Skip to content

June 20, 2008

Home Archives: June 2008

SharePoint User Management Web Cast Questions and Answers

Robert Bogue June 20, 2008 No Comments

There are so many things I didn’t get to talk about in the user management talk. There’s so much more to say about the stuff I did get to. Here are the questions – and some answers from the web cast on user management.

Q: When you extend SharePoint to multiple zones so you can have one with forms based authentication, do you have one IIS virtual server/web application or multiple?
A: Multiple. Forms based authentication requires a few different web.config file entries.

Q: Is there a way to secure data based on the relationship to the data? i.e. allow sales folks to only see their customers?
A: It’s technically possible but not included out of the box and can be technically challenging.

Q: Did you have to set anonymous access on the web site for forms based authentication?
A: Yes.

Q: Can I send alerts to exchange distribution groups or AD security groups?
A: Yes, any entity that has an email address can receive alerts.

Q: When using SPWeb.DoesUserHavePermissions how do you resolve a role?
A: You don’t. You can, however, use SPWeb.RoleAssignments.GetAssignmentsByPrincipal(SPContext.Current.Web.CurrentUser) to retrieve roles for the current user.

Q: Where is the provider logging project that I spoke about?
A: http://www.codeplex.com/providerlogging

Q: Is there a way to programmatically tell if you’re using FBA or Windows Authentication?
A: Yes. I’d recommend that you look at Professional ASP.NET 2.0 Security, Membership, and Role Management for a more complete discussion about forms based authentication, users, etc. It will give you all the background. The short of it is that you can check the HTTP context to see if it’s anonymous. If you have a user and it’s an anonymous request you’re using FBA.

Q: How do you extend permissions at runtime?
A: Use SPSecurity.RunWithElevatedPrivileges() method. This will allow you to behave as if you are the application pool account. I recommend caution with this method.

Q: What is the difference between user management in WSS and MOSS?
A: There isn’t any. MOSS offers additional functionality in the form of user profiles but fundamentally this is new functionality not a change to base functionality.

Q: Are there best practices for user management on a portal that has 2000 users?
A: There aren’t best practices that are that generic. You need to decide if you’re going to manage users through AD groups or SharePoint groups.

Q: Some user management code works fine outside of SharePoint but not as a SharePoint Web service, do you know why?
A: No, but I’d turn Off custom errors and set the callstack true in the SharePoint tag to try to see the real error and the location.

Q: How do I use SharePoint Designer if I’m using forms based authentication?
A: I setup another URL, port, and web application which uses windows authentication and I point SharePoint Designer to that URL/port combination.

Q: How long are the audit entries stored?
A: Indefinitely – until you clear them.

Q: Is there any way to do mixed mode authentication using the same URL?
A: Technically it’s possible but it’s not easy nor recommended. Essentially you would have forms based authentication and would have it determine if the user could log in via windows authentication and if so write the forms based authentication cookie.

Q: Can user attributes containing private information like a phone number be hid from SharePoint administrators?
A: No, in the demo in fact, I used policy for web applications to bypass all security for my forms based authorization user.

Q: What is the impact to SharePoint when auditing is enabled?
A: There’s no one answer. If you turn on auditing for views … it will be pretty big. If you enable for check ins, it won’t be that bad because check ins are a relatively small percentage of the overall transactions.

Q: Can we install SharePoint on Windows 2008?
A: Yes.

Q: Are there any good integrations with authorization manager (AzMan)?
A: None that I’ve seen.

Q: I’ve been having problems with people picker, are there any alternatives?
A: None that I know of. However, problems with people picker usually are caused by two things: 1) problems with active directory. It can’t resolve a global catalog server, there’s a DNS misconfiguration, etc. Stuff like having the server pointed at both external DNS and internal DNS causes all sorts of issues. 2) In a FBA mode the people picker wildcards need to be set.

Q: Can auditing be used to do usage reporting?
A: Yes, this is the way Nintex Reporting 2008 does it.

Q: How can you set anonymous access restrictions per list rather than per site?
A: You can’t. You can, however, put a web part on pages that you don’t want anonymous users to see that redirects them off the page. I do this in some situations where I want to discourage them from seeing certain pieces of a site but it’s not a security issue – it’s just a appearance issue. Technically the anonymous user would still have access to the data.

Q: Can you use a non-authenticated page for changing password, etc?
A: Yes, just treat it like a login page. See my article “Customize a SharePoint Login Page”

Q: If you have WSS 3 and it implements forms authentication and restricts content to specific users, do you have to have client access licenses?
A: I would have to refer you to a licensing specialist – however, I know that the most common license people forget when they expose WSS to the outside is a Windows Internet Connection license. (It’s bundled with Web Edition but not the other versions of Server)

Q: Can I have a list that contains permissions for a user?
A: No, you must use the permission constructs in the API.

Q: Can you extend auditing with your own events?
A: Yes.

Q: Can we use a different database for authentication?
A: Yes.

Q: Can we use a different database for authentication?
A: No.

Content Types Web Cast Questions and Answers

Robert Bogue June 20, 2008 No Comments

It’s time for me to answer those content types questions I got during the web cast the other day. I really appreciate all of the great questions that I got after the event. The answers here should roughly match what I gave verbally – with the possibility that I interpreted the question slightly differently then.

Q: Have you seen implementations that deal with document collections containing very large (> 1GB) files?
A: No, however, I strongly recommend against storing files of this size in SharePoint. That’s not what SharePoint is optimized to store. A traditional digital asset management, or content management application may be more appropriate depending upon the specific needs.

Q: Could the ship to/sold to fields (defined in the demo) be drop down lists in the word document template?
A: Yes, No, and Yes. Yes, it’s possible to define a choice field and get the results to appear in a drop down list. (Reading between the lines) No, it’s not directly possible to populate a drop down box from a back end system. (Again reading between the lines) Yes, if you develop a custom Document Information Panel (DIP) you can do anything you would like including querying back end systems.

Q: What happens to users not running Office 2007 when a custom template (.dotx) is used for a content type?
A: If they’re running Office 2003 with the file format extensions, they’ll still see the template. If they’re running an older version and thus the template doesn’t make sense, Word will throw an error that the file format isn’t recognized.

Q: Can I use site columns/content types to search across site collections based on common columns/features?
A: You can use site columns and content types to support. The white paper that I wrote last year, “Managing Enterprise Metadata with Content Types” (http://go.microsoft.com/fwlink/?LinkId=101604&clcid=0x409) will help you better understand how search can leverage site columns and content types.

Q: How do you get the FieldRef IDs for existing site columns?
A: There are several ways – you can pick it out of the URL when looking at an existing site column, or you can look at wssfields.xml which declares the WSS fields.

Q: Is it possible to have custom columns added to the metadata of a document, so that the metadata “stays” with the document?
A: In the new document formats a copy of the metadata goes with the document (crack the DOCX file open by renaming to ZIP and extracting it. You’ll find that there are properties for all of the content type columns)

Q:I thought Title was a default item field that is needed as the record identifier. If you remove the title field, how can you set a record identifier?
A: The slide was a bad example, you should never remove the title field because it always expected to be there. However, in a document library items are organized by path and file name.

Q: How do you install Visual Studio Extensions for SharePoint on a development box that is not running Windows SharePoint Services?
A: You don’t. You want to do your SharePoint development on a server. That server can be a virtual machine, but a server OS is “required”. I’m aware of the Bamboo Solutions technique for installing Windows SharePoint Services on Vista – however, I don’t recommend it.

Q:When creating a custom content type as a feature, how do you configure the CAML to allow for the management of content types by default?
A: This is more of a list definition issue. The <List> CAML tag has an attribute EnableContentTypes which turns on the item that you’re describing.

Q:Can you bind custom actions to content types?
A: Yes.

Q: For event receivers, how do I know that my ItemUpdating event is firing for editing the document, or other specific operations?
A: I’d do this observationally by watching what the pre and post operation data looks like.

Q:Are the Visual Studio Extensions for Windows SharePoint Services available for Visual Studio 2008?
A: Yes, http://www.microsoft.com/downloads/details.aspx?FamilyID=7BF65B28-06E2-4E87-9BAD-086E32185E68&displaylang=en

Q: If you’re using a Guid from a development server would you be able to deploy that to a production server?
A: Yes, because you’re defining the guids in your features – and thus they will match between environments.

Q: Are there additional webcasts planned to cover attaching forms to content types and workflows?
A: Not at this point – however, I can tell you that this is one of the topics I’m proposing for a future web cast.

Q: You’re using the SPVM development image, how can you use multiple instances of this virtual machine in an environment with multiple developers?
A: Just set virtual PC to NAT so that the servers don’t really see each other. It may give a warning but the warning is harmless.

Q: Is it possible to define custom controls to allow for the input of data?
A: Possible, yes. You can look at field controls but there are lots of limits to what can be done. I’d suggest starting your search there.

Q: What are the differences when defining a field between Display name, name, and static name?
A: The answer I have is that the StaticName is used by the Office clients and it’s not recommended that we use this attribute. It’s recommended that we only use the Name attribute. Although in practice using the StaticName hasn’t appeared to harm any of my solutions. Display name is what is displayed to the user. Name is the internal name of the field.

Q: When making modifications to content types, deployed using a feature, how are the updates generally handled to instances of data?
A: Well, if you delete a field, the data goes away. If you add a field it’s available to have data in – this presumes that you’re pushing the content type changes through. That requires special code in a feature receiver because the feature itself doesn’t push the content type changes down.

Q:Can you have a lookup field in a content type?
A: Technically the syntax supports it but it doesn’t work well in practice. There are issues with lookup fields being designed to work within the same SPWeb but content types are declared at the SPSite scope.

Q: Can I create a special page that allows me to enter the data for the content type?
A: Yes, you can override the new form of a content type with a form that you specify. There are techniques for interacting with the out of box list form controls – however, generally I recommend starting from scratch to do your own data input.

Recent Posts

Book Review-Life’s Journeys According to Mister Rogers

Book Review-The Simple Faith of Mister Rogers: Spiritual Insights from the World’s Most Beloved Neighbor

Book Review-The Mister Rogers Effect: 7 Secrets to Bringing Out the Best in Yourself and Others from America’s Beloved Neighbor

Now Available: Organizational Readiness for Generative AI Draft White Paper

Book Review-The Good Neighbor: The Life and Work of Fred Rogers

Public Speaking

See more