Archive

Archive for the ‘ShaePoint 2013’ Category

Customizing NewForm.aspx or EditForm.aspx for a list

December 11, 2014 Leave a comment

SPEasyForm is a codeplex solution to customize new/edit forms of a SharePoint list and it is a no code Sandbox solution (only html/javascript solution).

http://speasyforms.codeplex.com/

SharePoint Claims to Windows Impersonation context for service calls

January 13, 2014 Leave a comment

Scenario:
If you have some custom code running on SharePoint 2010/2013 site (with claim based authentication enabled), you may run into impersonation issues. If your code is calling oData service, web service or WCF service, you will encounter access denied type issues. Everything works local but may fail on test environments. Most of the time, we have our local virtual machine setup or cloud VM setup as windows authentication only and we do not see such issue up front. When custom code is moved into a testing environment, it immediately runs into access denied issues.

Problem:
Code is running in claims context and no user context will be passed to your services. Access denied is expected in this case.

Resolution: 
You can get current user windows identity by calling  Microsoft.IdentityModel.WindowsTokenService.UpnLogon( upnValue ) method and further call identity.impersonate method.

Here is the full line of code
STEP 1 – Add ClaimsToWindowsID class to your project
STEP 2- Call 3 line of code to impersonate the user before your service calls. It will ensure that correct windows ID context is passed to your service calls.

//=STEP 1===ClaimsToWindowsIdHelper===You can keep it in a utils project or as a helper class==

using System;

using System.Security.Principal;

using Microsoft.SharePoint;

using System.ServiceModel.Security;

using System.Threading;

using Microsoft.IdentityModel.WindowsTokenService;

using Microsoft.IdentityModel.Claims;

 

namespace MyProject.SecurityHelper

 

{

 

    /// <summary>

    /// This class helps you to get windows ID context for a claim user.

    /// </summary>

    public static class ClaimsToWindowsIdHelper

    {

        /// <summary>

        /// Retrieves the windows identity for current user based on claim.

        /// </summary>

        /// <returns></returns>

        public static WindowsIdentity GetWindowsIdentityForCurrentClaimUser()

        {

            IClaimsIdentity identity = Thread.CurrentPrincipal.Identity as ClaimsIdentity;

            string upn = null;

 

            if (identity != null)

            {

                foreach (var claim in identity.Claims)

                {

                    if (StringComparer.Ordinal.Equals(System.IdentityModel.Claims.ClaimTypes.Upn, claim.ClaimType))

                    {

                        upn = claim.Value;

                    }

                }

            }

 

            WindowsIdentity windowsIdentity = null;

            if (!String.IsNullOrEmpty(upn))

            {

                try

                {

                    SPSecurity.RunWithElevatedPrivileges(delegate

                    { //claims to windows token call

                        windowsIdentity = S4UClient.UpnLogon(upn);

                    });

                }

                catch (SecurityAccessDeniedException e)

                {

                    // No Upn claim

 

                    throw;

                }

            }

 

            return windowsIdentity;

        }

    }

}

//=======END OF CODE================

 //=STEP 2===call helper and do impersonation======

//You can call this impersonation call any where before your service calls.
WindowsIdentity ctx = null;
ctx = 
MyProject.SecurityHelper.ClaimsToWindowsIdHelper.GetWindowsIdentityForCurrentClaimUser();
if (ctx != null) { ctx.Impersonate();}

 //then your service instantiation, calls can be after the above lines. It means all of the code  after the above lines will be under the windows id context.
//Ofcourse you can add dispose statements, ctx.undo statements in your code after making service calls to go back to claims context if needed and destroy any object.

Enable-SPFeature issue : The Feature is not a Farm Level Feature

January 6, 2014 1 comment

I came accross this issue. I am sharing my experience/finding/fix to the issue.

Problem statement:
I was trying to activate by feature name or GUID like following (1st two attempts) and i was getting the error

Enable-SPFeature : The Feature is not a Farm Level Feature and is not found in a Site level defined by the Url

Attemp 1 (by Name) – #did not work

Enable-SPFeatureIdentity “Myfeature name” –url $spSiteUrl –ForcePassThru

Attemp 2 (by GUID) – #did not work

Enable-SPFeatureIdentity “b40887eb-6473-47c2-877a-9d9c511356de” –url $spSiteUrl –ForcePassThru

Solution : Final Attemp (by GUID) – yes Worked……

Enable-SPFeature Identity b40887eb-6473-47c2-877a-9d9c511356de –url $spSiteUrl –ForcePassThru

As you can see that it has only minor difference. I removed double quotes from guid and it worked perfect. if you come accross this issue, here are some hints

– Ensure that site URL is correct.
– Ensure GUID is correct. You can always check it from feature.xml file
– Ensure that syntax does not contain double quotes around GUID.

I was using -Force and -PassThru for extra details. You don’t need to use them if it is not needed.

Hope it helps.

Migrating existing 2010 web parts to 2013

I will be writing this blog post in few days for exact guidance around migrating a 2010 web part to 2013 using two ways. One is AS-IS upgrade and 2nd one is converting few things to make it 2013 type web part. This article is for developer community.

Coming soon….

Categories: ShaePoint 2013