Wednesday, September 21, 2011
Thursday, June 3, 2010
Claim Based Authentication with SQL Server as Provider
I thought of sharing the Details about how to setup the Claim based Authentication with SQL Server as Provider. This is very straight forward. Below are high level tasks we need to do
1) Setup you AspnetRoleMemberShip Provider
2) Create Claims Based Web Application.
3) Create Site Collection.
4) Configure Web.Config of below Sites
a) Central Administration’s Web.Config
b) Security Token Service’s Web.Config
c) Claim Based Application’s web.Config
Provide Access to User from User Policy in Central Administration.
Details steps are given Below
Setup the AspnetRoleMemberShip Provider database
- Go to the SQL Server database server
- On the database server, open Windows Explorer.
- Navigate to the path %System Drive%\Windows\Microsoft.NET\Framework\v2.0.50727.
- To start the ASP.NET SQL Server Setup Wizard, double-click aspnet_regsql.exe.
- Complete the wizard
- Make sure the Application Pool accounts of the web application(s) and the Central Administration web site have access to the database
Create a new web application with Claim Based Authentication
- Sign in to Central Administration
- Select Application Management from Left Menu
- Click on Manage Web Applications
- Click New Web Application
- Select Claims Based Authentication
- Identity Providers
- Check the Enable Windows Authentication box
- Check the Enable ASP.NET Membership and Role Provider checkbox
- In the Membership provider name edit box, type MySqlMember
- In the Role provider name edit box, type MySqlRole
Create a new site collection
- Again Select Application Management
- Click Create site collections
- Select the newly created web application
- Fill in a name and select a template
Modify web.config of the Central Administration site
- Open the Central Administration site's web.config file
- Find the </configSections> entry
- Paste the following XML directly below it.
Note: This is connection String of your SQL Server’s Aspnetdb
<connectionStrings><clear /><add name="AspNetDb" connectionString="data source=PRAWAL01;Integrated Security=SSPI;
Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
</connectionStrings>
Note: Replace {your database Server Name} with Database Name
<roleManager enabled="true"cacheRolesInCookie="false"cookieName=".ASPXROLES"cookieTimeout="30"cookiePath="/"cookieRequireSSL="false"cookieSlidingExpiration="true"cookieProtection="All"defaultProvider="AspNetWindowsTokenRoleProvider"createPersistentCookie="false"maxCachedResults="25"><providers><clear /><add connectionStringName="AspNetDb"applicationName="/" name="MySqlRole"type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add applicationName="/"name="AspNetWindowsTokenRoleProvider"type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers></roleManager><membership defaultProvider="MySqlMember"userIsOnlineTimeWindow="15" hashAlgorithmType=""><providers><clear /><add connectionStringName="AspNetDb"enablePasswordRetrieval="false"enablePasswordReset="true"requiresQuestionAndAnswer="true"passwordAttemptWindow="10"applicationName="/"requiresUniqueEmail="false"passwordFormat="Hashed"name="MySqlMember"type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers></membership>
Modify the web.config of the Security Token Service (STS) virtual directory
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken
<connectionStrings><clear /><add name="AspNetDB" connectionString="data source=PRAWAL01;
Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web><membership><providers><add connectionStringName="AspNetDB" enablePasswordRetrieval="false" enablePasswordReset="true"requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" name="MySqlMember"type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /></providers></membership><roleManager enabled="true"><providers><add connectionStringName="AspNetDB"applicationName="/" name="MySqlRole" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /></providers></roleManager></system.web>
Modify web.config of the claims based web application
<connectionStrings><clear /><add name="AspNetDB" connectionString="data source=PRAWAL01;Integrated Security=SSPI;Initial Catalog=aspnetdb"providerName="System.Data.SqlClient" /></connectionStrings>
We need to Add Provider to <MemberShip> and <RoleManager>, So the best way is Replace <membership and <roleManager with below XML (This is addition to Default which will be available, if you have more provider already configured, Just add more Provider).
<membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType=""><providers><clear /><add connectionStringName="AspNetDB"enablePasswordRetrieval="false"enablePasswordReset="true"requiresQuestionAndAnswer="true"passwordAttemptWindow="10"applicationName="/"requiresUniqueEmail="false"passwordFormat="Hashed"name="MySqlMember"type="System.Web.Security.SqlMembershipProvider,System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /><add name="i"type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider,\
Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral,PublicKeyToken=71e9bce111e9429c" /></providers></membership><roleManager enabled="true"cacheRolesInCookie="false"cookieName=".ASPXROLES"cookieTimeout="30"cookiePath="/"cookieRequireSSL="false"cookieSlidingExpiration="true"cookieProtection="All"defaultProvider="c"createPersistentCookie="false"maxCachedResults="25"><providers><clear /><add connectionStringName="AspNetDB"applicationName="/"name="AspNetSqlRoleProvider"type="System.Web.Security.SqlRoleProvider,System.Web, Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" /><add applicationName="/"name="MySqlRole"type="System.Web.Security.WindowsTokenRoleProvider,System.Web, Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" /><add name="c"type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider,Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral,PublicKeyToken=71e9bce111e9429c" /></providers></roleManager>
That’s all to be done for Configuration. Next step is to provide access to users from SQL Server.
Adding User Policy via Central Administration
- Open Central Administration
- Navigate to Manage Application
- Select the Claim Based Application from the List
- Select User Policy from Top Ribbon.
- Select Telephone Book ‘icon’
- Select ‘All Zone’ and Click Next
- Enter the Name is FIND text box
- Hit Enter key
- Select user from List and Provide Access Permission.
Now Open a new Browser window and Type http://<<url>> of your site collection of Claim based Web Application.
- Select “forms Authentication”
- Enter user name and password
- So as per permission given “Full Control” (as Site Owner) in this case, site will allow user in.
Further to this, being a site admin you can add other users from SQL Database to this site’s Member, Owner, Viewer groups.
Thanks!!
Sunday, May 30, 2010
Inside SharePoint Foundation Server 2010
In this article I am going to write about inside of SharePoint Foundation Server 2010. First I will explain “The Request Pipeline” Model. Mainly I am going to explain “What modification are done over Asp.Net pipeline Model to handle SharePoint Request”.
The Request Pipeline
When IIS server receives a request from a client, the request is passed through a pipeline that process the request. This processing includes authenticating the user, verifying the user’s authorization, building the response, sending the response, and finally, logging the request.
HTTP Handler
The Response is generated by HTTP Handler. Request are assigned to handler as per config file, based on file/page requested and the verb in the Request like “Get,POST”. Usually multiple Handler are registered through config file.
HTTP Module
The request pipeline also contains HTTP modules. Modules are assemblies that typically contain one or more event handlers or define new events that other modules can handle. An HTTP module can register for one or more events in the lifecycle of the request.
For more information on The Request Pipeline please visit
http://msdn.microsoft.com/en-us/library/be3378e2-7071-48d4-9d6f-1b31d73bc7aa
Also to know more about IIS 7.0 Integrated Mode Please visit
http://learn.iis.net/page.aspx/101/introduction-to-iis-7-architecture/
Modification in Pipeline to handle SharePoint Site’s Request
Now lets discuss where and how SharePoint makes changes to Request Pipeline.
1) Pipeline Changes at the IIS Configuration Level
- SharePoint Foundation changes the IIS Configuration file ApplicationHost.Config.
- Registering Global Module “SharePoint14Module” as shown below
- Addition of <isapiCgiRestriction> Section
- <Site> section for every Web app in IIS
2) Pipeline Changes at the SharePoint Web Application Level
- A <Safe Controls> section specifies the controls that are allowed to run in safe mode
- A <pages> section is added that identifies the custom SharePoint Foundation page parser filter (derived from PageParserFilter) that screens for unsafe controls
- A <modules> section overrides the inherited configuration in the following ways.
- A <handlers> section overrides the inherited configuration mainly by removing some HTTP handlers that SharePoint Foundation does not use and by adding handlers that support AJAX.
- A <microsoft.sharepoint.client> section is added to support the client object model of SharePoint Foundation and client-side programming.
- A <WorkflowServices> section and a <System.Workflow.ComponentModel.WorkflowCompiler> section are added to support workflows in SharePoint Foundation.
- A <securityPolicy> section is used to add two additional trust levels, WSS_Minimal and WSS_Medium.
- A <compiliation> section notifies the page parser of four additional assemblies it can use for compiling SharePoint Foundation as?x files.
- A <sitemap> section specifies four special SharePoint Foundation site map providers. The following markup shows the <sitemap> section.
----------------------------------------------------------------------------------
Saturday, May 29, 2010
All You wanted to know About LINQ To SharePoint
Introduction
LINQToSharePoint is very similar to LINQTOSQL. By using LINQTOSHAREPOINT you can now fetch Lists by using LINQ instead of using CAML queries.
- Simplified Object-Oriented Way to Query
- No CAML Required
- SPMetal.exe Generates Entities Classes for SharePoint Lists
- Compile Time Check unlike CAML's RUN Time Check
- Entity classes are strongly-typed, VS provides intellisense
Disadvantage of CAML
- CAML was difficult to use as it is an XML Based Query Language.
- CAML was written as STRING into SPQuery, SPSiteDataQuery
SPMetal.EXE
MSDN Says:
"SPMetal is a command line tool that generates entity classes, which provide an object oriented interface to the Microsoft SharePoint Foundation content databases. These classes are primarily used in LINQ to SharePoint queries; but they are also used to add, delete, and change list items with concurrency conflict resolution. Finally, they can be used as an alternative to the regular SharePoint Foundation object model for referencing content"
The tool is included with SharePoint Foundation and is located in %Program Files%\Common Files\Microsoft Shared\web server extensions\14\BIN.To Find exact syntax and Options with SPMetal please click here
How To:
Lets do quick lab session to understand LINQTOSHAREPOINT.
Step 1:
a) Create a new Contact List named "Employee" in your site
b) Create a New Column called "NetSalary", Type: Currency
c) Add some records to the Employee List
Step 2:
a) Open SharePoint 2010 Management Shell ( make sure "Run as Administrator")
b) Run below command to Generate Entities Class
spmetal /web:<<SiteURL>> /code:MySite.cs
EX: spmetal /web:http://prawal01:8080/ /code:MySiteEntities.cs
Figure 1:
c)Verify "MySiteEntities.CS" file is available in current Directory
Create a Visual Web Part where we will make use of above Entities Class to Fetch Data from Employee list.
a) Create a New Visual Web Part Project
b) Refer Microsoft .SharePoint.linq
c) Add the Entities class to you project through Add Existing Item
d) Add a Literal Control to ASCX Control
<asp:Literal ID="Display" runat="server" />
e) Add Below code to Page Load Event
StringBuilder writer = new StringBuilder();try{using (MySiteEntitiesDataContext dc = new MySiteEntitiesDataContext(SPContext.Current.Web.Url)){//Query Expressionsvar q = from emp in dc.Employeewhere emp.NetSalary > 5000//orderby emp.Project.DueDateselect new { emp.Title, emp.FullName, emp.NetSalary};writer.Append("<table border=\"1\" cellpadding=\"3\" cellspacing=\"3\">");foreach (var employee in q){writer.Append("<tr><td>");writer.Append(employee.NetSalary);writer.Append("</td><td>");//writer.Append(employee.Contact);//writer.Append("</td></tr>");}}}catch (Exception x){writer.Append("<tr><td>");writer.Append(x.Message);writer.Append("</td></tr>");}finally{writer.Append("</table>");Display.Text = writer.ToString();}
Now Deploy Web Part to your site.
Sunday, May 16, 2010
Infopath 2010 – Error “the operation can not be completed” while connecting to SharePoint Site
You get error “The Operation Can not be Completed” when you try to connect to your SHAREPOINT SITE. The Main cause of this error is unavailability of Top Level Site at ‘/’. You can only have 1 Top Level site in your web application. If you have not created Top Level Site at ‘/’ info path would throw “the Operation can not be completed while you try to connect to any site in that particular web application.
Thanks
Central Administration: Can not Create/Extend Application even as I am member of FARM Administrator
My Dev Environment is SharePoint 2010 on WIN 7. I have 2 users
1) Built in Administrator- Member of FARM Administrator
2) Pathik01\Pathik – Also member of FARM Administrator
Now when I Sign-in with my account and use Manage Web Application link, on the Top Ribbon none of Button is enabled. I can not create Web APP nor Extend it. When I select web application from list, some button are enabled but not all. Also I can see role as Contributor
This does not happen When I sign-in with Built-in\Administrator account.
Resolution:
To solve this issue I changed the User Account Control setting ---
Open User Account Control Setting from Control Panel \System and Security \Change User Account Control settings
and set the Slider bar to "Never Notify " as shown in below picture
