Wednesday, 24 October 2012

SharePoint 2013 RTM available in MSDN and TechNet

So, once again, we have been fooled to believe the go-live would be later this year. Some other people thought Q1 2013... some others thought it would see the light at the SharePoint Conference 2012 in Las Vegas (we are just a few weeks away from the event)... but no!! It is available as of today with your MSDN subscription and I have it in my hard drive already!!! :)

So, I will be getting rid of my SP2013 Preview box and getting up with the real one soon... I will not be the first obviously, there are those professional bloggers out there just burning their HD's and fingers to be the first ones to write about the RTM version... good luck to everyone with the latest SharePoint version... we have a new baby in the family!!!

Sunday, 21 October 2012

Registering and trusting external SSL Certificates in SharePoint 2010

Why would I need to register and trust external SSL certificates in a SharePoint farm?
Well, most of the times you don’t have to unless you need to access an external website that is HTTPS SSL protected and you have not created the consuming service or WebPart yourself. You can by-pass the “not trusted certificate” issues from code, but what happens if you are using a WebPart that should just work and it doesn’t because of the not trusted certificate? Well, here are the errors and how to sort them out.

The Problem
One of the typical WebParts that you would target external sites with is the RSS Viewer WebPart. Imagine that you are working in a secured intranet, with multiple protected services and URLs. One of those HTTPS URLs is the RSS Feed and as soon as you set your RSS Viewer WebPart to query that URL you receive the following “descriptive” error:

The requested RSS could not be displayed. Please verify the settings and url for this feed. If this problem persists, please contact your administrator.

You try the URL in a browser and you can access it, but not from the RSS Viewer Webpart. So… it is one of those SharePoint issues and I should trust the Root Certificate in SharePoint to sort it. But the story is not complete.

The “almost” resolution
You can think that trusting the Root Certificate would sort the issue, but not completely. We need to get the root certificate as shown below and complete the operations with what I describe as The Catch! Anyway, we need to start with the Root Certificate as follows:

Export Root Certificate
Log onto the server running Central Administration
Open the site containing the RSS feed that SharePoint should display with Internet Explorer. These instructions pertain to IE8/9.
Display the site certificate details by clicking on the padlock and selecting View certificates
Follow the certification path to the root certificate by selecting the Certification Path tab and selecting the top certificate
Click View Certificate
Click the Details tab
Click Copy to File
This will start the Certificate Export Wizard. Click Next on the welcome screen
Click Next on the Export File Format screen
Enter a filename for the root CA and append .cer, for example, c:\certs\thawte.cer.
Click Next
Click Finish

Create Central Administration Trust
Launch Central Administration
Click Security
Within the General Security section, click Manage Trust
Click New
Enter a descriptive name for the trust. For example, “Thawte Trust”, “Verisign Trust”, etc.
For the Root Authority Certificate, click Browse and locate the exported certificate
Click OK to establish the trust relationship

You are done, you think, but you go and try your RSS Viewer WebPart and the error is still there. Then… I will make a debugging/troubleshooting story short… you find this error in the SharePoint Logs:

The root of the certificate chain is not a trusted root authority

The Catch!
So you scratch your head, you think you have trusted the root authority already, more than once if you allow me to say it :) but then you see that, between the site you are accessing and the root authority, there is another certificate, as shown in the example below:

So, if instead of just exporting the Root (VeriSign) in this example, I export the 3 of them and trust those 3 certificates in my SharePoint Farm, as described in the step by step above, I will be able to see my RSS Viewer WebPart up and running without any other major issue.

If you ever encounter an issue with certificates and trusting the root certificate provider doesn’t solve the issue, try to trust the complete certification path instead, with as many copies of certificates as levels you have in your certification path. This will sort out your issue.

Wednesday, 3 October 2012

Read only fields in some lists? For some users only? Do it yourself as well!

Some months ago I posted a way to hide fields in a list form for some users or in some specific scenarios. A couple of days ago I was reading comments received to previous articles and one of them was asking how to make fields read-only instead of hiding them. It was an old comment so I hope that person has already found a way to do it. For the rest of the audience... here it goes!

How can we do it?
If you check my previous article (click here) you will see that I’m overriding the IsFieldExcluded method to decide whether a field should be shown to the end user. To achieve the desired “Read-Only” behaviour we need to override the CreateChildControls method instead. You can find below how it can be done re-using the same class I created in my previous post. I have added in-line comments to explain what I'm doing...

You need to deploy that dll to the GAC and create your own control template to make these changes visible in your system. I’m not getting into too much detail with those steps because I already described how to do it in Column Security Level in SharePoint? Do it yourself!

Once we have deployed our dll and control template, it is time to test it! As you can see in my in-line comments I have done a basic check of List and Fields by name, but it is obviously just an easy way to show the functionality. This solution should be a lot more robust if you were going to reach a real production environment with it. There are a million ways you could improve it but this is not the goal of this post.

The first image below shows how the form will be presented for an administrator and the second one how it will be presented to a contributor. The Admin Column is only editable by the appropriate user, with admin rights, while contributors can just see the content but they will not be able to modify it in this form. You can make read-only any field type, including custom field types.