Monday, March 08, 2010

Authentication in SharePoint 2010

SharePoint 2010 supports 3 types of authentication methods:

Authentication MethodDescriptionExamples
ClaimsClaims authentication for SharePoint Server 2010 is built on the Windows Identity Foundation, which is a set of .NET Framework classes that are used to implement claims-based identity.N/A
WindowsThe standard IIS Windows authentication methods are supported
  • Anonymous
  • Basic
  • Digest
  • Certificates
  • Kerberos (Integrated Windows)
  • NTLM (Integrated Windows)
Forms-basedSharePoint Server 2010 adds support for identity management systems that are not based on Windows by integrating with forms-based authentication. Forms-based authentication enables SharePoint Server 2010 to work with identity management systems that implement the MembershipProvider interface. You do not need to rewrite the security administration pages or manage shadow Active Directory directory service accounts.
  • Lightweight Directory Access Protocol (LDAP)
  • SQL database or other database
  • Other forms-based authentication solutions
SharePoint 2010 now supports claims-based authentication or classic mode authentication when you create a Web application.

Claims-based authentication


The claims-based authentication model for SharePoint Server 2010 is built on the Windows Identity Foundation (WIF). Claims-based authentication in SharePoint Server 2010 enables authentication across Windows-based systems and systems that are not Windows-based. Claims-based authentication supports delegation of user identity between applications. Using claims-based authentication, you can implement multiple forms of authentication on a single zone.

Classic-mode authentication

Classic-mode authentication refers to the Integrated Windows authentication model supported in Windows SharePoint Services 3.0. In classic-mode authentication, no claims augmentation is performed and the new claims authentication features are not supported. Using classic-mode authentication, you can implement all of the previously supported forms of authentication with a limit of one form of authentication for each zone.


The following diagram illustrates a Windows SharePoint Services server farm that is configured to host sites for multiple companies.
Claims Authentication
Connect to identity management systems that are external or not based on Windows


To use forms-based authentication to authenticate users against an identity management system that is not based on Windows or that is external, you must register the membership provider in the Web.config file. In addition to registering a membership provider, you can register a role manager. SharePoint Server 2010 uses the standard ASP.NET role manager interface to gather group information about the current user. Each ASP.NET role is treated like a domain group by the authorization process in SharePoint Server 2010. You register role managers in the Web.config file the same way you register membership providers for authentication.
If you want to manage membership user or roles from the Central Administration site, you can register the membership provider and the role manager in the Web.config file for the Central Administration site in addition to registering these in the Web.config file for the Web application that hosts the content.
Ensure that the membership provider name and role manager name that you registered in the Web.config file is the same as the name that you entered in Central Administration. If you do not enter the role manager in the Web.config file, the default provider specified in the machine.config file might be used instead.

For example, the following string in a Web.config file specifies a SQL membership provider:
<membership defaultprovider="AspNetSqlMembershipProvider">

Integrating with forms-based authentication places additional requirements on the authentication provider. In addition to registering the various elements in the Web.config file, the membership provider, role manager, and HTTP module must be programmed to interact with SharePoint Server 2010 and ASP.NET methods, as indicated in the following table.

CategoryDescription

Membership provider

To work with SharePoint Server 2010, the membership provider must implement the following methods:
  • GetUser (String): SharePoint Server 2010 calls this method to resolve user names during invitations and to get the user's display name.
  • GetUserNameByEmail: SharePoint Server 2010 calls this method to resolve user names in invitations.
  • FindUsersByName and FindUsersByEmail: SharePoint Server 2010 calls these methods to populate the user picker control on the Add Users page. If the membership provider does not return any users, the picker will not function and administrators will need to type the user name or e-mail address in the Add User text box.

Role manager

The role manager must implement the following methods:
  • RoleExists: SharePoint Server 2010 calls this method during invitations to verify that a role name exists.
  • GetRolesForUser: SharePoint Server 2010 calls this method at access check to gather the roles for the current user.
  • GetAllRoles: SharePoint Server 2010 calls this method to populate the group and role picker. If the role provider does not return any groups or roles, the SharePoint Server 2010 picker will not function and the administrator will need to type the name of the role in the Add User text box.
Enabling anonymous access

You can enable anonymous access for a Web application in addition to configuring a more secure authentication method. With this configuration, administrators of sites within the Web application can choose to allow anonymous access. If anonymous users want to gain access to secured resources and capabilities, they can click a logon button to submit their credentials.
Using different authentication methods to access a site

You can configure Web applications in SharePoint Server 2010 to be accessed by up to five different authentication methods or identity management systems. The following figure illustrates a partner application that is configured to be accessed by users from two different identity management systems. Internal employees are authenticated by using one of the standard Windows authentication methods. Employees of the partner company are authenticated against their own company's identity management system.

Authentication

To configure a Web application to be accessed by two or more different authentication systems, you must configure additional zones for the Web application. Zones represent different logical paths of gaining access to the same physical application. With a typical partner application, employees of a partner company access the application through the Internet, while internal employees access the application directly through the intranet.

To create a new zone, extend the Web application. On the Extend Web Application to Another IIS Web Site page, in the Load Balanced URL section, specify the URL and zone type. The zone type is simply a category name applied to the zone and does not affect the configuration of the zone.

After extending the Web application, you can configure a separate authentication method for the new zone. The default zone is the zone used by internal employees. The Internet zone is configured for partner access and uses forms-based authentication to authenticate partner employees against the partner identity management system.

Wednesday, March 03, 2010

Editing TFS Templates

If the out-of-box TFS templates are not sufficient for your needs, it is possible to extend it by creating custom columns and laying them out in your forms.

Here is a list of steps to follow:

To Export an Existing Template

"C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\witadmin" exportwitd /collection:[Address to TFS url] /p:"[Project Name]" /f:[Filepath]\template.xml /n:[Template name for ex:
[User Story]


To Import Your Template into TFS

"C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\witadmin" importwitd /collection:[Address to TFS url] /p:"[Project Name]" /f:[Filepath]\Template.xml
To Validate Your Template
"C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\witadmin" importwitd /collection:[Address to TFS url] /p:"[Project Name]" /f:[Filepath]\Template.xml /v


Delete a Field

witadmin deletefield /collection:[Address to TFS url] /n:[Name of field to delete]


Overview of Template Structure
Creating a field
Laying out the field

Wednesday, February 17, 2010

Hosting Media Files

If you need a cheap way to host media files like Silverlight, go to: http://silverlight.live.com/quickstart.htm

Wednesday, January 27, 2010

Visual Beta2 Startup Error

If you get the following message when starting Visual Studio Beta2:

The application cannot start
Then run the followng command to fix it:
devenv /resetuserdata

Sunday, January 24, 2010

Beginning Robotics Programming

This my first post as I start looking into programming robotic arms.


Resources:

Saturday, January 16, 2010

InfoPath 2010 Walkthrough - Event Registration with InfoPath 2010

Sample Administrator Deployed Solution

Agenda:
Use cases : SOW
Give a few word templates of the Word document.

Inputs:

Outputs:

The following walk-through will show you how to create and deploy an InfoPath form using managed code.
Prerequisites

This example involves programming against the Microsoft SharePoint Foundation 2010 object model. To do that, you will need to establish a reference to the Microsoft.SharePoint.dll assembly which is installed with a licensed copy of SharePoint Server 2010. Microsoft.SharePoint.Server.dll is installed in %CommonProgramFiles%\Microsoft Shared\Web Server\Extensions\14\ISAPI by default. This DLL must be included in projects where you program against the SharePoint object model.

You will need to download the Word 2007 Content Control Toolkit.

The computer you use to develop this solution also must have Microsoft .NET Framework 3.5 or later installed.

Using SharePoint to Store InfoPath Form Data in Word Documents

InfoPath is designed to enable you to collect, validate, and parse data from multiple sources. All of that data needs to be stored somewhere, and SharePoint Server 2010 provides a great interface for organizing and surfacing data into classes that reflect your business processes.

Some business processes do not lend themselves to reviewing data in a form view. The data may require some touching-up and integration into a document layout. Also, some users want local access to their data and have Microsoft Word installed, but do not have InfoPath installed. These requirements can be met by exporting form data to a Word template. The template is formatted ahead of time in Word, and the data is imported into the template when the form is submitted.

This scenario uses a form to collect registration information for training events, which is then sent to the attendees as a formatted confirmation in a Word document.

Here is an overview of the high-level steps to create this solution

  1. Create a SharePoint list of training events and add some training events.
  2. Create a form to collect training registration information.
  3. Bind the form to your list of events.
  4. Design a Word 2010 document that mirrors the form's data.
  5. Modify the Word document's schema, and then upload it to SharePoint.
  6. Write the code to convert your form data into a format that fits your Word 2010 document's schema, and create a new instance of the data as a Word document in a document library.
  7. Administrator-deploy the template.
Step 1: Create a SharePoint list and add events to it

Create a new custom list in SharePoint with columns named Title, Date, Location, and Description, make all columns except Description required, and name the list Events.
Design the event form using InfoPath:
After you create the list, click the List tab in the SharePoint ribbon, and then click the Customize Form button.

The InfoPath Designer will start, and you can customize the form, and then add the training event details by using the list form. These details will be exported from the InfoPath form and imported to the Word document.

When you have completed the design, publish the form back to SharePoint, and then add some events to the Events list.

In the next procedure, you will design a form to collect registration information that has validation and links to an external list.

Step 2: Create a form to collect registration information

Start the InfoPath 2010 designer, and then click SharePoint Document Library in the Popular Form Templates section on the New tab.

Design the form to collect: Name, Phone, E-Mail, Event, and Special Instructions.
  • Name: a required text field. To set text boxes and drop-down lists to be required, click the control, and then check the Cannot Be Blank check box on the Properties tab.
  • Phone: a required text field with a validation rule. To validate a phone number in a text box, click the text box, and then click Manage Rules in the Rules section of the control's Properties tab to display the Rules pane. Click New, click Validation, and then set the rule to fire under the Condition where the Phone field does not match the Phone number pattern.
  • E-Mail: a required text field. To validate an e-mail address, create a validation rule that is specified by using a regular expression. Follow the same steps used to create the Phone Number rule, but instead of choosing from the Standard patterns, enter a regular expression in the Custom pattern field. This an example of a regular expression for standard e-mail address: ([\w\-\.]+)@((\[([0-9]{1,3}\.){3}[0-9]{1,3}\])(([\w\-]+\.)+)([a-zA-Z]{2,4}))
  • Event: a required Drop-Down list that will be linked to the Events SharePoint list in the next procedure.
  • Special Instructions: an optional text field.
In the next procedure, you will link the Event drop-down list to the SharePoint list of events.

Step 4: Connect the form to the SharePoint list of events

On the Data Tab, click From SharePoint List in the Get External Data section of the ribbon.

Step through the Data Connection Wizard and select the Events list you created in the first procedure. Make sure to select the Title, Date, Description, and Location fields of the events list. You can also change the value in the Sort by drop-down list to Title.
Do not select the Store a copy of the data in the form template check box, and do select the Automatically retrieve data when form is opened check box.

After clicking Finish in the Data Connection Wizard, right click the Event drop-down list on the form, and then click Drop-Down List Box Properties.
On the Data tab, select Get choices from an external data source in the List box choices section of the dialog box.
Make sure that Events is selected in the Data source drop-down list box, and then click the Select XPath button next to the Entries text box.
Expand SharePointListItem_RW under dataFields, and select the Title field, and then click OK on both dialog boxes.

On the Home tab, click Preview to preview the form and confirm that the Event drop-down list is connected to the Title column of the Events SharePoint list.

In the next procedure, you will create a Word 2010 document that uses the Plain Text Content Control to create a template that will contain the data gathered using the InfoPath form.

Step 5: Design a Word document that mirrors the form's data

Start Word 2010, click the File tab, and then click Options.

Click Customize Ribbon, select the Developer check box in the Main Tabs list on the right side of the dialog box, and then click OK. This will add the Developer tab to the ribbon.

Use the Plain Text Content Control in the Controls section of the Developer tab to create a template for your form data.

Set the Title and Tag properties of each Plain Text Content Control to make them easy to identify when you map the InfoPath form's schema to the schema of the Word document you are creating.

The Word template for this sample solution should look like the following example.

<>
In the next procedure, you will modify the Word document's schema and upload it to SharePoint. This is a key step to increasing the readability and ease of use of your code. This will create a schema in the document to represent the controls that you placed in the document by using the Word 2007 Content Control Toolkit. The Word 2007 Content Control Toolkit is pretty straightforward, but if you are interested in a tutorial, the tutorial posted on http://dbe.codeplex.com (from Andrew Coates) offers a detailed walkthrough of how to use the tool. Briefly the steps for using the Toolkit are as follows.

Start the Word 2007 Content Control Toolkit, and then click Open on the File menu.

Open the Word template that you designed.

Click the Edit View tab.

Click the Create a new Custom XML Part link at the bottom of the screen, and leave the Namespace drop-down list setting at its default.

Step 6: Modify the Word document's schema and upload it to SharePoint

Step 1

Step 2