Author: givenscj

Posted on

SharePoint SP2, why a web.config change? Why not MergeActions and webconfig.sps.xml?

If you look at the SharePoint web.config file for a web application, you will notice the following section handler:

 <section name="MergedActions" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

Looking at the section you will see something similar too:

 <Action id="fc002d03-7839-402b-a94a-1c9a2d40b63d" sourceFile="C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions12configwebconfig.sps.xml" />

Then referencing the webconfig.sps.xml file, you will see that a merge action ADDS to your existing web.config file!

<add path="configuration/SharePoint/SafeControls" id="{FC002D03-7839-402b-A94A-1C9A2D40B63D}">
  <SafeControl Assembly="Microsoft.SharePoint.Portal, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Portal.WebControls" TypeName="*" />
  <SafeControl Assembly="Microsoft.SharePoint.Publishing, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Publishing" TypeName="*" />
  <SafeControl Assembly="Microsoft.SharePoint.Publishing, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Publishing.Internal.WebControls" TypeName="*" />
  <SafeControl Assembly="Microsoft.SharePoint.Publishing, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Publishing.WebControls" TypeName="*" />
  <SafeControl Assembly="Microsoft.SharePoint.Publishing, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Publishing.Navigation" TypeName="*" />
  <SafeControl Assembly="Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.Office.Server.WebControls" TypeName="*" />
  <SafeControl Assembly="Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.Office.Server.WebControls.FieldTypes" TypeName="*" />
  <SafeControl Assembly="Microsoft.Office.Workflow.Feature, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.Office.Server.WebControls.FieldTypes" TypeName="*" />
  <SafeControl Assembly="Microsoft.Office.Excel.WebUI, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.Office.Excel.WebUI" TypeName="*" />
  </add>
 

 So why do we have to worry about a web.config change if all the SharePoint Team has to do is modify the webconfig.sps.xml???  Hmmm…maybe someone didn't know about it in the design team?

 Chris

Posted on

ASMX Code Execution – Page Parser Paths don’t lock em down!

Well, everyone is likely aware of the NO INLINE code of SharePoint pages feature called Page Parser Paths.  BUT did you know…ASMX files with code in them…WILL RUN!!!

All you have to do is:

  • Create a web service that has code on the .asmx page
  • Set the blocked file types to remove the .asmx file type
  • Upload the file to a document library
  • Click the file, notice the nice .NET page that gets created to allow you to call the "HelloWorld" method
  • Run the "HelloWorld" method, wow…it runs!

NET NET…don't remove asp.net file types from the blocked file types of your web application.  You will open your end users and developers to world of possibilties that you really don't want them to have!

I'm not sure if this is by design or not, but as a CISSP, this is not a good thing in my eyes!

Posted on

Advanced Windows Workflow Foundation

Sweet…the course is done!  It will be posted to the courseware library this week and available in about two weeks for instructors around the world to teach from!  I have attached the outline:

 

  • Architecture
    • Install WWF Databases
    • Setup Sql Tracking Service
    • Setup Sql Persistence Service
    • Setup Workflow Scheduler Service
  • Workflows
    • Create a simple workflow
    • Debug a simple workflow
    • Examine .xoml files
    • Examine Workflow Events and Services
    • Create a simple state machine workflow
    • Create an advanced state machine workflow
  • Activities
    • Utilize parameters in workflows
    • Implement Flow Control
    • Use the Policy Activity
    • Create a simple Rule Set
    • Explore Priority
    • Explore Dependency
    • Explore Reevaluation
    • Explore Chaining
    • Policy Tracing
    • Programmatic Rule Set Creation
    • Dynamic Updates
    • Implement Active Directory Role Security
    • Implement Workflow Level FaultHandlers
    • Implement Scoped FaultHandlers
    • Explore Workflow Cancellations Techniques
    • Explore Workflow Synchronization
    • Call Web Services from Workflows
    • Expose Workflow as Web Service
    • Implement CallExternalMethod and HandleExternalEvent Shapes
    • Implement Correlation in your workflow
    • Implement Transactional Scopes
    • Implement Compensation
    • Create a composite activity
    • Create a custom activity
    • Create an Activity Validator
    • Create an Activity Designer
    • Serializable attribute
    • Serialization Errors
    • Serialization Surrogate’s
    • Understand Spawned Contexts
  • Management
    • Explore Workflow Runtime Configurations
    • Create a Custom Persistence Service
    • Create a Custom Tracking Service
    • Explore Tracking Channel details
    • Explore Tracking Service details
    • Modify a workflow at runtime (from inside)
    • Modify a workflow at runtime (from outside)
    • Update a workflow assembly and redeploy (different version)
  • Hosting Workflows
    • Learn to host Workflows with Windows Communication Foundation (WCF)
    • Start workflow with WCF Request Message
    • Consume WCF from WF
    • Create a custom workflow using Visual Studio

Chris

Posted on

SharePoint 2010 &amp; My Twitter Page

I'm sure alot of you have heard, but the offical name of the next version of SharePoint is Microsoft SharePoint 2010!  Woohoo!  They will also be posting service pack 2.0 for MOSS and WSS 4.0 soon.  These will be prereqs for upgrading to SharePoint 2010!

 If you want to follow me on twitter, my url is http://twitter.com/givenscj

Chris

Posted on

Workflow 4.0

I am very impressed by the upcoming workflow 4.0.  Although it will force us to re-write many of our older 3.5 and 3.0 workflows, it is definitely worth the price of entry!  I am currently building an Advanced Windows Workflow 4.0 course and should be releasing it next week!  I can already see that I will be doing a new version in a few months to upgrade it to 4.0!  I'll post the outline here next week when I submit to Microsoft Learning!  Oh, and here isan awesome rundown on WF 4.0:

http://sergeluca.spaces.live.com/blog/cns!E8A06D5F2F585013!3233.entry

Chris

Posted on

SharePoint Jokes

Since it hasn't been done yet, I thought I would create some funny jokes around SharePoint…enjoy:

What did one sharepoint site say to another sharepoint site? 
    Hey, aren't we called webs?

What did the end user say to the developer?
    Oh, I didn't create that column, I was smart, I just renamed the "title" column!

What did one sharepoint web developer say to the asp.net developer?
    Why me?

What did the production portal say to the author portal?
    I'm sorry, I can't seem to find your object!

What did the parent content type say to the child content type?
    I won't give you my jeans, but I'll buy you another pair just like them and we can share!

How many people does it take to create a web part?
    two, one to write the code, another to figure out the permissions problem in production!

How many times does it take to create a Shared Service Provider?
    3, one time to screw it up without knowing it, twice to do it because sharepoint won't do right the second time and
the third after you have blown away everything and started over!

What did the server admin say to the sharepoint web developer?
    Why can't we just do this with static html?

what did the sharepoint 2003 environment tell the sharepoint 2007 environment?
    Don't worry, reboot will still fix everything.

What did the sharepoint admin do to fix an "Unexpected Error has occured"
    Delete sharepoint and start again!

What did one w3wp process say to the other?
    Hey, can I borrow one of your SPSite's?  You have plenty!       

One day a user called the helpdesk, no one answered.  Being that he was in the helpdesk office he walked down and asked the admin why they weren't answering.
She simply stated, they quit when they heard we were implementing sharepoint!

A consultant was asked to build an estimate for a SharePoint two layer approval workflow with SharePoint Designer. 
The consultant never replied.  When asked "why", he simply stated, "Impossible".

Posted on

SharePoint 14 features

There is a lot of speculation about the next version of SharePoint (I'd simply say that don't believe everything you read on the public blogs).  I have had several students in my classes over the past few weeks where the product team has given a nice preview of the things to come.  If you are really wanting to get a handle on the upcoming features (UI redesign using AJAX and new css styles, core changes, etc).  I'd suggest you get with your local SharePoint Evangelist and ask for a product team demonstration.  They ARE doing it, and if you have spent alot of money on SharePoint with Microsoft, you should definitely ask about and for a demo!

Although i can't say anything about a lot of the new features, I'm looking forward to building/refreshing the next version of courses to match the really awesome next version of SharePoint!

Posted on

WCF – MessageSecurityException: The security timestamp is invalid because its creation time (‘2009-03-30T20:33:51.481Z’) is in the future.

What a crazy error.  I spent two hours on this today!  What ended up happening was that my machine ran it's Windows Time update and my web server did it's…they updated to be 15 minutes apart!  This caused my messages to stop working!  Man…wish the auth error had bubbled up the stack!  You have to add settings to the service side to get it to log the error, otherwise you will never know what is going on!  Reference this to see how to add the configuration value:

 <serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" />

http://msdn.microsoft.com/en-us/library/ms731694.aspx

Chris

Posted on

ACS Course Builder – Now Available on CodePlex!

This is the secret to how ACS can build courses so fast.  Now you can use the tool and take advantage of our WCF services layer to get our proprietary course building tools!  More tools will be added as the tool becomes more popular.  If you want a userid to gain access to the WCF layer, email me.  The test account will only work for so long…

http://coursebuilder.codeplex.com

Chris