HttpCode

I’ve written a web part that can help you insert JavaScript into a SharePoint page. Currently there is nothing stopping you using a content editor web part, but it has a few limitations. First is the fact that the JavaScript doesn’t stand out, people may think that the content inside the editor is blank, when in fact it contains JavaScript.

By having a dedicated web part for JavaScript it becomes clearer that JavaScript lives on the page, also we can add a few features that make working with JavaScript a little easier.

I’ve made the chrome state set to None by default, so you won’t see the web part at all during normal render time (only design time).

The properties:

Page load JavaScript: This can be any JavaScript that you want to run when JQuery loads, that is any code you want to live inside of:

$(document).ready(function(){});

Something cool to try out (from EndUserSharePoint) try adding: $('#LeftNavigationAreaCell').toggle();  This will remove the left hand navigation.

Page level JavaScript: This is JavaScript that you just want to live on the page, it could be globally scoped variables or some functions that you have defined.

Script Includes: Each new line can be the URL to a JavaScript file to be included in the page, this is particularly useful for including JQuery plugins.

Use Google Libraries: Just a little novelty, it will use the Google Ajax API’s to load JQuery instead of the embedded JQuery resource.

You can have multiple web parts on the same page, the best bit about this is that all the code will be output into one place, so if you have one web part with some page load JavaScript that has say: alert(‘load’);  and anther that includes the left nav cell hide from above, the result in the page would be:

$(document).ready(function(){alert’load’); $('#LeftNavigationAreaCell').toggle();  });

After you deploy the solution, be sure to activate the feature under ‘site features’:

You can download the solution package from here.

A while ago I wrote a little tag cloud web part,  I’ve updated that web part so that it has its own solution package and can be used stand alone.

After you install and deploy the solution, make sure you activate the tag cloud feature in ‘site features’

Lets take the example of adding tags to a standard events calendar.

First add a new column named ‘tags’ to the events list.

Add the tag cloud web part to the page and set the following properties:

You can specify the link that each tag will link to as well. By default it will link to the search center and try to search on the metadata property of the tag field. i.e: "/SearchCenter/Pages/Results.aspx?k={tagfield}:{tag}", using this format however you could link to any page and then maybe use a query string filter web part to pull the tag from the url.

The final web part looks like:

You can download the solution from here.

This week I ran into an interesting problem. When adding a workflow to a content type we saw the following error:

Unable to validate data. at System.Web.Configuration.MachineKeySection.GetDecodedData(Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Int32& dataLength) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)

I did the normal thing at searched on Google, only to find this KB (http://support.microsoft.com/kb/928028) which describes the error message, it gives the solution as ensuring that SharePoint is installed with the same path on each of the server. This seemed odd, since all our servers have a standard build.

The error message indicated that the view state has been modified between postbacks, so it was back to the drawing board looking for a solution that involved some change that could possibly have some effect on the view state. After talking with the designer it turned out that he had made some changes to the application.master page. We replaced the altered file with a backed up version of the application.master and sure enough the workflow could be added without any issues.

After a bit more experimentation it turned out that the problem was with this:

<SharePoint:DelegateControl ID="MyDelegateControl" runat="server" controlId="SmallSearchInputBox" />

It seems that the small search box alters the view state in some way to cause it not to validate on postback.

Hopefully this will save someone else the hassle of this error.

I’ve been setting up Kerberos for a client that is using Windows Server 2008, I’ve found the following:

Since Windows Server 2008 uses http.sys which is a kernel mode driver designed to intercept web requests at the kernel level (thus improving performance) it required a little more configuration. By default http.sys will handle the authentication request using the local system account not the application pool account, this will cause problems if you want to use Kerberos. The solution is the following:

In the application.host file (located at: <system drive>/windows/System32/inetsrv/applicationHost.config )

Find the following xml fragment:

<configuration><system.webServer><security><authentication>

Change the windows authentication node:

<windowsAuthentication enabled=”true” useKernelMode=”true” useAppPoolCredentials=”true”/>

This just tells the http.sys kernel module to use the application pool credentials.

Enable Kerberos logging:

Run regedit:

Find: HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / LSA / Kerberos / Parameters

Add a new DWORD entry named: LogLevel and set it’s value to 1.

On windows server 2008 this will take effect immediately.

Now that logging has been turned on, you might want to reference the Common Kerberos Error Codes: http://support.microsoft.com/kb/230476

These error messages will show up in the System Tab of the Event Viewer.

Of course there are a few more steps involved in setting up Kerberos, but hopefully this will help with the windows server 2008 specific problems.

The latest patch Tuesday includes the following for SharePoint:

Executive Summary

This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.

You should seriously consider this patch and apply it.

I was recently asked a question around this scenario:

If you log into a SharePoint Portal by using the ‘Sign in as Different User Button’ as User2 it works fine, however when you click on the ‘MySite’ link it will show the MySite of User1 not User2 as you would expect.

I should also point out that the MySite and Portal are running in separate web applications (this should give away the answer).

So what is happening here is that when you click on the MySite link, this web applications asks the browser for the users authentication details, since it is a different URL (i.e. because its running in a separate web application, it will be a subdomain or even a different domain name) the browser will forward the logged in users credentials i.e. User1 (provided that it is in the local intranet zone), the browser will not keep User2’s credentials and will not forward them on. So the end effect is the scenario described above which may seem odd to the end user.

The only way to get around this is to user the ‘RunAs’ command from windows and run the browser process as User2.

What we’ve normally found is that the ‘Sign in as Different User’ option is normally only used by power users, these people will generally understand the problem if you explain it to them.

Just a quick note to point out the following link: http://www.visifire.com/

They provide open source Silverlight and WPF charts:

Worth remembering next time you want to add a rich chart to your applications

Have you seen the AJAX libraries API from google? They can be found here: http://code.google.com/apis/ajaxlibs/

What are they?

Basically its a content distribution network (CDN) for the most popular JavaScript libraries such as JQuery. It provides the officially released libraries in a gzipped form, served from a global CDN, so that your end users hit a server near them.

I feel like I’ve been living under a rock to have just discovered this service. It looks pretty easy to implement.

A couple of random tips for using lists inside of SharePoint:

• Make use of the RSS features of Lists – Each document library publishes an RSS feed which really provides the user with a wealth of options, there is no site collection limits on how that feed is consumed, so it’s possible to use in their MySites etc. If you have Kerberos setup correctly it is possible that other systems can make use of the feed. RSS is a good option to supplement the alerts that a list can send, often users won’t want their email cluttered with alerts.
• Alerts – Granularity is the key to successful alerts, a user can be alerted when a specific view of a list changes. This can make the alert more useful to the end user, we don’t want to spam them.
• Folder Level Permissions beware – The ability to create folder-level and document level security permissions can really cause some headaches for new users and administrators. The feature is really powerful, but can also create complex problems that can be hard to solve. There has been lots of discussion around the need for folders in a document library, I think there is value to be gained from them personally.
• Picture Libraries – It should be noted that the picture libraries have limited support for thumbnail view, it’s not a major limitation but it’s likely to come up in discussions / training with new users.

I came across an interesting scenario the other day where I needed to select some html elements with JQuery that had a class name like:

   1: <input type="radio" class="star star_id_45 star_group_5" />

I wanted to be able to select the elements that contained the class ‘star_id_45’, which as you can see is in the middle of the class string.

The answer was the following code:

   1: $("input[class*='star_id_45']")

Notice the use of the asterix (*), that was the key to getting the selector to work properly.

I ran across an interesting bug with the JQuery thickbox, I pointed it to a URL which was an ASP.NET ashx handler that generates thumbnail images, the result in the browser was this garbled response:

Using Firebug we see that it expects the result to be text/html

Looking at the code it is obvious what the problem is:

   1: var urlString = /\.jpg$|\.jpeg$|\.png$|\.gif$|\.bmp$/;

   2: var urlType = baseURL.toLowerCase().match(urlString);

   3:  

   4: if (urlType == '.jpg' || urlType == '.jpeg' || urlType == '.png' || urlType == '.gif' || urlType == '.bmp') {//code to show images

The code looks at the extension of what it is calling, if it finds any of the common image types, it will send a different request type, so adding the .ashx extension will fix the issue:

   1: var urlString = /\.jpg$|\.jpeg$|\.png$|\.ashx$|\.gif$|\.bmp$/;

   2: var urlType = baseURL.toLowerCase().match(urlString);

   3:  

   4: if (urlType == '.jpg' || urlType == '.jpeg' || urlType == '.ashx' || urlType == '.png' || urlType == '.gif' || urlType == '.bmp') {//code to show images

I’ve just simply added the .ashx as a file extension that should be treated as an image type, this fixed the issue.

I was asked recently if the BDC search results (when indexed by the search) can be controlled by an access list. The answer is that yes, the Security trimmer is the SharePoint feature to accomplish this. In fact any search result can be trimmed, so if you wanted to index some website that used custom permissions (i.e. a content access account that has full rights to a website) but you didn’t want to show that information to say public users of your site, this same security trimmer functionally can be used.

The important things to note are:

• The security trimmer is attached to a crawl rule
• The security trimmer is a class that implements the ISecurityTrimmer interface, the registration process defines the full assembly name, as such it must be loaded into the GAC.
• After the security trimmer is registered, you will need to recreate the content source and perform a full crawl
• Performance might be an issue, since every search result will be access checked, if your looking for insight on how to approach this refer to this MSDN article

At Tech-Ed Barcelona, the new SharePoint related features of Visual Studio 2010 were presented in the keynote:

Taken from Paul Andrew’s Blog

I’ve highlighted the features that I think are exciting, it’s good to see that more tooling support is coming.