Pinned: New URL for The SharingPoint Blog

It seems as if many people are still not aware that this blog has moved. So, for all of you that still use this address and wonder why I haven't posted in, like, forever, head on over to http://www.binarywave.com/blogs/eshupps for the latest SharingPoint goodness. For those that use the FeedBurner subscription, no worries - it has already been updated.

Securing Application Pages in SharePoint 2007

Anonymous security in SharePoint 2007 is more of an art than an exact science, it seems. Although drastically improved from 2003, there are still some gaps in the security model which need to be plugged (and some that need to be opened) for public-facing SharePoint sites. One of the most glaring examples is the List View application page (12\TEMPLATE\LAYOUTS\viewlsts.aspx) which is accessible by every user with read permissions. While not technically a security risk - there isn't much a user can do from this page without sufficient access rights - it may expose more information to anonymous users than is acceptable.

To work around this issue, add code to the individual application page(s) to check if the user is authenticated and, if not, redirect the user to the Access Denied page. Insert the following script at the top of the page (before or after the page declarations and registrations):

< runat="server">
protected void Page_PreInit(object sender, EventArgs e)
{
try
{ string sUserName = SPContext.Current.Web.CurrentUser.LoginName; }
catch
{ this.Response.Redirect("/_layouts/accessdenied.aspx"); }
}
< / script >

The above code attempts to assign the user login name to a string variable. If the operation fails, which it will if the user is not authenticated, the catch statement redirects the user to the default access denied page. Once the code is placed on a page in the /_layouts directory, it will effectively be hidden from anonymous users.

Anonymous Search Results in WSS v3

When configuring WSS v3 (2007) for a public facing web site there are a number of steps to take to insure anonymous users don't have access to areas they shouldn't - removing default lists, modifying application pages to hide pulic views, locking down mysites, etc. - but there is one page that is absolutely necessary for everyone to access: osssearchresults.aspx. This page presents the list of search results and is the de facto target location for WSS search controls.

By default, viewing this page requires a user to be authenticated to the server. This can create a problem when your site definition includes the basic search control as it will attempt to render all search results on this page. To remedy this situation, locate the following text at the top of the file (inside the < % @ Page ... /> declaration) and remove it:

Inherits="Microsoft.SharePoint.WebControls.LayoutsPageBase"

This setting determines the inheritance of the page from the generic application page base class; however, it is not required for the page to function. Anonymous uers will be able to view the page without having to login and search results will continue to be security trimmed so users without proper permissions will be unable to view restricted items.

SharePoint 2007 RSS Aggregator Web Part

One of the most common requirements we have these days is to display RSS feeds on WSS/MOSS sites inside of a web part. Most users want the ability to see just a list of article links, sorted by date, from multiple feed sources - a collection of technology blogs or all the official SharePoint blogs, for example.

There are several free utilities for performing RSS aggregation in SharePoint - inlcuding those that come out of the box with 2007 - but none of them work the way that I needed them to (in fact, I couldn't get the included web parts to work at all in WSS). So I put together a basic RSS Aggregation web part that fits the bill.

The functionality is really quite simple - supply the web part with a semi-colon delimited list of feed URL's, set a few parameters (like number of listings per feed, total number of listings, alternate stylesheet, etc.) and drop it onto a page. The web part will display a list of links from each feed source sorted by publish date in descending order. The formatting is controlled by a set of base and alternate styles that can be included in custom stylesheet or integrated with your base site definition styles.

You can download the RssAggregator web part here: http://www.binarywave.com/products/downloads/Free%20Utilities/BinaryWave.RssAggregator.zip. The zip file contains the Visual Studio 2005 solution with full source code (written in C#) and a readme file with setup and configuration instructions. Post any issues or questions as comments to http://www.binarywave.com/blogs/eshupps/Lists/Posts/Post.aspx?ID=3.

Note: I discovered while putting this together that there are quite a few differing feed formats depending on which source you are trying to access. Most RSS 2.0 and ATOM feeds should work but you may need to tweak the XML parsing methods in the source code if you are referencing a feed that uses non-standard or custom formatting in the source XML. If you do make modifications, please post them so everyone can benefit from your changes.

The SharingPoint Has A New Home!

Now that we've completed the changeover from The eGroup to BinaryWave, this blog will be moving onto our new SharePoint 2007 servers. The new url will be http://www.binarywave.com/blogs/eshupps. For the near future, I will continue to cross-post as I move old content over and get the archives up to snuff (is there anyone out there who has written a utility to move Blogger content to SharePoint? I REALLY don't want to write that myself...).

For those of you that use the FeedBurner RSS link that will be redirected to the new blog address. Any troubles, post a comment and we'll figure it out.

Colligo Contributor v2.0 Review

Part of our practice methodology at The eGroup/BinaryWave is to use SharePoint Team Sites to manage all of our projects - time tracking, project milestones, tasks, issues, bug tracking, project documents, deliverables, etc. - are all contained in SharePoint lists. This has several advantages, primarily complete project visibility for our customers, and secondarily, the capability for our staff to work remotely from any location. Beyond that, it also does an excellent job of demonstrating the capabilities of the platform to new customers and provides their project team with some informal on-the-job training.

This arrangement does, however, provide some challenges for frequent travelers such as myself. As I am often in transit from one location to another (usually across the Atlantic) it is commonplace to be without Internet connectivity for long periods of time. This makes it quite difficult to update project-related information, as I am unable to gain access to our SharePoint servers, a major roadblock in my role as project manager. To compensate, I had been relying upon a cobbled-together mish-mash of local files, Outlook folders, and a bit of slapdash code to keep things in synch which, to be honest, wasn't working very well at all.

Enter Contributor from Colligo. A month or so ago the folks from Colligo invited me to test drive version 2.0 of their Contributor product. Billed as an offline client for SharePoint, I had assumed that it's primary purpose would be to keep files in sync between my local folders and SharePoint document libraries. A fine utility, to be sure, but my experience with similar products was that they did a decent job of moving files back and forth but completely lacked any support for SharePoint lists, which is where I do the majority of my work.

I admit that I was pleasantly surprised by the product's capabilities in this regard. To set up Colligo to work with SharePoint, you first supply the URL of the site and your login credentials. The product then downloads the site contents and I was encouraged to see that list information was being collected along with document libraries. Once the content has been collected, the application presents the site information using the same basic layout as a WSS v3 Team Site - lists and libraries organized on the left, list contents on the right, with the same WSS list icon, headings, and breadcrumb at the top.

Choosing to duplicate the SharePoint interface was an excellent decision - the experience of interacting with the list contents is nearly identical to that of SharePoint's web GUI. Say what you will of Microsoft's design, at least the consistency between the two products means there is no learning curve to overcome - anyone who has worked with a SharePoint list will be immediately productive within Contributor. Switching views, uploading documents, sorting columns, and creating new list items is natural and intuitive. Entering a new item in a list brings up a dialog that contains all the list columns (including choice, lookup, and calculated columns) and which looks almost identical to the built-in SharePoint forms.

After modifying or updating the list contents, you can manually synchronize one or more sites to commit your changes. Alternatively, you can leave Contributor running the background and it will synchronize automatically (you can enable/disable this functionality by right-clicking on the synchronization message in the status bar but I was unable to find any way to modify the automatic synchronization interval).

Naturally, being an offline client, there are a few limitations. You cannot create new views from within Contributor; likewise, it is not possible to alter the list structure (add or remove columns, change column types, etc.) while offline. I also noticed that the list views, which do a good job of display grouping, filtering and summary selections, do not display column totals; that is, if you have applied a total parameter to a list (i.e. SUM the Hours column) the values for this calculation are not displayed.

The pricing for Contributor affordable for both individual and corporate users. At $125 per seat, it's hard to argue with the price/performance equation for this product. The time saved in lost productivity on one cross-country flight pays for the license several times over.

Overall, I think the Colligo team has done an excellent job with version 2.0 of Contributor. I use it exclusively to update list content while on the road, letting it synchronize all of my changes the next time I'm connected to the Internet. This has allowed me to be more productive - especially when flying - and I often use when I am connected as I prefer the WinForms experience over the browser-based approach. If you travel often, or have limited connectivity (i.e. dial-up or second-generation WWAN) and need to interact with SharePoint lists, Contributor may be the answer you've been looking for.

Visit Colligo's web site for more information. A free trial of Contributor 2.0 can be downloaded here.

CORRECTION: The automatic synchronization setting can be adjustd by modifying the followig registry value: HKEY_LOCAL_MACHINE\Software\ColligoOfflineClient\Synchronization\ PeriodicSyncInterval. This key determines the number of minutes between sync attempts - the minimum value is 15 and the default is 30.

The Trials and Tribulations of Being Your Own Boss

Sometimes you've just got to stop and post something because it makes you smile. Fellow SharePointer Extraordinaire Heather Solomon recently decided to take the plunge and strike out on her own as an independent consultant. Earlier this week she put up a post about how little time she's had since taking The Big Step. It brought a smile to my face as people are always asking me why I don't post more and work less, why it takes so long to return emails, why don't I do more speaking engagements, etc. Welcome to the gotta-get-the-project-done-no-time-to-chat-why-doesn't-my-phone-stop-ringing-my-God-is-it-midnight-already-where-are-my-slides-for-tomorrow-did-I-get-that-invoice-out-when-do-I-get-paid? club, Heather!

Now, if I can just find a way to sabotage her email for a day so I can get her to work on some projects for MY clients... :-)

UK SharePoint User Group Meeting in Manchester April 11th

The first UK user group meeting in Manchester will be held on April 11th at TSG. Nick Swan, whose travels for community meetings might actually come close my own air miles, will open the session with an intro on WSS v3, followed by some in-depth info on branding and customization. As this is the first meeting in Manchester, show Nick some SharePoint love by showing up en masse (you should be recovered from the big Manchester United match by then, right?).

Click here for info and directions.

Source Code for Hosting User Controls in Web Parts

Every .NET developer who has come anywhere near SharePoint development has, at one time or another, seen, heard of, or used Jan Tielens' SmartPart. It's a great control and very effective for rapid application development within SharePoint - no need to learn web part coding, just whip up a quick user control and off you go.

We do a great deal of SharePoint user control development in our shop, for several reasons: 1) when you work on billable time, clients want the fastest, most effective solution to a problem not some esoteric argument on what is 'pure' SharePoint development and what is not, 2) It's easier to hire and get new SharePoint developers up to speed using .NET controls they are already familiar with, 3) it's far easier to turn over user controls to our clients for future code maintenance than try to give them a crash course in web part development, and 4) I don't know about you but I have absolutely no interest in hand-coding UI elements that I could otherwise drag-and-drop in the IDE (but then, I'm known to be a lazy programmer, so take that for what it's worth).

Because of this, we have developed our own web part wrapper for hosting user controls. Similar to the SmartPart, it's designed to be a low overhead control that can be deployed for rapid development scenarios but we needed a bit more flexibility than the SmartPart offers. We've been using it for quite a while and have had great success with it. We're releasing the source code to the community so everyone can do the same and also to see what kind of improvements and enhancements all you smart coders out there can come up with.

If you're looking for a way to host user controls in SharePoint and you would rather write and own the code yourself than use a third-party control, give it a try. Sean Skinner has posted the code over on his blog for you to download. Take it, make it your own, and let us know what kind of cool stuff you do with it.

Direct any questions to either Sean or myself via comments on these posts so everyone can participate in the discussion.

Enjoy!

UK User Group Meeting in Glasgow, Scotland March 28th

Steve Smith of Combined Knowledge is organizing an informal UK User Group meeting in Glasgow, Scotland on March 28th. If you are in the area, make plans to attend and support the growing UK SharePoint community. After all, there's beer and food involved - can't miss out on that! Go here for more information.

BTW, the User Group meeting in London on the 22nd was an excellent affair. Tip o' the hat to Riaz Ahmed for doing a bang-up job presenting a Search deep-dive and accessibility overview (Riaz, if you're out there, post a comment with your blog URL so I can link you up). More than 75 people showed up (although how many were actually there for the free beer and pizza is impossible to determine). C'mon Dallas, we've some catching up to do - the UK gang is making us look bad!