Claim Based Authentication with SQL Server as Provider

I thought of sharing the Details about how to setup the Claim based Authentication with SQL Server as Provider. This is very straight forward. Below are high level tasks we need to do

1) Setup you AspnetRoleMemberShip Provider

2) Create Claims Based Web Application.

3) Create Site Collection.

4) Configure Web.Config of below Sites

a) Central Administration’s Web.Config

b) Security Token Service’s Web.Config

c) Claim Based Application’s web.Config

Provide Access to User from User Policy in Central Administration.

Details steps are given Below

Setup the AspnetRoleMemberShip Provider database

• Go to the SQL Server database server
• On the database server, open Windows Explorer.
• Navigate to the path %System Drive%\Windows\Microsoft.NET\Framework\v2.0.50727.
• To start the ASP.NET SQL Server Setup Wizard, double-click aspnet_regsql.exe.
• Complete the wizard
• Make sure the Application Pool accounts of the web application(s) and the Central Administration web site have access to the database

Create a new web application with Claim Based Authentication

• Sign in to Central Administration
• Select Application Management from Left Menu
• Click on Manage Web Applications
• Click New Web Application
• Select Claims Based Authentication
• Identity Providers
  • Check the Enable Windows Authentication box
  • Check the Enable ASP.NET Membership and Role Provider checkbox
  • In the Membership provider name edit box, type MySqlMember
  • In the Role provider name edit box, type MySqlRole

Please refer below picture:

Create a new site collection

• Again Select Application Management
• Click Create site collections
• Select the newly created web application
• Fill in a name and select a template

Modify web.config of the Central Administration site

• Open the Central Administration site's web.config file
• Find the </configSections> entry
• Paste the following XML directly below it.

Note: This is connection String of your SQL Server’s Aspnetdb

<connectionStrings>
<clear />
<add name="AspNetDb" connectionString="data source=PRAWAL01;Integrated Security=SSPI;
Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
</connectionStrings>

Note: Replace {your database Server Name} with Database Name

Find the <system.web> entry

Paste the following XML directly below it

<roleManager enabled="true"
   cacheRolesInCookie="false"
   cookieName=".ASPXROLES"
   cookieTimeout="30"
   cookiePath="/"
   cookieRequireSSL="false"
   cookieSlidingExpiration="true"
   cookieProtection="All"
   defaultProvider="AspNetWindowsTokenRoleProvider"
   createPersistentCookie="false"
   maxCachedResults="25">
                     <providers>
                           <clear />
                           <add connectionStringName="AspNetDb"
applicationName="/" name="MySqlRole" 
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
     <add applicationName="/" 
      name="AspNetWindowsTokenRoleProvider"
 type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                     </providers>
              </roleManager>
              <membership defaultProvider="MySqlMember"
                 userIsOnlineTimeWindow="15" hashAlgorithmType="">
                     <providers>
                           <clear />
                           <add connectionStringName="AspNetDb"
enablePasswordRetrieval="false"
                 enablePasswordReset="true"
                 requiresQuestionAndAnswer="true"
                 passwordAttemptWindow="10"
                 applicationName="/"
                 requiresUniqueEmail="false"
                 passwordFormat="Hashed"
                 name="MySqlMember"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                     </providers>
              </membership>

Modify the web.config of the Security Token Service (STS) virtual directory

Open the Security Token Service (STS) virtual directory's web.config file location of this file is

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken

Find the </system.net> entry

Paste the following XML directly below it

       <connectionStrings>
              <clear />
              <add name="AspNetDB" connectionString="data source=PRAWAL01;
Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" /> 
       </connectionStrings>

Paste the following XML directly just above the entry </configuration>

<system.web>
              <membership>
                     <providers>
                           <add connectionStringName="AspNetDB" enablePasswordRetrieval="false" enablePasswordReset="true" 
                           requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false"  passwordFormat="Hashed" name="MySqlMember"  
                           type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                     </providers>
              </membership>
              <roleManager enabled="true">
                     <providers>
                           <add connectionStringName="AspNetDB" 
                           applicationName="/" name="MySqlRole" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                     </providers>
              </roleManager>
       </system.web>

Modify web.config of the claims based web application

Connection string – Find the </configSections> entry

Paste the following XML directly below it

<connectionStrings>
              <clear />
   <add name="AspNetDB" connectionString="data source=PRAWAL01;
   Integrated Security=SSPI;Initial Catalog=aspnetdb" 
   providerName="System.Data.SqlClient" />
</connectionStrings>

We need to Add Provider to <MemberShip> and <RoleManager>, So the best way is Replace <membership and <roleManager with below XML  (This is addition to Default which will be available, if you have more provider already configured, Just add more Provider).

  <membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType="">
 <providers>
 <clear />
 <add connectionStringName="AspNetDB" 
enablePasswordRetrieval="false" 
enablePasswordReset="true" 
requiresQuestionAndAnswer="true"
passwordAttemptWindow="10"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
name="MySqlMember"
type="System.Web.Security.SqlMembershipProvider,
System.Web, Version=2.0.0.0,
&#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                 <add name="i" 
type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider,
\&#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, 
PublicKeyToken=71e9bce111e9429c" />
                </providers>
         </membership>
         <roleManager enabled="true" 
cacheRolesInCookie="false" 
cookieName=".ASPXROLES" 
cookieTimeout="30" 
cookiePath="/" 
cookieRequireSSL="false" 
cookieSlidingExpiration="true" 
cookieProtection="All" 
defaultProvider="c"
createPersistentCookie="false" 
maxCachedResults="25">
                <providers>
                       <clear />
                       <add connectionStringName="AspNetDB"
applicationName="/"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, 
System.Web, Version=2.0.0.0,Culture=neutral, 
PublicKeyToken=b03f5f7f11d50a3a" />
                       <add applicationName="/"
name="MySqlRole" 
type="System.Web.Security.WindowsTokenRoleProvider, 
System.Web, Version=2.0.0.0,Culture=neutral, 
PublicKeyToken=b03f5f7f11d50a3a" />
                       <add name="c" 
type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider,
Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, 
PublicKeyToken=71e9bce111e9429c" />
                </providers>
         </roleManager>

That’s all to be done for Configuration. Next step is to provide access to users from SQL Server.

Adding User Policy via Central Administration

• Open Central Administration


• Navigate to Manage Application


• Select the Claim Based Application from the List


• Select User Policy from Top Ribbon.


• Select Telephone Book ‘icon’


• Select ‘All Zone’ and Click Next


• Enter the Name is FIND text box


• Hit Enter key


• Select user from List and Provide Access Permission.

Now Open a new Browser window and Type http://<<url>> of your site collection of Claim based Web Application.

• Select “forms Authentication”


• Enter user name and password

• So as per permission given “Full Control” (as Site Owner) in this case, site will allow user in.

Further to this, being a site admin you can add other users from SQL Database to this site’s Member, Owner, Viewer groups.

Thanks!!

Inside SharePoint Foundation Server 2010

In this article I am going to write about inside of SharePoint Foundation Server 2010. First I will explain “The Request Pipeline” Model. Mainly I am going to explain “What modification are done over Asp.Net pipeline Model to handle SharePoint Request”.

The Request Pipeline

When IIS server receives a request from a client, the request is passed through a pipeline that process the request. This processing includes authenticating the user, verifying the user’s authorization, building the response, sending the response, and finally, logging the request.

HTTP Handler

The Response is generated by HTTP Handler. Request are assigned to handler as per config file, based on file/page requested and the verb in the Request like “Get,POST”. Usually multiple Handler are registered through config file.

HTTP Module

The request pipeline also contains HTTP modules. Modules are assemblies that typically contain one or more event handlers or define new events that other modules can handle. An HTTP module can register for one or more events in the lifecycle of the request.

For more information on The Request Pipeline please visit

http://msdn.microsoft.com/en-us/library/be3378e2-7071-48d4-9d6f-1b31d73bc7aa

Also to know more about IIS 7.0 Integrated Mode Please visit

http://learn.iis.net/page.aspx/101/introduction-to-iis-7-architecture/

Modification in Pipeline to handle SharePoint Site’s Request

Now lets discuss where and how SharePoint makes changes to Request Pipeline.

1) Pipeline Changes at the IIS Configuration Level

• SharePoint Foundation changes the IIS Configuration file ApplicationHost.Config.
• Registering Global Module “SharePoint14Module” as shown below
• Addition of <isapiCgiRestriction> Section
• <Site> section for every Web app in IIS

2) Pipeline Changes at the SharePoint Web Application Level

• A <Safe Controls> section specifies the controls that are allowed to run in safe mode
• A <pages> section is added that identifies the custom SharePoint Foundation page parser filter (derived from PageParserFilter) that screens for unsafe controls
• A <modules> section overrides the inherited configuration in the following ways.
• A <handlers> section overrides the inherited configuration mainly by removing some HTTP handlers that SharePoint Foundation does not use and by adding handlers that support AJAX.
• A <microsoft.sharepoint.client> section is added to support the client object model of SharePoint Foundation and client-side programming.
• A <WorkflowServices> section and a <System.Workflow.ComponentModel.WorkflowCompiler> section are added to support workflows in SharePoint Foundation.
• A <securityPolicy> section is used to add two additional trust levels, WSS_Minimal and WSS_Medium.
• A <compiliation> section notifies the page parser of four additional assemblies it can use for compiling SharePoint Foundation as?x files.
• A <sitemap> section specifies four special SharePoint Foundation site map providers. The following markup shows the <sitemap> section.

----------------------------------------------------------------------------------

All You wanted to know About LINQ To SharePoint

Introduction

LINQToSharePoint is very similar to LINQTOSQL. By using LINQTOSHAREPOINT you can now fetch Lists by using LINQ instead of using CAML queries.

• Simplified Object-Oriented Way to Query
• No CAML Required
• SPMetal.exe Generates Entities Classes for SharePoint Lists
• Compile Time Check unlike CAML's RUN Time Check
• Entity classes are strongly-typed, VS provides intellisense

Disadvantage of CAML

• CAML was difficult to use as it is an XML Based Query Language.
• CAML was written as STRING into SPQuery, SPSiteDataQuery

SPMetal.EXE

MSDN Says:

"SPMetal is a command line tool that generates entity classes, which provide an object oriented interface to the Microsoft SharePoint Foundation content databases. These classes are primarily used in LINQ to SharePoint queries; but they are also used to add, delete, and change list items with concurrency conflict resolution. Finally, they can be used as an alternative to the regular SharePoint Foundation object model for referencing content"

The tool is included with SharePoint Foundation and is located in %Program Files%\Common Files\Microsoft Shared\web server extensions\14\BIN.To Find exact syntax and Options with SPMetal please click here

How To:

Lets do quick lab session to understand LINQTOSHAREPOINT.

Step 1:

a) Create a new Contact List named "Employee" in your site

b) Create a New Column called "NetSalary", Type: Currency

c) Add some records to the Employee List

Step 2:

a) Open SharePoint 2010 Management Shell ( make sure "Run as Administrator")

b) Run below command to Generate Entities Class

spmetal /web:<<SiteURL>> /code:MySite.cs

EX: spmetal /web:http://prawal01:8080/ /code:MySiteEntities.cs

Figure 1:

c)Verify "MySiteEntities.CS" file is available in current Directory

Create a Visual Web Part where we will make use of above Entities Class to Fetch Data from Employee list.

a) Create a New Visual Web Part Project

b) Refer Microsoft .SharePoint.linq

c) Add the Entities class to you project through Add Existing Item

d) Add a Literal Control to ASCX Control

<asp:Literal ID="Display" runat="server" />

e) Add Below code to Page Load Event

StringBuilder writer = new StringBuilder();     
 try      
   {           
    using (MySiteEntitiesDataContext dc = new MySiteEntitiesDataContext(SPContext.Current.Web.Url))          
      {              
         //Query Expressions
         var q = from emp in dc.Employee                      
                 where emp.NetSalary > 5000
                 //orderby emp.Project.DueDate                       
                 select new { emp.Title, emp.FullName, emp.NetSalary};
               writer.Append("<table border=\"1\" cellpadding=\"3\" cellspacing=\"3\">"); 
             foreach (var employee in q)              
             {
               writer.Append("<tr><td>");                  
               writer.Append(employee.NetSalary);                  
               writer.Append("</td><td>");                  
               //writer.Append(employee.Contact);                   
               //writer.Append("</td></tr>");               
              }          
      }      
   }      
   catch (Exception x)      
     {          
      writer.Append("<tr><td>");          
      writer.Append(x.Message);          
      writer.Append("</td></tr>");      
      }      
     finally      
     {          
      writer.Append("</table>");          
      Display.Text = writer.ToString();
     } 

Now Deploy Web Part to your site.

Infopath 2010 – Error “the operation can not be completed” while connecting to SharePoint Site

 

You get error “The Operation Can not be Completed” when you try to connect to your SHAREPOINT SITE. The Main cause of this error is unavailability of Top Level Site at ‘/’. You can only have 1 Top Level site in your web application. If you have not created Top Level Site at  ‘/’  info path would throw “the Operation can not be completed while you try to connect to any site in that particular web application.

Thanks

Central Administration: Can not Create/Extend Application even as I am member of FARM Administrator

 

          My Dev Environment is  SharePoint 2010 on WIN 7. I have 2 users

1) Built in Administrator- Member of FARM Administrator

2) Pathik01\Pathik – Also member of FARM Administrator

Now when I Sign-in with my account and use Manage Web Application link, on the Top Ribbon none of Button is enabled. I can not create Web APP nor Extend it.  When I select web application from list, some button are enabled but not all. Also I can see role as Contributor

This does not happen When I sign-in with Built-in\Administrator account.

Resolution:

To solve this issue I changed the User Account Control setting ---

Open User Account Control Setting from Control Panel \System and Security \Change User Account Control settings

and set the Slider bar to "Never Notify " as shown in below picture

 

Error: 500 for All Web Application including Central Administration on SharePoint 2010 on WIN 7

Today I Came across 500 error with “"Could not load all ISAPI filters for site 'SHAREPOINT CENTRAL ADMINISTRATION V4'. Therefore site startup aborted” in the Event Log. This happened after I installed .Net Framework 1.1 (32bit) ( Wanted to test one application which was built on .Net Framework 1.1).

After installing .Net Framework 1.1, My none of sites were working including Central Admin. Event Log had below entries

1) ISAPI Filter 'C:\Windows\Microsoft.NET\Framework\v4.0.21006\aspnet_filter.dll' could not be loaded due to a configuration

,

2) Could not load all ISAPI filters for site 'SHAREPOINT - 80'.  Therefore site startup aborted.

and

3) Could not load all ISAPI filters for site 'SHAREPOINT CENTRAL ADMINISTRATION V4'. Therefore site startup aborted.

After Searching and looking at log I could understand that my ISAPI setting had conflict with .Net Framework 1.1 installation (32 bit and 64 bit).

Resolution:

1) Un-Installed the .Net Framework 1.1 ( any how is it not required now)

2) re-register Asp.net 2.0 as default by running below command

aspnet_regiis.exe –i

And All started working like before!!

Setting Up Dev environment for SharePoint 2010

Hi All,

This article describes different options to setup development  environment with Microsoft SharePoint 2010 and Microsoft Visual Studio 2010.

Below are Different Options you can have for your Development Machine.

OS	Description
Win 7	Install SharePoint on Windows 7 x64, Windows Vista Service Pack 1 x64, or Windows Vista Service Pack 2 x64. My personal Experience, it works good on your Laptop with 4GB RAM. Please follow below link to have this setup on your system. http://msdn.microsoft.com/en-us/library/ee554869(office.14).aspx
Windows 2008 Server R2	Install SharePoint on Windows Server 2008 Service Pack 2 x64 (or Windows Server 2008 R2 x64) Normal Installation as per SharePoint Guidelines.
Boot2VHD	Having Duel Booting enable on your Laptop/Desktop with WIN 7 and Windows Server 2008 R2 Dual OS Boot from VHD is a new technique for installing and maintaining operating system environments. Unlike virtual machines, the operating system that is running from a “boot from VHD” environment is using the actual hardware instead of emulated hardware http://blogs.technet.com/keithcombs/archive/2009/05/22/dual-boot-from-vhd-using-windows-7-and-windows-server-2008-r2.aspx – This is really great article.
VMware Image	64-bit Image (Normal Installation as per SharePoint Guidelines)
Hyper-V on Windows Server 2008 R2	Use Microsoft Hyper-V and install SharePoint on a virtual machine running a Windows Server 2008 Service Pack 2 x64 (or Windows Server 2008 R2 x64) guest operating system

Error:Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack While Debugging Project in Visual Studio 2010 for SharePoint 2010

Hi All,
I have CUSTOM WCF Service hosted in IIS as a part of SharePoint Virual Directory (ISAPI under _vti_bin). This Web Service is triggered by Custom Pages and Controls on the same FARM Server. This service does nothing but adds a Web Part of user’s choice to a Page. For this I have used SharePoint Object Model.  now the actual problem, When I try to user //SPSite oSite = SPContext.Current.Site in my code, I was getting following error “Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack”.
After doing some analysis I found that it is actually a “Access Denied” error which is thrown while trying to create SPSite object.
Resolution: Use SPSecurity.RunWithElevatedPrivileges, if you using Object Model in your Service Layer.
Sample code:
SPSite oSite = SPContext.Current.Site;
         Guid siteGuid = oSite.ID;
         SPSecurity.RunWithElevatedPrivileges(delegate()
         {
            //Get the SPSite Object 
             // I am using SPContext within RunWithElevatedPrivileges
             //Opening the Site with new SPSite(siteGuid);
             oSite = new SPSite(siteGuid);
             //Open the Web now
             oWebSite = oSite.OpenWeb();
        });


Thanks
Pathik