Impersonated Searching against SharePoint

by Vishal 5. November 2013 08:59
Like many typical deployments of SharePoint 2010 and FAST Search Server for SharePoint 2010, I’ve been dealing with one recently that has a search center that uses Kerberos authentication.
 
Consider the following scenario where you have a client web application that uses the SharePoint (with FAST) search service to perform searches and publish the results to users.
 
User -----------> Client Web App ------------> SharePoint
 
In a typical intranet scenario, the user authenticates to the Client Web App using windows authentication. The client then needs to pass the user identity through to the backend SharePoint search service in order to provide the security trimmed results back to the user.
 
The out-of-the-box way to do this with SharePoint, is to set up the Kerberos authentication for the Client Web App and for the SharePoint search center by setting up SPNs for the domain identity that is used as the app pool running the client web app and delegation rights. That way, the user can authenticate to the client web app and the app pool identity can then delegate that Kerberos ticket back to SharePoint when calling the search service. This works but setting up Kerberos is tricky. The other disadvantage that I’ve seen is that this works great when the User’s browser is IE since IE supports NTLM authentication for the intranet by default. For other users that are on Linux systems or Macs or using browsers like Firefox and Chrome, NTLM authentication is tricky and requires browser specific configuration to make it work.
 
Fortunately there’s another way we can make this scenario work but it does require custom development. We can make SharePoint impersonate a user when performing a search using a trusted identity. Here your client web application will be running as the trusted domain identity that will be allowed to impersonate a user.
 
On the SharePoint side, we can create a solution, that deploys a web service that can perform an impersonated search on behalf of a user using the object model. The client application can then call this new service instead of the out of the box search.asmx.
 
Here is the code for the web service that will do impersonated searches:
    class SearchService
    {
        private const string TRUSTED_ACCOUNT = @"domain.com\trustedserviceaccount";
        private const string SEARCH_SITECOLLECTION = "https://searchcenter.domain.com/";

        [WebMethod]
        public DataTable TrustedImpersonatedQuery(string UserName, string QueryText, string[] ReturnFields, SortProperty[] SortFields, int StartIndex, int PageSize)
        {
            DataTable dt = null;
            string NTAccount = HttpContext.Current.User.Identity.Name.ToLower();
            if (NTAccount.Equals(TRUSTED_ACCOUNT)) //only do impersonation if the search is requested by the trusted account
            {
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (WindowsIdentity impersonatedIdentity = new WindowsIdentity(UserName + "@domain.com"))
                    {
                        using (WindowsImpersonationContext wic = impersonatedIdentity.Impersonate())
                        {
                            dt = Query(QueryText, ReturnFields, SortFields, StartIndex, PageSize);
                        }
                    }
                });
            }
            else //else do an unimpersonated search
            {
                dt = Query(QueryText, ReturnFields, SortFields, StartIndex, PageSize);
            }
            return dt;
        }

        private DataTable Query(string QueryText, string[] ReturnFields, SortProperty[] SortFields, int StartIndex, int PageSize)
        {
            DataTable dt = null;
            using (SPSite SearchSiteCollection = new SPSite(SEARCH_SITECOLLECTION))
            {
                using (KeywordQuery kq = new KeywordQuery(SearchSiteCollection))
                {
                    kq.ResultsProvider = SearchProvider.FASTSearch;
                    kq.SelectProperties.AddRange(ReturnFields);
                    kq.EnableFQL = false;
                    
                    foreach (SortProperty s in SortFields)
                    {
                        kq.SortList.Add(s.Name, (Microsoft.Office.Server.Search.Query.SortDirection)Enum.Parse(typeof(Microsoft.Office.Server.Search.Query.SortDirection), s.Direction.ToString()));
                    }
                    
                    kq.RowLimit = PageSize;
                    kq.StartRow = StartIndex;
                    kq.QueryText = QueryText;
                    kq.ResultTypes |= ResultType.RelevantResults;
                    dt = kq.Execute()[ResultType.RelevantResults].Table;
                    dt.ExtendedProperties.Add("TotalResults", kq.QueryInfo.TotalResults);
                }
            }
            return dt;
        }
    }
    public enum SortDirection
    {
        Ascending,
        Descending
    }
    public class SortProperty
    {
        public string Name;
        public SortDirection Direction;
    }

Tags: , , , , , ,

.NET | ASP.Net | C# | MOSS | Sharepoint

Intranet, Portal, SharePoint, Wikis, Discussion Boards, File Shares & Content

by Vishal 6. May 2013 17:04

Common intranet content needs within an enterprise include:
1. Knowledge Sharing
2. CMS, Collaboration, Document Management and Publishing
3. Discussions
4. File storage

Outside of these broad needs, every enterprise will also have, both standard and custom, line of business applications like source control, bug tracking systems etc. As companies and content grow larger, related needs like social networking & collaboration and a solid enterprise search platform to effectively search, tie and share information across these platforms also becomes essential.

As many know, I’m a big fan of SharePoint. But It’s important to understand the problem SharePoint currently solves for an enterprise. A strategy that’s built on the premise that SharePoint is the solution for all of the above needs is a failing SharePoint strategy. Sooner or later your users will tell you that- because they’ve either used or seen other platforms that were more natural to use and/or addressed the specific area better.

Common platforms that many companies use to address the common intranet needs include some or a combination of:
1. SharePoint
2. Wiki platforms like Confluence, MediaWiki or others
3. Discussion Board platforms
4. File Shares
5. Other extendible CMS platforms like Drupal
6. Custom developed solutions

I’m going to leave out 5 and 6. I’m leaving out other extendible CMS solutions because, honestly, I like SharePoint and I do believe that it solves the same use-cases for an intranet. I’m leaving out Custom developed solutions as well because I’m a developer and custom developed solutions will solve your every need but are not always practical to implement, scale, enhance and maintain.

So let’s take a look at what’s left. I want to highlight the areas of strength for each platform, where they succeed and where they might fail.

 

Wiki

SharePoint

Forums

File Shares

Need Addressed

Knowledge Sharing

CMS/ Collaboration/ Document Management/ Publishing

Discussion

document storage, file (non-document) storage, archival 

Content

·         Users create pages

·         Owner/users define:

o   Page content

o   Embed:

§  Images

§  links

o   Link to secure or structured content e.g.:

§  Files in source control

§  Documents in SharePoint

§  Bugs in bug tracker

·         Users create websites

·         Owner/ users define:

o   Site Data Sources (Lists & Document Libraries)

o   Site Pages

o   Site Content Permissions

o   Site Page Views (WebParts on a page that display data from a data source)

o   Site Structure

o   Embed:

§  Office documents

§  Web parts

§  External secure and unsecure data (reports, LOB data, bug tracking system…)

o   Link to Unstructured or public content:

§  Pages in Wiki

§  Internet sites 

·         Users Discuss

·         Owners/ Users define: 

o   Discussion Topics

o   permissions

o   Embed

§  Images

o   Link to secure or unsecure, structured or unstructured content

§  SharePoint

§  Wiki

§  Bugs from tracker

§  LOB Systems

 

·         Stores files

·         Owners/ Users:

o   Dump files

o   Manage permissions

 

Designed to

·         Used to Jot down an idea quickly – move details to the next page

·         Designed not to get in the way

o   Open permission set allows submission by everyone

o   Text based entry using wiki text

·         Used to Collaborate through content and process

o   Office integration

o   workflows

·         Designed to create structure

o   Granular permissions to lock down anything from complete sites to a specific document

o   Structured Lists to hold metadata around structured content in addition to the content

o   Structured document libraries to hold metadata around documents

o   Web Parts - Create different views of Lists and Document Libraries to present the content in a different form that it was created in

·         Used for open or closed discussions

·         Designed for quick

o   searching,

o   posting,

o   commenting,

o   linking

 

·         Used to store files that have no business metadata associated with them

·         The moment a document has business metadata around it – it should go to SharePoint.

·         Does not do versioning – SharePoint/ Perforce does

·         E.g.

o   Store the Windows 7 installer in a file share.

o   Store versioned application source code in perforce.

o   Store the versioned requirements document with related metadata such as the project, author, department in SharePoint.

o   Designed for quick storage/ retrieval of files

Searching

·         Full text searching for information

·         Full text searching as well as metadata searching

·         Full text searching 

Full text and file system metadata searching 

Myths

·         Is the place for structured content

·         Provides granular permissions

·         Is the place to store/ embed files

·         Is the place for unstructured content

·         Does not require site level management

·         Wiki capability provided inbuilt matches that of an enterprise wiki platform

·         Forums capability provided inbuilt matches that of a forums platform

·         Is an online file share

·         Integrates with existing LOB systems without custom development.

 

·         Can be replaced by SharePoint document libraries

 

 

 

 

 


The bottom line is that Collaborating, CMS, Knowledge Sharing, Discussions and file storage go hand in hand within the enterprise. The real challenge is how you provide a seamless experience & integration between the platforms.

The portal solution in this mix seems to be SharePoint. But it should allow its users to seamlessly transition to a wiki for authoring knowledge bases or forums for discussions. A sucessful strategy would Create interfaces between SharePoint, Wiki, Discussions as well, that allow content in each system to be shared, embedded and surfaced in other systems securely.

tags: SharePoint vs Wikis vs Drupal vs Forums for Intranet Portal

Tags: , , , , , ,

MOSS | Sharepoint

SharePoint: In a CAML query, filter by lookup item ID, not by its value

by Vishal 2. December 2009 07:55

Yes its possible!

Your filter for the CAML query probably looks like this currently:

<Query>
  <
Where>
    <
Eq>
      <
FieldRef Name ="Customer"/>
      <Value Type ="Text">
        Dunder Mifflin
      </Value>
    </
Eq>
  </
Where>
</Query>

But the "Customer" field is a lookup column to a different list of customers and on most view pages for customers, you probably need to fetch the related data using the Customer ID (the ID column for the customer list) and not the customer name.

Also, Sharepoint designer 2007 does not, using the UI, allow you to set a filter on a data form webpart and using a lookup column's ID field. You can only use the value of a lookup column in the filter.

Here's how I was able to do it after a bit of research...

<Query>
  <
Where>
    <
Eq>
      <
FieldRef Name ="Customer" LookupId="true" />
      <
Value Type ="Lookup">
       
15
     
</Value>
    </
Eq>
  </
Where>
</
Query>

Just add the LookupId = "true" attribute to the FieldRef tag and change the Value Type attribute to "Lookup". Your filter now looks up the value of the lookup column by using the ID of the item instead of the value.

Enjoy!

Tags: , ,

CAML | CAML | CAML | CAML | MOSS | MOSS | MOSS | MOSS | Sharepoint | Sharepoint | Sharepoint | Sharepoint | XSLT | XSLT | XSLT | XSLT

SharePoint versus file shares. When to use SharePoint and when to use a traditional file share?

by Vishal 19. September 2009 06:04

I get asked this question a lot. If an enterprise adopts SharePoint internally, does SharePoint replace file shares? 

My short answer is, no - SharePoint and file shares are not the same thing and they not meant to be thought about or used in the same way.  

Firstly SharePoint has limitations on the content that it is able to effectively store based on its type, its size, its numbers and its use. You can use a file share to store anything at all, provided there is available disk space. A fileshare has different limitations on how many documents it can effectively store and how it retrieves and searches them. 

Secondly, there is a reason why you are choosing to use SharePoint to store a particular document over a file share. It may be that

  • it is a file that needs to be made easily available (published) to multiple people within an organization,
  • or that it may actually needed to be worked on by different people,
  • or that different versions of it need to be maintained as it evolves,
  • or that there is a need to store additional business meta data around the document that cannot be stored in a traditional file system,
  • or it needs to be effectively and easily searched for by business users
  • or that it requires certain business processes to be built around it such as approvals or alerts. 

If you have none of the needs above, maybe you’re better off using a traditional file share.

For example, your IT department probably does not want to store the Windows 7 installer in a SharePoint document library. Your marketing department probably does not want to store its 700 mb video files that do not require versioning, collaboration, have any content to search within SharePoint. All that content can remain in a file share. 

SharePoint is a great place for storing files that are used for collaboration or publishing among team or across organization. It is even especially beneficial when you have given a good amount of thought to what files you are storing in document libraries and thought about the document metadata, its purpose and the business processes that the files are part of. This truly allows you to use the power of SharePoint to share, collaborate, search and publish documents and build business processes (workflows, events etc.) around these activities easily and quickly. This is the real reason why you want your files in SharePoint. 

On the other hand when you think of a file share, in the traditional sense, you are often talking about unclassified documents, with no business metadata, no versioning in the classic sense and you are talking about storing any type of file. The file could be a 10 GB video file, a PowerPoint presentation, a executable file or anything else. Little thought is given to what it is that you are actually storing, there is no related business metadata and usually difficult to build business processes around the contents. 

You do not want to replace your file share by dumping a huge number of unclassified files that were in a file share, into a share point document library. There is little benefit to doing this. There will be no business metadata that you will need to tie to unclassified content or build business process around. It would also be a pain point for users to effectively be able to use and search.

By doing your thinking ahead of time, you will quickly realize which of your unclassified documents that were in a file share need to be moved to SharePoint document libraries. You also realize that there will be different document library locations for different files. A document library would only hold carefully selected files having something in common and some business meta data in common, probably sharing a content type and business processes. 

Hopefully this will help you decide between when (and most importantly, how) to use SharePoint and when to use traditional file shares, for storing your files. A completely different conversation and should also be thought about, is the use of SharePoint versus document management systems like documentum or document locator. I never believe that there is a universal solution. A good solution depends on the problem it solves. There is always a very good reason to use SharePoint, file shares or a document management system depending on what business problem you are looking to solve. The only thing is, do your thinking & planning ahead of time – understand the problem or problems before deciding on the solution. 

Tags: ,

MOSS | Sharepoint

Getting Ready to split up a very large MOSS 2007 Content DB into multiple content DBs

by Vishal 16. July 2009 03:01

 Very Exciting. Getting ready to split up a large content DB on a large enterprise level moss farm deployment. The idea is to distribute data that has grown over time into multiple content databases for performance and reliability. The plan is to use stsadm -o mergecontentdbs. However this is known to have implications and issues - http://support.microsoft.com/kb/969242. We are taking all necessary steps to avoid any problems. I'll update this post later on how our operation does.

 Update - Sorry for the late update guys. heres how it went.

 We had 2 tasks ahead of us. One was to move a content db from one database server to another in the cluster. The other was to split up a large content db on one of the servers into multiple content dbs.

Splitting the large content db into multiple content DB's:

 Microsoft recommended that we do not run the merge content db command on databases larger that 10 GB in size. So instead of moving out the larger site collections into new content databses, we decided to move all of the smaller site collections out instead. This would take much longer, but would be safer so we went that route.

  1. Make sure we stop all search crawls. This is important. Not pause but completely stop the search crawls. Let the running crawls complete and remove the schedule for all future crawls. If we do not do this, we take the risk of corrupting our search indexes.
  2. Create the new content databses
  3. Run stsadm -o preparetomove on the content db to be split
  4. Create a sites.xml using stsadm -o enumsitecollections on the source content database
  5. split up the sites.xml into manageable chunks containing the site colllections that we which to split out
  6. run stsadm -o mergecontent dbs on the source and destination content databases using the site.xml files created in step 5 to move the site collections from source to destination database to the destination content databases
  7. run stsadm -o databaserepair command on the source and destination databses to remove any orphan records - we had none
  8. test

we moved approximately 150 GB of data from a large content database into 5 diffenet new content databases. It took us approximately 18 hours including testing. After the maintennance, we improved page response times for the site collections. We also reduced app pool recycles for our web applications due to processes hitting their virtual memory limits. These almost seemed to dissapear after the maintennance. Overall we were very happy with the results.

Moving a content db from one server to another:

We had multiple large content databases on one server and we wanted to balance it out by moving a large content database from one server to another in the cluster.

  1. Run stsadm -o preparetomove on the content db to move
  2. detach the content db by running stsadm -o deletecontentdb
  3. using sql management studio, detach the content database from the server instance
  4. move the databse files from the source server to the destination server
  5. using management studio, re-attach the content database on the new sql server
  6. add the content database by ising stsadm -o addcontentdb
  7. Test

that was pretty much it. After our maintennance, we started our search crawls and reset the schedule. balancing out the databases also increased performance on our web applications.

Tags: ,

MOSS | Sharepoint

Sharepoint Dev Wiki

by Vishal 25. May 2009 22:47

I think this was long needed. A must have link for sharepoint admins and developers. Also great for business wanting to gain more insight and understanding into customization and development on sharepoint. I usually get a lot of different views when it comes to specific topics on sharepoint development. I think a wiki is a great idea to get all of those views in one place and create open discussion.

 check it out! http://www.sharepointdevwiki.com

 

Tags: ,

MOSS | Sharepoint

Adding Color Columns to Sharepoint lists

by Vishal 2. November 2008 21:02

I was working on a project that used a sharepoint list with a column called "Urgency" that was a choice column with values "Low", "Medium", "High". The client wanted to show the co0lumn in the list view but instead of the text, show a corresponding color - Green for Low, Orange for medium and Red for High. Also I needed to have this configured without downtime or custom code.

I found a great post online here that helped me do exactly that using a calculated column and a content editor webpart, out of the box!

Steps:

  • Create a column in the list called "Urgency Level" for example. Its a choice column with values "(1) Low", "(2) Medium", "(3) High"
  • Create s column in the list called "Urgency" which will display the color. This is a calculated column. The formula for this column is

          =”<DIV style=’font-weight:bold; font-size:24px; color:”&CHOOSE(RIGHT(LEFT(Urgency Level,2),1),”red”,”orange”,”green”)&”;’>&bull;</DIV>”

  • Add a content editor web part to the bottom of the page and copy the below script into it.


<script type="text/javascript">
var theTDs = document.getElementsByTagName("TD");
var i=0;
var TDContent = " ";
while (i < theTDs.length)
{
try
{
TDContent = theTDs[i].innerText || theTDs[i].textContent;
if ((TDContent.indexOf("<DIV") == 0) && (TDContent.indexOf("</DIV>") >= 0)) {
theTDs[i].innerHTML = TDContent;
}
}
catch(err){}
i=i+1;
}
//
// ExpGroupRenderData overwrites the default SharePoint function
// This part is needed for collapsed groupings
//
function ExpGroupRenderData(htmlToRender, groupName, isLoaded)
{
var tbody=document.getElementById("tbod"+groupName+"_");
var wrapDiv=document.createElement("DIV");
wrapDiv.innerHTML="<TABLE><TBODY id=\"tbod"+ groupName+"_\" isLoaded=\""+isLoaded+ "\">"+htmlToRender+"</TBODY></TABLE>";
var theTBODYTDs = wrapDiv.getElementsByTagName("TD");
var j=0;
var TDContent = " ";
while (j < theTBODYTDs.length)
{
try
{
TDContent = theTBODYTDs[j].innerText || theTBODYTDs[j].textContent;
if ((TDContent.indexOf("<DIV") == 0) && (TDContent.indexOf("</DIV>") >= 0)) {
theTBODYTDs[j].innerHTML = TDContent;
}
}
catch(err){}
j=j+1;
}
tbody.parentNode.replaceChild(wrapDiv.firstChild.firstChild,tbody);
}
</script>

Thats it! Here was the result:

 

 Also, you would have realised that you can do a lot more than add just colors, you can add any html to be rendered including scripts, mouse overs, colors, images...

Tags: , ,

e-commerce | MOSS | Sharepoint

Tool to build WSP solutions for MOSS/Sharepoint Projects

by Vishal 10. September 2008 18:46

The tool is called STSDEV. I found it on codeplex. The tool allows you to generate Visual Studio Projects & Solutions to facilitate building of MOSS deployement solutions. Its a simple command line utility that allows you to select the kind of deployment you are trying to do. The hoices include, empty solutions, features, webparts etc. By simply selecting the type of solution and clicking a button, it creates the visual studio project templates for building the WSP. You can drag and drop all of your deployment files into a predefined 12 hive structure. Hitting build on your solution, atomatically create sthe manifest file and builds the wsp. Till now I was building the mannifests and wsps by hand and that is a pain.

There are a number of build configurations generated for you that allow you to retract, deploy, redeploy, install the solutions directly to MOSS without needing to use stsadm. Its a great little tool for development and debugging.

 The project can be found at http://www.codeplex.com/stsdev.

 Here are some sceen casts that are very helpful in getting you started: http://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=stsdev&ReleaseId=10119

 

 

Tags: , ,

.NET | Sharepoint | MOSS


L symphonique de la derniere chanson, jh cherche professeur de danse, est tres belle et la partition se maintient au meme niv imitation replique rolex montres montre pendant toute la chanson, rehaussee par le son des violons. Un technicien et d ax pompes fnebes Bonio ces gandes tentes tiisees po assombi es maisons et signifie e dei. Mes dip seont es ps ties en es int ma magie po c de noveax replica uhren tos. replique montre diesele oU i fat veie a ce qe chaqe escapin soit mis en vae dans e moinde detai. "Je n'ai pas d'avis medical sur ta situation, mais par contre il est clair que tu en souffres, donc rien replique montres que pour a ton medecin devrait t'ecouter. Et "la" rando : les gorges de Samarie (mais attention, hyper frequente en ete). Le groupe etait assez heterogene, de la quinqua qui le faisait pour son plaisir aux etudiants bac +1 divers mais avec une majorite de terminales (toutes rolex replique sections confondues) donc je ne pense vraiment pas qu'il y ait eu de selection. D'autant qu'il y a deux nivcopie de montre rolex de difficulte et que certains chapitres ne seront accessibles qu'en ayant un minimum d'allies dans replique montre notre equipe, a la fin du copie de montre de luxe. Le fis d gitaiste des Pink Foyd fait appe de sa peine de pisonAge de 21 ans, e jene homme, etdiant en histoie a Cambidge, avait ete aete a son domicie apes a manifestation conte a rolex montre pas cher hasse des fais nivesitaies e 9 decembe a Londes, maqee pa des incidents.
Repliques Montres haute qualite vous aider a economiser beaucoup tout en appreciant la valeur du nom de marque. Vous voulez avoir cette montre luxe haut de gamme suisses sur votre main, mais replica uhren l'achat d'une voiture semble une meilleure option. Oui, c'est la realite. Ces montres symbole de statut social co?tent quelque chose replicas de relojes qui est au-dela pour permettre pour une personne normale. Mais ne desesperez hublot replique montres pas si vous ne pouvez pas vous permettre d'acheter ces montres de luxe. Vous avez une belle occasion d'acheter des montres de prestige nom Replique de la marque. Certaines personnes aiment l'aspect d'un veritable montres au poignet, ou replique rolex montres voulez juste nombreuses montres de marque pour correspondre a leur habillement, mais evitez patek philippe replica orologi de depenser des milliers de dollars que une vraie montre mai cots, ils se tournent vers les replique montre montres bonne replique. Si vous ne voulez pas acheter des montres de veritables montres de haute qualite puis de replicas sont votre choix ideal.