.         /// </summary>
  16.         private void OnAuthenticateRequest(HttpContext context)
  17.         {
  18.             if (context == null)
  19.                 throw new ArgumentNullException("context");
  20.             //Extract the forms authentication cookie
  21.             string cookieName = FormsAuthentication.FormsCookieName;
  22.             HttpCookie authCookie = context.Request.Cookies[cookieName];
  23.             if (null == authCookie)
  24.             {
  25.                 // There is no authentication cookie. Check to see if Guest Account feature is activated
  26.                 // If Feature is Activated, ValidateUser would return Guest Account Context
  27.                 if (Membership.ValidateUser("Guest", ""))
  28.                 {
  29.                     string requestedUrl = Uri.UnescapeDataString(context.Request.Url.ToString());
  30.                     FormsAuthentication.SetAuthCookie("Guest", false);
  31.                     //Force a new request (reenter the http pipeline)
  32.                     context.Response.Redirect(requestedUrl);
  33.                 }
  34.             }
  35.         }
  36.     }

As described in the ReadMe.txt , you need to register this Http Module in your extended site (the one that is protected by FBA). The good thing about this approach is that AuthenticateRequest event receiver only gets executed for your FBA site and only when the authentication cookie is not presented. That’s pretty much all about it !

Wait! I have included two more things in the download files.

1) It is no biggie , but you can see how to localize a feature’s title and description.
2) Have you ever heard about Minimal master page or minimal site definition (I wish there was one 😉 ) ? Both projects have a dummy Membership provider which I have called it “Minimal Membership Provider”. Well, eventually you will have to merge the Guest Account Enabler functionality into your existing membership provider , but to start with, you needed an authentication provider , right? I created that provider to give you the ability to quickly test the sample code. It is also using a dummy connection string so don’t even need to bother changing it to match your environment. Just put them in your Web.config and that’s it!

Categories: MOSS 2007 Tags:

Toronto CodeCamp is only ONE day away!

February 29th, 2008 No comments

In just less than 32 hours , the Toronto CodeCamp 2008 will be held. Over 700 people have registered so far and registration is still open. If you haven’t registered yet ,you’d better hurry! This is an amazing opportunity for learning and networking with peers and industry leaders. Unfortunately, Eli Robillard (Toronto’s Uber SharePoint MVP) has taken a break as he has been so busy these days, but no worries – both myself and Bill Brockbank will be representing the SharePoint community along with bunch of other *great* speakers. I’ll be presenting one session:

Delving into custom authentication providers in SharePoint (02:30 PM – 03:45 PM Room: E.S. Jackson)

For those of you who attended this session in SharePoint user group , because I love you so much and I’d like to see you over and over again , I am coming with a fairly new presentation. I have managed to change the background of my PowerPoint deck, added couple new pictures (Just kidding) LOL …… In all seriousness , I have added the following topics to the previous presentation and got rid of bunch of slides.

  1. Utilities that must be shipped with any FBA implementations (These are NOT the tools we already talked about)
  2. Anonymous Access Challenges
  3. Single Sign ON with other ASP.NET apps
  4. MySites (If time)
  5. A new State Provider that I have just finished developing it (If time)

I’m telling you now that it is going to be a fast-paced session , because my mantra is : To “Share” as many “Points” as possible I also don’t like unreal demos (a.k.a Hello World! – Copied and pasted from someone else’s demo) .You don’t need to listen to my funny accent for those stuff, right?;)As always, I will be showcasing one of my previous projects.

See you on Saturday, March 1.

Categories: General, MOSS 2007, UG/CodeCamp Tags:

Central Admin Can’t See My Authentication Provider!

February 22nd, 2008 4 comments

Received today from CodePlex:

“Hi Reza, I have created a custom membership provider for my MOSS site [ it checks creds against a propriteray store]. I have implemented these methods in the CustomProviderClass public class MyCustomProvider:MembershipProvider
* GetAllUsers
* ValidateUser
* GetUser
* FindUsersByName
I followed the technet links to register the custom provider in the sharepoint Admin site as well as my custom website on which I would like to have FBA. Unfortunately I am struggling at the point where I am not able to add users….. Central Administration > Application Management > Policy for Web Application > Add Users the user is not found when I check names, yes I use MyProvider:username BTW I tested my custom provider in ASP.NET 2.0 and it works super Please advice, thanks a lot”

First of all , you don’t need to specify MyProvider:username for the user to be resolved. In a healthy FBA configuration putting username alone should be okay. However , when you hover over the username , it must show MyProvider:username as the tooltip. This is one of the ways that you can make sure your user belongs to your custom authentication provider , not a similar name in AD or any other authentication providers.

Secondly, the fact that your custom authentication provider works in your ASP.NET application or even in your SharePoint web application (whatever zone you specify for your FBA stuff ) doesn’t guarantee that it should work in Central administration or SSP. They are different web applications running under different application pools (they better be ;)) with different web.config files. Here are two things that I’d check:

1) FBA settings ( Are they the same in SharePoint Web Application and Central admin) – You don’t need to include role provider settings in central admin.

2) Debug your authentication provider to see if it gets initialized. Then step through your various methods and see if there is an exception thrown somewhere in GetUser method that is not propagated up in the call stack or you have handled it without logging it (bad bad idea). Make sure you do an IISRESET and browse to your site once before you attach to the worker process, because your auth provider might have been already initialized and you don’t see the initialized method get hit again – GetUser gets hit everytime a name is resolved. This is where a good instrumented code comes to light to nail down the issue. Please Please make sure that you write plenty of tracing code in every piece of functionality you develop. I guarantee that you won’t regret it. Debugging can be done in two ways. One way is what I described above or you can place a trace on the SQL server side to see if the communication with back-end database ever happens and what gets transmitted. Many people would prefer the latter one.

Hope this helps,

Categories: MOSS 2007 Tags: