Thursday, June 3, 2010

Claim Based Authentication with SQL Server as Provider

I thought of sharing the Details about how to setup the Claim based Authentication with SQL Server as Provider. This is very straight forward. Below are high level tasks we need to do

1) Setup you AspnetRoleMemberShip Provider

2) Create Claims Based Web Application.

3) Create Site Collection.

4) Configure Web.Config of below Sites

a) Central Administration’s Web.Config

b) Security Token Service’s Web.Config

c) Claim Based Application’s web.Config

Provide Access to User from User Policy in Central Administration.

Details steps are given Below

Setup the AspnetRoleMemberShip Provider database

  • Go to the SQL Server database server
  • On the database server, open Windows Explorer.
  • Navigate to the path %System Drive%\Windows\Microsoft.NET\Framework\v2.0.50727.
  • To start the ASP.NET SQL Server Setup Wizard, double-click aspnet_regsql.exe.
  • Complete the wizard
  • Make sure the Application Pool accounts of the web application(s) and the Central Administration web site have access to the database

Create a new web application with Claim Based Authentication

  • Sign in to Central Administration
  • Select Application Management from Left Menu
  • Click on Manage Web Applications
  • Click New Web Application
  • Select Claims Based Authentication
  • Identity Providers
    • Check the Enable Windows Authentication box
    • Check the Enable ASP.NET Membership and Role Provider checkbox
    • In the Membership provider name edit box, type MySqlMember
    • In the Role provider name edit box, type MySqlRole
Please refer below picture:

image

image

Create a new site collection

  • Again Select Application Management
  • Click Create site collections
  • Select the newly created web application
  • Fill in a name and select a template

Modify web.config of the Central Administration site

  • Open the Central Administration site's web.config file
  • Find the </configSections> entry
  • Paste the following XML directly below it.

Note: This is connection String of your SQL Server’s Aspnetdb

<connectionStrings>
<clear />

<add name="AspNetDb" connectionString="data source=PRAWAL01;Integrated Security=SSPI;

Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />

</connectionStrings>

Note: Replace {your database Server Name} with Database Name


  • Find the <system.web> entry

  • Paste the following XML directly below it
    <roleManager enabled="true"
       cacheRolesInCookie="false"
       cookieName=".ASPXROLES"
       cookieTimeout="30"
       cookiePath="/"
       cookieRequireSSL="false"
       cookieSlidingExpiration="true"
       cookieProtection="All"
       defaultProvider="AspNetWindowsTokenRoleProvider"
       createPersistentCookie="false"
       maxCachedResults="25">
                         <providers>
                               <clear />
                               <add connectionStringName="AspNetDb"
    applicationName="/" name="MySqlRole" 

    type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,

    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

         <add applicationName="/" 
          name="AspNetWindowsTokenRoleProvider"

    type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,

    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

                         </providers>
                  </roleManager>
                  <membership defaultProvider="MySqlMember"
                     userIsOnlineTimeWindow="15" hashAlgorithmType="">
                         <providers>
                               <clear />
                               <add connectionStringName="AspNetDb"
    enablePasswordRetrieval="false"
                     enablePasswordReset="true"
                     requiresQuestionAndAnswer="true"
                     passwordAttemptWindow="10"
                     applicationName="/"
                     requiresUniqueEmail="false"
                     passwordFormat="Hashed"
                     name="MySqlMember"

    type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,

    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

                         </providers>
                  </membership>

    Modify the web.config of the Security Token Service (STS) virtual directory



  • Open the Security Token Service (STS) virtual directory's web.config file location of this file is

    C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken



  • Find the </system.net> entry

  • Paste the following XML directly below it
           <connectionStrings>
                  <clear />

    <add name="AspNetDB" connectionString="data source=PRAWAL01;

    Integrated Security=SSPI;Initial Catalog=aspnetdb" providerName="System.Data.SqlClient" />

           </connectionStrings>


  • Paste the following XML directly just above the entry </configuration>
    <system.web>
                  <membership>
                         <providers>
                               <add connectionStringName="AspNetDB" enablePasswordRetrieval="false" enablePasswordReset="true" 
                               requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false"  passwordFormat="Hashed" name="MySqlMember"  
                               type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                         </providers>
                  </membership>
                  <roleManager enabled="true">
                         <providers>
                               <add connectionStringName="AspNetDB" 
                               applicationName="/" name="MySqlRole" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                         </providers>
                  </roleManager>
           </system.web>

    Modify web.config of the claims based web application



  • Connection string – Find the </configSections> entry

  • Paste the following XML directly below it
    <connectionStrings>
                  <clear />
       <add name="AspNetDB" connectionString="data source=PRAWAL01;
       Integrated Security=SSPI;Initial Catalog=aspnetdb" 
       providerName="System.Data.SqlClient" />
    </connectionStrings>

    We need to Add Provider to <MemberShip> and <RoleManager>, So the best way is Replace <membership and <roleManager with below XML  (This is addition to Default which will be available, if you have more provider already configured, Just add more Provider).


      <membership defaultProvider="i" userIsOnlineTimeWindow="15" hashAlgorithmType="">
     <providers>
     <clear />
     <add connectionStringName="AspNetDB" 
    enablePasswordRetrieval="false" 
    enablePasswordReset="true" 
    requiresQuestionAndAnswer="true"
    passwordAttemptWindow="10"
    applicationName="/"
    requiresUniqueEmail="false"
    passwordFormat="Hashed"
    name="MySqlMember"
    type="System.Web.Security.SqlMembershipProvider,
    System.Web, Version=2.0.0.0,
    &#xD;&#xA;Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                     <add name="i" 
    type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider,
    \&#xD;&#xA;Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, 
    PublicKeyToken=71e9bce111e9429c" />
                    </providers>
             </membership>
             <roleManager enabled="true" 
    cacheRolesInCookie="false" 
    cookieName=".ASPXROLES" 
    cookieTimeout="30" 
    cookiePath="/" 
    cookieRequireSSL="false" 
    cookieSlidingExpiration="true" 
    cookieProtection="All" 
    defaultProvider="c"
    createPersistentCookie="false" 
    maxCachedResults="25">
                    <providers>
                           <clear />
                           <add connectionStringName="AspNetDB"
    applicationName="/"
    name="AspNetSqlRoleProvider"
    type="System.Web.Security.SqlRoleProvider, 
    System.Web, Version=2.0.0.0,Culture=neutral, 
    PublicKeyToken=b03f5f7f11d50a3a" />
                           <add applicationName="/"
    name="MySqlRole" 
    type="System.Web.Security.WindowsTokenRoleProvider, 
    System.Web, Version=2.0.0.0,Culture=neutral, 
    PublicKeyToken=b03f5f7f11d50a3a" />
                           <add name="c" 
    type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider,
    Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, 
    PublicKeyToken=71e9bce111e9429c" />
                    </providers>
             </roleManager>

    That’s all to be done for Configuration. Next step is to provide access to users from SQL Server.

    Adding User Policy via Central Administration



    • Open Central Administration

    • Navigate to Manage Application

    • Select the Claim Based Application from the List

    • Select User Policy from Top Ribbon.

    • Select Telephone Book ‘icon’

    • Select ‘All Zone’ and Click Next

    • Enter the Name is FIND text box

    • Hit Enter key

    • Select user from List and Provide Access Permission.


    image


    Now Open a new Browser window and Type http://<<url>> of your site collection of Claim based Web Application.


    image



    • Select “forms Authentication”

    • Enter user name and password


    image








    • So as per permission given “Full Control” (as Site Owner) in this case, site will allow user in.


    image


    Further to this, being a site admin you can add other users from SQL Database to this site’s Member, Owner, Viewer groups.


    Thanks!!




  • Sunday, May 30, 2010

    Inside SharePoint Foundation Server 2010

    In this article I am going to write about inside of SharePoint Foundation Server 2010. First I will explain “The Request Pipeline” Model. Mainly I am going to explain “What modification are done over Asp.Net pipeline Model to handle SharePoint Request”.

    The Request Pipeline

    When IIS server receives a request from a client, the request is passed through a pipeline that process the request. This processing includes authenticating the user, verifying the user’s authorization, building the response, sending the response, and finally, logging the request.

    HTTP Handler

    The Response is generated by HTTP Handler. Request are assigned to handler as per config file, based on file/page requested and the verb in the Request like “Get,POST”. Usually multiple Handler are registered through config file.

    HTTP Module

    The request pipeline also contains HTTP modules. Modules are assemblies that typically contain one or more event handlers or define new events that other modules can handle. An HTTP module can register for one or more events in the lifecycle of the request.

    For more information on The Request Pipeline please visit

    http://msdn.microsoft.com/en-us/library/be3378e2-7071-48d4-9d6f-1b31d73bc7aa

    Also to know more about IIS 7.0 Integrated Mode Please visit

    http://learn.iis.net/page.aspx/101/introduction-to-iis-7-architecture/

    Modification in Pipeline to handle SharePoint Site’s Request

    Now lets discuss where and how SharePoint makes changes to Request Pipeline.

    1) Pipeline Changes at the IIS Configuration Level

    • SharePoint Foundation changes the IIS Configuration file ApplicationHost.Config.
    • Registering Global Module “SharePoint14Module” as shown below
    • Addition of <isapiCgiRestriction> Section
    • <Site> section for every Web app in IIS

    2) Pipeline Changes at the SharePoint Web Application Level

    • A <Safe Controls> section specifies the controls that are allowed to run in safe mode
    • A <pages> section is added that identifies the custom SharePoint Foundation page parser filter (derived from PageParserFilter) that screens for unsafe controls
    • A <modules> section overrides the inherited configuration in the following ways.
    • A <handlers> section overrides the inherited configuration mainly by removing some HTTP handlers that SharePoint Foundation does not use and by adding handlers that support AJAX.
    • A <microsoft.sharepoint.client> section is added to support the client object model of SharePoint Foundation and client-side programming.
    • A <WorkflowServices> section and a <System.Workflow.ComponentModel.WorkflowCompiler> section are added to support workflows in SharePoint Foundation.
    • A <securityPolicy> section is used to add two additional trust levels, WSS_Minimal and WSS_Medium.
    • A <compiliation> section notifies the page parser of four additional assemblies it can use for compiling SharePoint Foundation as?x files.
    • A <sitemap> section specifies four special SharePoint Foundation site map providers. The following markup shows the <sitemap> section.

    ----------------------------------------------------------------------------------

    Saturday, May 29, 2010

    All You wanted to know About LINQ To SharePoint

    Introduction

    LINQToSharePoint is very similar to LINQTOSQL. By using LINQTOSHAREPOINT you can now fetch Lists by using LINQ instead of using CAML queries.

    • Simplified Object-Oriented Way to Query
    • No CAML Required
    • SPMetal.exe Generates Entities Classes for SharePoint Lists
    • Compile Time Check unlike CAML's RUN Time Check
    • Entity classes are strongly-typed, VS provides intellisense

    Disadvantage of CAML

    • CAML was difficult to use as it is an XML Based Query Language.
    • CAML was written as STRING into SPQuery, SPSiteDataQuery

    SPMetal.EXE

    MSDN Says:

    "SPMetal is a command line tool that generates entity classes, which provide an object oriented interface to the Microsoft SharePoint Foundation content databases. These classes are primarily used in LINQ to SharePoint queries; but they are also used to add, delete, and change list items with concurrency conflict resolution. Finally, they can be used as an alternative to the regular SharePoint Foundation object model for referencing content"

    The tool is included with SharePoint Foundation and is located in %Program Files%\Common Files\Microsoft Shared\web server extensions\14\BIN.To Find exact syntax and Options with SPMetal please click here

    How To:

    Lets do quick lab session to understand LINQTOSHAREPOINT.

    Step 1:

    a) Create a new Contact List named "Employee" in your site

    b) Create a New Column called "NetSalary", Type: Currency

    c) Add some records to the Employee List

    Step 2:

    a) Open SharePoint 2010 Management Shell ( make sure "Run as Administrator")

    b) Run below command to Generate Entities Class

    spmetal /web:<<SiteURL>> /code:MySite.cs

    EX: spmetal /web:http://prawal01:8080/ /code:MySiteEntities.cs

    Figure 1:

    image

    c)Verify "MySiteEntities.CS" file is available in current Directory

    Create a Visual Web Part where we will make use of above Entities Class to Fetch Data from Employee list.

    a) Create a New Visual Web Part Project

    b) Refer Microsoft .SharePoint.linq

    c) Add the Entities class to you project through Add Existing Item


    VisualWebPArt

    d) Add a Literal Control to ASCX Control

    <asp:Literal ID="Display" runat="server" />

    e) Add Below code to Page Load Event

    StringBuilder writer = new StringBuilder();     
     try      
       {           
        using (MySiteEntitiesDataContext dc = new MySiteEntitiesDataContext(SPContext.Current.Web.Url))          
          {              
             //Query Expressions
             var q = from emp in dc.Employee                      
                     where emp.NetSalary > 5000
                     //orderby emp.Project.DueDate                       
                     select new { emp.Title, emp.FullName, emp.NetSalary};
                   writer.Append("<table border=\"1\" cellpadding=\"3\" cellspacing=\"3\">"); 
                 foreach (var employee in q)              
                 {
                   writer.Append("<tr><td>");                  
                   writer.Append(employee.NetSalary);                  
                   writer.Append("</td><td>");                  
                   //writer.Append(employee.Contact);                   
                   //writer.Append("</td></tr>");               
                  }          
          }      
       }      
       catch (Exception x)      
         {          
          writer.Append("<tr><td>");          
          writer.Append(x.Message);          
          writer.Append("</td></tr>");      
          }      
         finally      
         {          
          writer.Append("</table>");          
          Display.Text = writer.ToString();
         } 


    Now Deploy Web Part to your site.

    Sunday, May 16, 2010

    Infopath 2010 – Error “the operation can not be completed” while connecting to SharePoint Site

     

    You get error “The Operation Can not be Completed” when you try to connect to your SHAREPOINT SITE. The Main cause of this error is unavailability of Top Level Site at ‘/’. You can only have 1 Top Level site in your web application. If you have not created Top Level Site at  ‘/’  info path would throw “the Operation can not be completed while you try to connect to any site in that particular web application.

    Thanks

    Central Administration: Can not Create/Extend Application even as I am member of FARM Administrator

     

              My Dev Environment is  SharePoint 2010 on WIN 7. I have 2 users

    1) Built in Administrator- Member of FARM Administrator

    2) Pathik01\Pathik – Also member of FARM Administrator

    Now when I Sign-in with my account and use Manage Web Application link, on the Top Ribbon none of Button is enabled. I can not create Web APP nor Extend it.  When I select web application from list, some button are enabled but not all. Also I can see role as Contributor

    This does not happen When I sign-in with Built-in\Administrator account.

    Resolution:

    To solve this issue I changed the User Account Control setting ---

    Open User Account Control Setting from Control Panel \System and Security \Change User Account Control settings

    and set the Slider bar to "Never Notify " as shown in below picture

     

    Error