Random Thoughts on Technology

Wednesday, April 6, 2011

Limitation on SharePoint 2010

Just came across a nice article that lists all the limitations in SharePoint 2010.
http://sharepointgadget.blogspot.com/2010/05/limits-in-sharepoint-2010.html

Saturday, March 12, 2011

Restricted Elevation in SharePoint

There are times when we would need to perform certain operations that would require elevated privileges. If your IT team is not willing to allow you to provide the necessary actions on the system account or the application pool account with all the rights, but instead use appropriate service accounts shared by other application then you would do something like this.
SPUser userImpersonated = Web.Users[@"mydomain\impersonatedUser"];
SPSite site = new SPSite("http://mywebsite", userImpersonated.UserToken);
using (SPWeb web = site.OpenWeb())
{
// This is the section where you will use the impersonated token to do the elevated job
lblMessage.Text = web.CurrentUser.LoginName;
}

instead of.

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(url))
    {
        using (SPWeb web = site.OpenWeb())
        {
     // This is the section where you will do the job that requires elevated permissions
}
    }
});

Thursday, February 17, 2011

Excel Services with Custom MDX Query

Yet another interesting situation where we had to display an Report on Excel and put it on SharePoint Power pivot gallery. We selected the Cube database and dragged in a few dimensions and Measures along with a few slicers. The query that was auto generated was not very optimized.
The report was to show data only for last one week. One of the slicer "Week Starting Date" was to have dates for the last one month only.
We had to use some hidden filters to ensure that we show only part of the data. i.e. only last 4 weeks data. There are few ways (Slicer Settings) where we can visually indicate that Items that do not have data should be disabled (will be shown) and also there is a way to move those items to the end of the slicer. There is no way of removing that altogether.

In such situations we can write a custom query to only fetch data with Week Starting Dates that is within the last one month range. This also improves the performance because of the optimized query against the Cubes.
Excel do not provide a direct way to update the query. There are a few Adins/products that aid to this, like Vivid http://www.varigence.com/products/vivid/features/navigation that will come into handy.

Another approach could be to use an ODC File where you can embed the MDX query. I am attaching a sample ODC file. Pay close attention to the highlighted section.

<html xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/x-ms-odc; charset=utf-8">
<meta name=ProgId content=ODC.Cube>
<meta name=SourceType content=OLEDB>
<meta name=Catalog content=CubeDB>
<meta name=Table content=CDW>
<title>sqlserver2008r2 CubeDB CDW</title>
<xml id=docprops><o:DocumentProperties
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns="http://www.w3.org/TR/REC-html40">
<o:Name>sqlserver2008r2 CubeDB CDW</o:Name>
</o:DocumentProperties>
</xml><xml id=msodc><odc:OfficeDataConnection
xmlns:odc="urn:schemas-microsoft-com:office:odc"
xmlns="http://www.w3.org/TR/REC-html40">
<odc:Connection odc:Type="OLEDB">
<odc:ConnectionString>Provider=MSOLAP.4;Password=password;Persist Security Info=True;Data Source=Server\sqlserver2008r2;Initial Catalog=CubeDB</odc:ConnectionString>
<odc:CommandType>MDX</odc:CommandType>
<odc:CommandText>SELECT
{ [Measures].[Sales Amount],
[Measures].[Tax Amount] } ON 0,
{ [Date].[Fiscal].[Fiscal Year].&[2002],
[Date].[Fiscal].[Fiscal Year].&[2003] } ON 1
FROM [Adventure Works]
WHERE ( [Sales Territory].[Southwest] )
</odc:CommandText>
</odc:Connection>
</odc:OfficeDataConnection>
</xml>
<style>

</style>
</head>
</html>

Monday, February 14, 2011

Securing your LDAP Membership Provider

There are situations where you want to have Forms based Authentication in SharePoint. That is when you will choose the Claims based Authentication on the Web Application.

We had a requirement where we need to classify two kinds of users Employees and Clients. For a certain reason we had to chose Active Directory as the user store for both kinds of users. We could not reuse the Active Directory of the Employees for the Client users. Hence, we ended creating another domain just for the client users.

When you are using a LdapProvider if the Application Pool account do not have the rights to perform an LDAP request on the Active Directory then you will need to specify two attributes connectionUsername & connectionPassword in the Ldap membership provider of the web.config. This is where you would not want to keep the connectionPassword in plain text. Below I have given a simple implementation to Encrypt and store the password and how you could use a method to retrieve the password at run time.

The web.config of the Web Application, Central Administration & Security Token Service will look something like this with a connectionPassword having the encrypted string.

<membership defaultProvider="CustomLdapProvider">

<providers>

<add name="ClientsADMembershipProvider" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="dc.clientsdomain.com" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,DC=domain,DC=com" userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" connectionUsername="clientsdomain\administrator" connectionPassword="SDJFSew98234DFJ889==" />

<add name="EmployeesADMembershipProvider" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="dc.employeesdomain.com" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,DC=domain,DC=com" userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" connectionUsername="employeesdomain\administrator" connectionPassword="SL43Sew982342KLSDF==" />

<add name="CustomLdapProvider" type="Project.CustomLdapProvider, Project, Version=1.0.0.0, Culture=neutral, PublicKeyToken=8027a17523a78ae328" />

</providers>

</membership>

The partial implementation of CustomLdapProvider will be something like below:

public class CustomLdapProvider : MembershipProvider
    {
        private static LdapMembershipProvider _employeesProvider = null;
        private static LdapMembershipProvider _clientsProvider = null;
        private LdapMembershipProvider GetMembershipProvider(string providerName)
        {
            LdapMembershipProvider provider = new LdapMembershipProvider();

            // In SharePoint when your login page is coming from Layouts folder, HttpContext.Current is returning null. Hence the next line.
            //Configuration config = WebConfigurationManager.OpenWebConfiguration(HttpContext.Current.Request.ApplicationPath);

Configuration config = WebConfigurationManager.OpenWebConfiguration(@"~/web.config");
            MembershipSection section = (MembershipSection)config.GetSection("system.web/membership");
            ProviderSettings providerSettings = section.Providers[providerName];
            NameValueCollection param = providerSettings.Parameters;
            param["connectionPassword"] = Utility.Decryption(param["connectionPassword"], true);
            provider.Initialize(providerName, param);
            return provider;
        }
        private MembershipProvider EmployeesProvider
        {
            get
            {
                if (_employeeProvider == null)
                {
                    _employeeProvider = GetMembershipProvider("EmployeesADMembershipProvider");
                }
                return (MembershipProvider)_employeesProvider;
            }
        }
        private MembershipProvider ClientsProvider
        {
            get
            {
                if (_clientsProvider== null)
                {
                    _clientsProvider = GetMembershipProvider("ClientsADMembershipProvider");
                }
                return (MembershipProvider)_clientsProvider;
            }
        }
// Override all the membership provider and use the appropriate Membership provider to call the overloads.
public override bool ValidateUser(string name, string password)
        {
                 // name = loginid@clientsdomain.com / loginid@employeesdomain.com
                 // Extract the domain name and based on the domain connect to the appropriate Membership Provider (EmployeesProvider, ClientsProvider) and call the ValidateUser.
                // Ex: ClientsProvider.ValidateUser(name, password)
        }
}

I am sure this will be quite useful in implementing Forms Based Authentication in SharePoint when you have to work against an LDAP Provider and do not want to compromise on the connection string.

Thursday, January 27, 2011

Programatically create Power Pivot Gallery

Have you ever tried creating Power Pivot Gallery?

It isn't straight forward.You cannot just use the

web. ListTemplates["ReportGalleryLibrary"]. I found that the ListTemplates had the required template but it wasn't accepting the Internal name of ReportGalleryLibrary.

The error I was getting was "Value does not fall within the expected range."

Here is the code to Create a Pivot Gallery on a given Web.

public void CreatePowerPivotGallery(SPWeb web, string galleryName, string description)
        {
            web.AllowUnsafeUpdates = true;

            SPListTemplate template = null;
            foreach (SPListTemplate temp in web.ListTemplates)
            {
                if (temp.InternalName == "ReportGalleryLibrary")
                {
                    template = temp;
                    break;
                }
            }

            if (template == null)
            {
                throw new Exception();
            }

            web.Lists.Add(galleryName, description, template);

            web.Update();
            web.AllowUnsafeUpdates = false;
        }

Usage:

SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite site = new SPSite(@"http://mymachine:30000/"))
                {
                    using (SPWeb web = site.OpenWeb())
                    {
                        CreatePowerPivotGallery(web, "SomeNewGallery", "Power Pivot Gallery");
                    }
                }
            });

Note: Ensure that the Site Collection has the "PowerPivot Feature Integration for Site Collections" feature enabled.

Monday, January 24, 2011

Troubleshooting in SharePoint 2010 - ULS Logs : Correlation ID

I am sure all of you have worked with Logs to figure out what is happening within your SharePoint application. However, there are cases where you will need to know what is happening within the SharePoint services, that is causing a failure in your application. Especially when you see a message with a Correlation ID that is a pointer to SharePoint logs.

SharePoint 2010 provides interfaces to Read/Write into the common logging system.

All the SharePoint logs are by default created under "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS" with file names like "$machine$-$date$-$time$.log"

You can configure what needs to be logged in the Central Administration > Monitoring > Reporting > Configure Diagnostics Logging.

Select the Service you are interested in with the required sub category and set the "least critical event to report to the trace log" to the level you intend to monitor. Medium would suffice in most of the case.

You can download a codeplex solution to make your life easier in reading these logs from

http://code.msdn.microsoft.com/ULSViewer

The Viewer is self explanatory, just load the log file from the LOGS folder of 14 hive and you are all good to go. I used the Notifications List & Filters very often to see a snap shot of the most critical errors.

Use the Toggle Correlation Tree icon on the top right to see a list of Correlation IDs.

Ctrl + Shift + I can be used for monitor a particular Correlation ID.

Good news is that SharePoint allows you to write your log messages into it's own framework so that you do not have to maintain two different logs one for your application and another for SharePoint.

Code to write to the SharePoint ULS Logs is as below:

public static void Write(string message)
{
    SPDiagnosticsService logger = SPDiagnosticsService.Local;
    logger.WriteTrace(0,
        new SPDiagnosticsCategory("MyApp",
            TraceSeverity.Monitorable,
            EventSeverity.Error),
            TraceSeverity.Monitorable,
           "Application Message : {0}",
           new object[] {message});
}

That's it for now. Good luck on your next troubleshooting!

Saturday, January 8, 2011

Logging using Enterprise Library... How simple is that?

I am sure you will agree with me how much a logging class is useful to help you isolate that problem. Especially when you are going through a lot of workflows which to simulate and debug becomes a nightmare.

Every project will require some kind of logging either you just want to see if your calls are made as expected OR if you want to take special actions like sending a mail based on the criticality of the log entry.

How long do you think it is going to take to do the following:

Add a class LogginManager.cs

using Microsoft.Practices.EnterpriseLibrary.Common.Configuration;

using Microsoft.Practices.EnterpriseLibrary.Logging;
using System.Diagnostics;

public static class LoggingManager

{
    public static void Write(string message, TraceEventType eventType)
    {
        if (Logger.IsLoggingEnabled())
        {
            LogEntry entry = new LogEntry
           {
                 Message = message,
                 Severity = eventType
            };

            Logger.Write(entry);
        }
    }
}

Add the following libraries in GAC
Microsoft.Practices.Unity.dll
Microsoft.Practices.Unity.Interception.dll

Microsoft.Practices.ServiceLocation.dll
Microsoft.Practices.EnterpriseLibrary.Logging.dll
Microsoft.Practices.EnterpriseLibrary.Common.dll

Now start using Logging class,
LoggingHandler.Write(ex.Message, System.Diagnostics.TraceEventType.Critical);

There is a tool to configure your web/app.config. Follow these basic steps to get you going.

To configure:

1. Open the web.config/app.config from the Enterprise Library Configuration tool. There is also a Visual Studio Add-in to configure directly from Visual Studio.
2. Blocks > Add Logging Settings
3. Add a Logging Target Listener > Add Flat File Trace Listener – Change its formatter to Text Formatter.
4. Change the Listener for the General Category to Flat File Trace Listener
5. Change the Listener for the Logging Errors & Warnings to Flat File Trace Listener
6. Add a Logging Filter > Logging Enabled Filter. Set All Logging to true
7. Save and you are good to go.

You should be able to see the logs in a file called Trace.log under your bin directory. You can change what you see as part of the Logs by modifying the Text Formatter contents.

Recommend using this for logging, there are lot more to offer from the Enterprise Library. Go through,

http://entlib.codeplex.com/wikipage?title=EntLib5&referringTitle=Home

Saturday, January 1, 2011

All about Claims based Authentication, Power Pivot Setup and Data Refresh

There are already tons of articles to help you out in setting up the PowerPivot, however each setup has its own set of challenges. In this article I am going to highlight the issues I faced and I am sure it can save someone that 1 week of time that I spent on it.

At the end of the article I will also publish a few references that helped me in my setup.

Claims based authentication is the only way to create your web application if you want to support Forms Authentication. i.e. any Authentication provider that is not tied to Active Directory (in which case you could chose your web application to be Classic mode)

If you are reading this article thinking that you can setup Power Pivot on your Claims based Web application, you would be sorry to hear that it is NOT supported. I learnt it the hard way.

You can still view the Power Pivot reports published without any trouble but, you will not be able to take the advantage of the Data Refresh (On Demand/Scheduled) capabilities of Power Pivot.

However, I was able to get it working on my laptop (DC, SP Server, DB & Analysis Server). But, with a limitation that I needed to be a Domain Admin & Farm Admin. It worked only through a unattended account which was tied to a Secure Store Service Application ID configured with the Domain Account.

The same did not work on a multi box environment. Not able to understand why? I was working with a Microsoft Tech support to resolve this though. Which I think now is futile.

For the installation problems, you can refer to my previous article:

http://prashanthkn.blogspot.com/2010/10/troubleshoot-on-setup-of-powerpivot-for.html

Either you are setting up the PowerPivot on Claims/Classic based Web applicaiton, you will definitely want to take care of the following:

1. Ensure that you have deployed the PowerPivotFarm.wsp globally & PowerPivotWebApp.wsp for the Web Application you are enabling Power Pivot capabilities.

See Central Administration > System Settings > Farm Management > Manage Farm Solutions >

2. Ensure that Secure Store Service, SQL Server Analysis Services, SQL Server PowerPivot System Service, Timer Service are started.

See Central Administration > System Settings > Servers > Manage Services on Server

3. Few Features have to be activated in the Site collection.

PowerPivot Feature Integration for Site Collections

SharePoint Server Publishing Infrastructure

SharePoint Server Publishing

See, Site Settings > Site Collection Administration > Site Collection Features >

4. If you have changed the master page then you may end up failing to load the power pivot gallery. Add the following in the VirtualDirectory\{app port}\web.config

5. For data refresh ensure that the application pool account of the Power Pivot Service Application has enough privileges.

6. You may need to setup Kerberos (or enable for Delegation in Active Directory) when you have multiple box setup. This one I am not sure yet.:)

Some settings that you need to be aware of for the Power Pivot.

1. Creating Secure Store Service Application ID

2. Linking that in the Power Pivot Excel Workbook while publishing it. I may write another article very soon.

3. Central Administration > PowerPivot > Configure Service Application Settings

4. Central Administration > Monitoring > Timer Jobs > Review Job Definitions > PowerPivot Data Refresh Timer Job

References:

http://technet.microsoft.com/en-us/library/ff955761.aspx

http://powerpivotgeek.com/2010/04/22/why-powerpivot-requires-classic-mode-web-applications/

http://www.powerpivotblog.nl/add-a-new-user-to-your-single-box-demo-machine-with-ad

http://powerpivotgeek.com/2010/09/08/a-peek-inside-getting-the-most-from-data-refresh/