Tuesday, June 4, 2013

SharePoint 2013 - Authentication, authorization, and security

  • User sign-in

  1. Classic-mode authentication is deprecated  and manged only by powershell , now claims is the default one. PowerShellcmdlet called Convert-SPWebApplication  can be used to migrate accounts , MigrateUsers method is deprecated  Ref :  http://msdn.microsoft.com/en-us/library/gg251985.aspx

  2. Requirement to register claims providers is eliminated

  3. SharePoint 2013 Preview tracks FedAuth cookies in the new distributed cache service using Windows Server AppFabric Caching.

  4. Better log management and depth of logs .

  •  Services and app authentication

  1. for more info on app principal , please visit  Build apps for SharePoint.

  2. server-to-server security token service (STS) provides access tokens for server-to-server authentication .

Ref : http://msdn.microsoft.com/en-us/library/ms457529.aspx

You may also like:


Sunday, June 2, 2013

my website does not work well with newly released version of IE

This is a very common scenario where you face n number of issues with newer version of browsers

temporary solution, tweak in your web.config like :

<?xml version="1.0" encoding="utf-8"?>
<clear />
<add name="X-UA-Compatible" value="IE=EmulateIE7" />

now here is a catch , you might face few issues with SharePoint provided black box units like search crawls. You might want to omit clear tag to avoid such situations.

You may also like:

SharePoint 2010 Enterprise Search | SharePoint Crawl Exceptional Behaviour

Query : Not able to open central Admin

On every page in central admin I getting below mentioned error :

System.InvalidOperationException: Post cache substitution is not compatible with modules in the IIS integrated pipeline that modify the response buffers. Either a native module in the pipeline has modified an HTTP_DATA_CHUNK structure associated with a managed post cache substitution callback, or a managed filter has modified the response. at System.Web.HttpWriter.GetIntegratedSnapshot(Boolean& hasSubstBlocks, IIS7WorkerRequest wr) at System.Web.HttpResponse.GetSnapshot() at System.Web.Caching.OutputCacheModule.OnLeave(Object source, EventArgs eventArgs) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Error initializing Safe control - Assembly:Microsoft.Office.SharePoint.ClientExtensions, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c TypeName: Microsoft.Office.SharePoint.ClientExtensions.Publishing.TakeListOfflineRibbonControl Error: Could not load type 'Microsoft.Office.SharePoint.ClientExtensions.Publishing.TakeListOfflineRibbonControl' from assembly 'Microsoft.Office.SharePoint.ClientExtensions, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c'.

What could be the possible reason behind this ?

You may also like:

MOSS 2007 Troubleshooting Guide

Monitor traffic b/w SQL server and front end

Saturday, June 1, 2013

Offset Today in SPQuery Example

There is a virtual situation :

You have no archival / expiration policies setup for your list and on and off you want to delete everything older than 30 days . What you will do ?

This sample power shell solves your purpose and fulfill example for offset parameter in powershell :

$WebURL = "http://mysitecollection:100/myWeb";
$spWeb = Get-SPWeb -Identity $WebURL;

$sList = $spWeb.GetList("/myWeb/Lists/myList");
write-host $sList.Title;
$camlQuery = "<Where><Lt><FieldRef Name='Modified' /><Value Type='DateTime'><Today OffsetDays=-30 /></Value></Lt></Where>";
$spQuery = new-object Microsoft.SharePoint.SPQuery ;
$spQuery.Query = $camlQuery ;
$spQuery.ViewFields = "<FieldRef Name='ID' />";

$ToBeDeleted = $sList.GetItems() ;
$ToBeDeleted = $sList.GetItems($spQuery) ;
$ToBeDeleted | ForEach-Object {
Write-Host $_.ID -foregroundcolor cyan

$deaditem= $sList.GetItemById($_.ID);  # if you wish you may decide to recycle instead to recycle bin



write-host $i;




Authentication is determining the identity of a principal trying to log in via IIS . When a principal tries to authenticate to a system, credentials are provided to verify the principal's identity.

            Microsoft Online IDs  are issued and maintained by Microsoft - like ids for  Office 365,               Hotmail, Sky Drive, and Live account.Using a Microsoft ID, a user can authenticate to various systems using same credentials.

             Federation Identity  (Single Sign-On) is a mechanism for allowing users within your organization to use their standard Active Directory corporate username and password toaccess Office 365.Federation with Office 365 requires the use of Active Directory Federation Services (ADFS)2.0.

Authorization is verifying an authenticated user's access to a application as per Access Control List (ACL).When a user tries to access the SharePoint site collection, their username is checked against the permissions of the site via SharePoint Groups or directly. If no permission is been granted, access is denied .

You may also like:

Friday, May 31, 2013

Include specific folder content in BlobCache SharePoint

It is quite possible that you instruct blob cache framework to include only specific SP document Libraries . ( I have mentioned it as document libraries , as you must be aware it does not work well with custom folders created using designer etc)

Suppose I have few heavy .jpeg  and .dhx  in a spdocumentLibrary called  HeavyContent .

I want to cache all .pdf , .doc ,.docx ,.flv,.f4v ,.swf  in my web application , but  .jpeg and .dhx   are the one only from spdoc lib "HeavyContent"

Search for a tag similar to below mentioned  in web.config and edit the path parameter.  :

<BlobCache location="C:\myBlob\Public" path="(\.(doc|docx|pdf|swf|flv|f4v)$|HeavyContent.*\.(dhx|jpeg)$)" maxSize="10" max-age="86400" enabled="true" />

This will mark items as specified by path parameter regex  for 24 hrs , to be cached.

\.(doc|docx|pdf|swf|flv|f4v)$    <---->  everything which ends with extension mentioned

|                                            <---->   or

HeavyContent.*\.(dhx|jpeg)$ <----> content inside HeavyContent ending with dhx or jpeg

Disclaimer : I am not sure how performance will be affected by making path parameter complex.

Mime Types with BlobCache

Now suppose your IIS does not support some mime types like dhx and f4v.  You have two options :

Option 1 : add mime type at server level in IIS.

Option 2 : use    browserFileHandling = "Nosniff"  in the webconfig section discussed above.  [ Ref : http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx ]
How to  Flushing the BLOB cache

  1. IISRESET [Recommended : Increase the startup and shutdown time limits on the web application to accommodate the extra time it takes to initialize or serialize the cache index for very large BLOB caches]

  2. Powershell :

Write-Host -ForegroundColor White ” – Enabling SP PowerShell cmdlets…”
If ((Get-PsSnapin |?{$_.Name -eq “Microsoft.SharePoint.PowerShell”})-eq $null)
$PSSnapin = Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue | Out-Null

$webAppall = Get-SPWebApplication
foreach ($_.URL in $webAppall) {
$webApp = Get-SPWebApplication $_.URL
Write-Host “Flushed the BLOB cache for:” $_.URL
3. change enable to false in web.config , change location parameter , set enable to true

You may also like:

Watson bucket parameters


Anybody help to understand , what this means in ULS logs ?


05/29/2013 08:22:02.49 w3wp.exe (0x1D38) 0x0DD4 SharePoint Server Unified Logging Service c91s Monitorable Watson bucket parameters: SharePoint Server 2010, ULSException14, 81eed5e0 "web content management", 0e00129b "14.0.4763.0", e9185677 "system.web", 0200c627 "2.0.50727.0", 4ef6c43b "sun dec 25 01:35:39 2011", 00002164 "00002164", 00000083 "00000083", 454b2bb9 "httpexception", 386e3162 "8n1b" 47e538f0-8fa3-4d3b-8010-1988b2590981