Go Search
Skip to main content Los Angeles SharePoint Users Group (LASPUG)

View All Site Content

SharePoint Thoughts
by Maurice Prather
stssync fails quietly when CRL list can't be validated
Sat, 06 Mar 2010 15:55:11 GMT
The other day I ran across a little problem that was somewhat hard to track down. 
 
Here's the core scenario - web app set to use SSL with various calendar lists sync'd to Outlook.
 
Everything was working as expected.  Then suddenly it all stopped working.  Outlook would report a generic HTTP 0 error.  New attempts to connect the lists to Outlook would also fail.
 
I went through a variety of diagnosis steps and nothing was popping up.  The site was operational, the certificates were valid, nothing had changed from client to server... tried to see if there was a difference between Outlook 2007 and 2010.  It was all the same generic error.
 
Coincidentally, I wanted to set that problem aside and fix another issue.  I happened to open up SPD and noticed that it threw up a dialog about not being able to validate the CRL for the certificate that was associated with the site.
 
Bingo!  A clue.
 
Sure enough, the CRL had expired.
 
On updating and publishing the CRL, everything started working again.
 
Net net: stssync will fail quietly if the CRL from the CA has expired. The user is not notified and requests are terminated.
 
Don't forget to double check the expiration of the CRL!
Copyright © 2004-2009 BluedogLimited.com. Licensed under a Creative Commons License.

A new direction
Fri, 26 Feb 2010 20:14:51 GMT

Nearly two weeks ago, several different things came together that helped lead me in a new and exciting direction in my professional life.  I've stepped down as the chief architect at ShareSquared and will be starting my own company.

 

Over the past few years, it seems that I've been slowly but surely working with smaller and smaller companies so that I can learn the ins/outs of running a business (Boeing -> Microsoft -> ShareSquared).  My three year run as the Lead Architect at ShareSquared has provided me with good insight and confidence.  Starting with a technical team of 1 person (me) back in March of 2007, I was able to help the company expand its technical staff up to 8 people. 

 

Having been a part of a company building experience and with the encouragement of family and friends, the time seemed right to invest my efforts into something that I could call my own.

 

Although there are still some formal legalities to get out of the way, the plan is pretty simple ... start a goat renting business.

 

Oh wait… I don't have any goats and it seems that I'm already too late (here's a YouTube video of a local commercial).  And for the record, I've seen their work first hand... what a neat way to cut down vegetation.

 

Seriously, though, I will continue to work with that little thing called SharePoint.  It's been fun and will continue to be so with the imminent arrival of SharePoint 2010.  I look forward to working with various friends as the company grows.

 

With a new direction, comes plans and a commitment to reinvigorate my blog and the site.  Over the coming weeks, expect a complete makeover. The whole website is a carry over/migration from a WSS 2003 site that I threw up one weekend back in spring of 2004.  It's time to change over to new structures and a new look while parsing out some of the old code offerings that haven't been touched in quite some time.

 

I'm even going to join this new micro-blogging thing called Twitter.  Yup, weirder things have happened ... but who knew you'd be able to know me as @mauriceprather.

 

Looking forward to the next adventure!

-Maurice

Copyright © 2004-2009 BluedogLimited.com. Licensed under a Creative Commons License.

2010: Versioning of Web Part instances
Fri, 30 Oct 2009 16:32:57 GMT
One of the nicest new web part framework features in SharePoint 2010 is Web Part versioning.
 
Remember all those times you've edited a page only to misconfigure or delete a web part?  Versioning may help you unwind your mistakes, but it depends on how you are making edits.
 
How does it work?
  • Web Part instances are versioned only when a page is checked in.
  • Only Shared instances are versioned
  • Versioning is controlled by the document-level settings.

If you are editing in any of the following conditions, versioning will not occur:

  1. Editing Personalized or Personal Web Parts
  2. Editing a page that is not checked out

Under these conditions, edits occur as they always have... directly and w/o opportunity to fall back to a saved state.

As you can see Web Part versioning is really targeted toward protecting the broadest, most common usage scenarios.  If you are not checking in/out, you'll never see Web Part versioning at work.  Likewise, if you are dealing with anything other than a Shared Web Part, versioning does not occur.

What are the developer ramifications?
In it's simplicity, there nothing that you as a developer can really do.  The web part instances will either be on the page or they will not.

There is no visibility into a Web Part's history or opportunities for a Web Part to control its own destiny.  Web Part versioning is directly tied to the page history. 

The only side effect of versioning that I can foresee is the very same issue that people have with document version histories.  Each version is a complete instance/copy.  Therefore, if you are storing large amounts of data in a web part property, be aware that versioning will automatically force the user to consume more of their storage allocation.

In short, Web Part versioning is available and is really designed to be transparent to the developer and the end user.  The parts that are instantiated are completely dependent on the page version that is being rendered.

-Maurice

Copyright © 2004-2009 BluedogLimited.com. Licensed under a Creative Commons License.

2010: Gemini... err... PowerPivot... to the rescue
Wed, 28 Oct 2009 02:20:57 GMT
Are you the type of person that has ever wondered which running back has the most yards per carry on natural fields when it's raining and the wind is in their face?
 
Well, a few years ago I had an opportunity to watch, from the sidelines, as a long time friend of mine (Rob Collie) generated wicked stats like that day in day out.  His team built an Excel Services application for a now-defunct fantasy football project over in MSN. They were looking at data in all sorts of ways...
 
The beauty of it all?  It's that little thing called BI.  You can take that first sentence of mine, remove football references, add your business elements... and it's practically the same concept - looking at your data in new and exciting ways.
 
BI in 2010 is pretty amazing.  There have been a lot of improvements that will make it much easier for more people to explore their worlds.  Gemini ... and yes, I'm still having a hard time getting used to the new name ... PowerPivot will change how businesses look at their data.
 
Want to learn more about PowerPivot?
I invite you to check out Rob Collie's blog at PowerPivotPro.com.  He's one of the folks that worked on Gemini... and he's an avid football stats man... the combo is dangerous if you're in his fantasy football league ... expect his blog to be packed with some informative articles!
 
 
-Maurice
 
Copyright © 2004-2009 BluedogLimited.com. Licensed under a Creative Commons License.

2010: Are you Safe Against Script?
Sat, 24 Oct 2009 19:18:24 GMT
At the SharePoint conference, I had an opportunity to discuss a new feature that will affect the behavior of all Web Parts - old and new.
 
In 2010, contributor rights are being changed in 3 distinct areas:
  • Type of files that must be downloaded explicitly
  • The ability to change HTML markup in pages
  • The ability to change web part properties

These changes are being made because with the addition of the new Client Object Model, cross-site scripting (xss) becomes a major concern to the health of your SharePoint system.

That's right, the Client Object Model (CLOM) is so powerful and easy to use (imagine cut/past operations!) that XSS attacks from within the trusted membership can become a very serious matter.  To be fair, this has always been the case with contributors being able to change markup but the level of difficulty in reading/writing data to a SharePoint from the client was often seen as deterence factor.  That obviously changes if you have a client-side om designed specifically to manipulate your site.

Back to Web Parts...

The behavior of every single web part in existence is going to change.  The new default behavior for who can view/edit web part properties is to PROHIBIT contributors from viewing/editing properties.

There are two (2) mechanisms that can come into operation to prevent contributors from viewing/editing properties:

  1. New Object Model attribute: RequiresDesignerPermissionAttribute
  2. New SafeControl attribute: SafeAgainstScript

These mechanisms apply permission-based restrictions on whether a contributor can view and/or edit web part properties.

It's also worth noting that these mechanisms operate independently of each other with the Object Model attribute having the most authortity of the two.

What is the default behavior?

By default, contributors are NOT allowed to view or edit custom web part properties.  All SafeControl entries default to SafeAgainstScript=false. 

Here's two tables to help illustrate how the safeguards work to enable/disable editing by a contributor. 

In the first table, note the row with SafeAgainstScript=No.

RequiresDesignerPermission = false (or not applied)
SafeAgainstScript
Designers and higher
Contributors
Yes
Ok
Ok
No
Ok
Not Allowed

The table above basically applies to every legacy part that is simply installed on a 2010 server.  In short, your web part's use case scenarios will change.

The next table outlines how a web part built using the new Object Model attribute would operate.

RequiresDesignerPermission = true
SafeAgainstScript
Designers and higher
Contributors
Yes
Ok
Not Allowed
No
Ok
Not Allowed

Not the subtle difference in behavior.  The RequiresDesignerPermissionAttribute always forces the user to have the appropriate security permission regardless of the SafeAgainstScript attribute.

The ONLY time these mechanisms are not enforced is when a web part has been personalized and the property is scoped to the User or if the web part has been added as a Personal Web Part.

What are the impacts of the new XSS safeguard?

  1. All web parts, by default, will behave differently in 2010. 
  2. User scenarios need to be reevaluated.  If you have a web part that was specifically designed with contributor-level users in mind, investigation is needed to determine how to best enable that functionality on a 2010 server.
  3. The Sandbox does not in any way offer more protection for the XSS scenarios.  All of the rules apply for Farm and Sandboxed solutions.
  4. Developers have additional flexibility to manage who can view/edit properties based on permissions.
  5. Administrators will add "why is SafeAgainstScript=true" to their list of pre-installation validation questions.

I'll cover the other 2 contributor restrictions in coming posts.

In the meantime, start getting ready for the calls asking "how come I can't edit the properties?".  We all know those calls are going to come in...  :)

-Maurice

 

Copyright © 2004-2009 BluedogLimited.com. Licensed under a Creative Commons License.
Privacy Statement | Terms of Use