かけがえのない愛

• ** Note: This FBA configuration method is based upon the pre-release version of SharePoint 2010 and may change in the final release **

  Setup your SharePoint 2010 site

  1. In Central Admin, create a new site. By default, this will use Windows Authentication. Since we haven’t setup FBA yet, we need to setup the Web Application first as a Windows site.
  2. Create the Web Application
  3. Create a default Site Collection, and make a windows user (below we’ve used the Administrator account) a Site Administrator.
     

  Setup your User Database

  1. Setup the ASP.NET Membership Database. Note: You can use custom membership stores, DotNetNuke, even Live! credentials. But the .NET membership database is very simple to setup. This requires the SQL Server database. You can use the integrated version that is supplied with SharePoint, Express or a fully featured SQL Server (Standard or Enterprise) Edition.
  2. Find the setup file aspnet_regsql.exe located at either of the following locations depending upon your OS:
     %windir%\Microsoft.NET\Framework\v2.0.5027
     %windir%\Microsoft.NET\Framework64\v2.0.5027
  3. When the ASP.NET SQL Server Setup Wizard appears, select “Configure SQL Server for application services”, then click Next
  4. Enter the SQL Server and Database name.
     
  5. Above, I have named the database FBADB
  6. Click Next and Finish

  Provide Access to the Membership Database

  As an administrator, you’ll be able to add and modify user accounts. But from the SharePoint runtime, we’ll have to provide access to the membership store. This can be done in two ways. If using SSPI (Integrated Security) for the connectionstring from SharePoint, you’ll need to determine the Service Account that runs the Application Pool. Then you’ll provide access to this windows (or service) account in SQL Server to the FBADB database. Or, if you don’t want to use SSPI, or don’t want to take the time to figure out the startup service account for SharePoint you can simply create a login to the FBADB database. Following are steps for the second approach.

  1. Open SQL Server Management Studio (SSMS 2008) and select Security , then Logins
  2. Right Click Logins and Select “New Login”
  3. Create a SQL Server account. Below, we’d created the account FBAService with password pw
     
  4. Select “User Mapping”
  5. Mark the checkbox next to FBADB, and select the row.
  6. In “Database role membership”, make the user a dbo_owner.
     
  7. Click OK to save the new user.

  Setup IIS 7.0 Defaults

  1. Open up Internet Information Services Manager 
  2. Select the Web Server, then double click Connection Strings
     
  3. Click Add..
  4. Enter the Server (.), Database (FBADB) and the Credentials for the user FBAService (by clicking the Set button). If you want to use SSPI, simpy select “Use Windows Integrated Security” instead.
     
  5. Click OK to save
  6. Click to Select the Server from the Connections pane again, and double click Providers.
  7. On the Feature dropdown, select .NET Users. Your machine may take a while to respond while the configuration is read.
  8. On the Actions menu, click Add..
  9. On the Add Provider form, select SqlMembershipProvider as the Type
  10. Provide a name: FBA.
  11. Drop down ConnectionStringName and select FBADB
  12. Set any other parameters you’d like. I set some Password related options for user interaction later.
      
  13. Click OK to save
  14. From the Feature dropdown, select .NET Roles, then click Add..
  15. Provide a name: FBARole, and select Type: SqlRoleProvider
  16. Select the ConnectionStringName: FBADB
      
  17. Click OK to save the .NET role.

  Setup the FBA Zone in SharePoint 2010

  1.  Browse to SharePoint 4.0 Central Administration, Select Security
     
  2. In Application Security, select Specify Authentication Providers
     
  3. Select the Web Application.
  4. Click the Default Zone.
     
  5. Ensure the Web Application is the correct one on the next page!
  6. Change Authentication Type to Forms
  7. Check Enable Anonymous (* note that this does not immediately enable Anonymous access; it merely makes the option available on the front-end web application *
     
     
  1. Click Save.
  2. When the process is finished, the membership provider should now display FBA.

  What SharePoint has done behind the scenes is make the necessary changes to the IIS website to support Forms based authentication. But we still have a little problem. If we browse to the site right now, we won’t be prompted for Windows credentials anymore. Not only do we NOT have a user in the .NET membership database, but we have no FBA based administrators. Let’s tackle that next.

  IIS 7.0 Web Site Configuration for SharePoint 2010 FBA

  1. In IIS Manager, select the SharePoint site. In this example, we used the default site (80).
  2. Double click the .NET Users icon
  3. Click Set Default Provider from the actions pane on the left and select FBA
     
  4. Click OK to save.
  5. While we’re here, let’s add our first user. This will be used as an administrative account on the FBA site. Click Add..
     
  6. Select a User, Email and Password. Depending upon parameters you defined earlier you may be prompted with challenge/response questions.
     ** The password may require some strength by default. If you receive an error message that states the “password is invalid”, simply add a number or non-alpha character.
  7. Next, select the SharePoint Central Administation v4 web site from the connections menu in IIS.
  8. Click .Net Users, then in the Actions menu select “Set Default Provider” and set that to FBA.

  Set the User as Site Administrator on the SharePoint 2010 Web Site

  1. In SharePoint Central Admin v4, go to Application Management
  2. In the Site Collections section, select “Change Site Collection Administrators”
     
  3. On the next page, select the Site Collection we’ve been using.
  4. You’ll note that the primary site collection administrator has a little red squiggly. Why? We don’t have Windows Authentication enabled for this site and therefore no way to resolve. Delete the Administator account.
  5. In the field type the user created above (we used fbaadmin), then click the Check Names button. You should see a black underline noting that the name was resolved.
     

   

  Test the site

  1. In a Web Browser, when you access the site http://localhost (if that’s what you used), you’ll be presented with the SharePoint login screen, not a Windows login pop-up. (Wow, and you thought SharePoint 2007 had a spartan login screen. Get a load of this !)
     
  2. Login with the fbaadmin credentials and you should be able to access the site.
     

   

  Add the reference to the user friendly people picker

  You know the picker…so you can easily find those needles in the haystack. For that to work in Central Admin and this site against your .NET membership database, you need to add a reference to the provider.

  1. In IIS Manager, browse to the Central Admin web application. Explore the folder and find the web.config file. Open in Notepad.
  2. Find the <PeoplePickerWildcards> node and use the following:

   

  <PeoplePickerWildcards>
  <clear />
  <add key=”FBA” value=”%” />
   </PeoplePickerWildcards>

   

  Final Note

  If you plan to use the same membership database for multiple sharepoint sites AND you choose to encrypt the passwords, you’ll need to add one final step. In IIS 7,  on the first site, select the Machine Keys icon. Copy those keys. In the next site that you create, you’ll need to use the same machine keys and disable “Automtically Generate” and disable “Generate Unique Key”. This is crucial as the machine key is used to determine the encrypted password that is passed back to the .NET membership database.

This post covers, how to hide the button from the Server Ribbon from SharePoint 2010,

We are going to use the Feature files to hide the SharePoint 2010. First we will create a Feature file and then we’ll create a element file.

Feature.xml

Elements.xml

There was a HideCustomAction element used to hide / remove the button from Server Ribbon Control. If we want to remove particular Button / Group / Tab we have to specify the respective Button’s Location ID on HideActionId attribute.

HideActionId – Specifies the Location ID of the custom action to hide

Location – Specifies the Parent location Id of the custom action to hide.

By using HideCustomAction, we can hide / remove the Button, Group, Tab.

Example

For example I have provided a element.xml for hiding the Upload Multiple button from the Document Library.

Elements.xml

The above xml file, used to remove the Upload Multiple Documents from the Server ribbon on Document Libraries.

I have added the code in codplex, http://iotapsp.codeplex.com/

I’m responsible for a couple of SharePoint 2007 (MOSS) farms where all SharePoint servers showed the following error in the system event log:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: 1/17/2007
Time: 4:31:48 AM
User: <DOMAIN>\sa_adm
Computer: <SERVER>
Description:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{61738644-F196-11D0-9953-00C04FD919C1}

to the user <DOMAIN>\sa_adm SID (S-1-5-21-162740987-2502514208-3469184634-1119). This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The error would show up at regular intervals in clusters (4-12 at roughly the same time) and there would be a few more with other usernames and other class id’s. I had two fully functional farms with 3 SharePoint servers each and a number of standalone development machines. They all exhibited similar behavior.

The error listed above is that the user running the Central Administration web application doesn’t have access to activate (instantiate) the IIS WAMREG admin Service object (search the registry for the CLSID).

Strangely enough I didn’t observe any functional errors in the farms as a result of these errors – nothing seemed amiss (plenty of stuff didn’t work but none directly related to this).

An important note here is that the service users used in the farm are all standard domain accounts and only given additional local rights by the SharePoint installer and Central Administration (The one exception is that “aspnet_regiis -ga IIS_WPG” was executed after SharePoint install and initial configuration).

The following procedure removes the errors from the event log without compromising the entire security setup (yes, assign administrative rights for the service users would do the trick too) and has been verified by Microsoft consulting services.

On each SharePoint server do the following:

1. Click Start, Click Run, type “dcomcnfg” and click ok
2. Expand Component Services / Computers / My Computer / DCOM Config

   

3. Right click IIS WAMREG admin Service and choose Properties
4. Click the Security tag
5. Click Edit under Launch and Activation Permissions

   

6. Click Add
7. In the Select Users, Computers or Groups type computername\WSS_WPG and
   computername\WSS_ADMIN_WPG

   

8. Click ok
9. In the Permissions for UserName list, click to select the Allow check box

   

10. Click Ok twice.
11. Go back to the main Component Services window, right click the “netman” node and select Properties
12. Click the security tab
13. Click Edit under Activation Permissions
14. Click Add on the Launch Permissons Dialog
15. Enter “NETWORK SERVICE” in the edit box
16. Click Ok
17. Enable all the checkboxes for the NETWORK SERVICE

    

18. Click Ok twice
19. Finally, run “IISReset”

That should be it!

A little less event log errors to worry about – there are plenty left on a reasonable complex SharePoint farm…

As a side note: The above error also shows up in other applications as well – I’ve heard about it for exchange servers as well and more applications are probably affected. In that case you’ll need to search the registry for the actual DCOM application and assign the rights to another local group (or username as a last resort).

http://soerennielsen.wordpress.com/2007/04/16/fixing-those-pesky-dcom-event-log-error-10016-in-a-sharepoint-farm-environment/

private static void EnablingAlternateLanguages(SPSite site, SPWeb web)
{
    SPWebTemplateCollection templates = site.GetWebTemplates(web.Language);
    SPWebTemplate template = templates[web.WebTemplate];

    if (template.SupportsMultilingualUI)
    {
        web.IsMultilingual = true;

        SPLanguageCollection installed = SPRegionalSettings.GlobalInstalledLanguages;
        IEnumerable supported = web.SupportedUICultures;

        foreach (SPLanguage language in installed)
        {
            CultureInfo culture = new CultureInfo(language.LCID);
            if (!supported.Contains(culture))
            {
                web.AddSupportedUICulture(culture);
            }
        }
    }
}

방화벽 설정이 되어 있는 웹 서버에서

80 포트가 아닌 별도의 포트로 웹 응용 프로그램 생성하면

외부에서 사이트 접근이 되지 않아 당황스러울 경우가 있습니다.

Windows Server 2008에 SharePoint 설치 시,

80포트와 중앙관리 포트 및 웹 서비스 등 기본적인 것에 대해서는 인바운드 규칙에 추가되어 예외 처리되어 있지만,

별도의 포트의 경우 수동으로 추가 해주셔야 합니다.


[규칙 추가 방법]

1.     제어판에서 “시스템 및 보안 –방화벽 상태 확인(Windows 방화벽) “을 클릭합니다.

2.     좌측 메뉴의 “고급 설정”에 들어갑니다.

3.     인바운드 규칙에 보시면 아래와 같이 기본 포트에 대해서는 규칙 추가되어 있는 것을 볼 수 있습니다.

4.     새 규칙을 클릭 하여, 포트 선택합니다.

5.     TCP 선택, 특정 로컬 포트에 웹 응용 프로그램 포트를 지정합니다.

6.     연결 허용을 선택합니다.

7.     규칙 적용되는 시기를 선택합니다. (필자는 전체 선택함)

8.     규칙에 대한 이름 및 설명 적어 주시면 됩니다.

SharePoint 2010에서 사용자 별로 다국어 지원 기능이 추가 되었습니다.

[SharePoint 2010 다국어 지원 설정]

다국어 설정은 사이트 단위로 설정 하게 됩니다.

 * 언어 선택시 lcid 의 쿠키 값에 현재 설정된 언어 코드가 설정됨 (한글 : 1042 , 영문 :1033, 일본어 : 1041)

"Lcid" 쿠키에서 현재 사용자가 설정한 언어 코드를 읽어와 Resources 폴더에 존재 하는 Resources파일을 기준으로 언어 설정을 변경 합니다.

Custom Field 다국어 설정 시 static name으로 필드 생성 합니다

Display Name 설정을 다음과 같이 Resources 파일과 키를 설정해 주시면

Core Resources 파일의 objectiv_schema_mwsidcamlidC24 키로 설정된 언어 값을 가지고 옵니다.

$Resources:core,objectiv_schema_mwsidcamlidC24; 

Visual Studio 2010 개발 툴에서 SharePoint 2010 개발 시,

SPSite 객체를 가져오는데 아래와 같은 FileNotFoundException이 발생하여 당황스럽게 하는 경우가 있습니다. (사이트는 실제로 존재) 

실행 소스

using (SPSite site = new SPSite("http://shing208"))

using (SPWeb web = site.OpenWeb()) { … }

에러 메시지

FileNotFoundException

The Web application at http://shing208 could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application.

원인 및 해결책(체크 사항)

SharePoint 2010 버전은 64비트만 지원하는데, 개발 진행시 빌드 옵션 사항이 32비트로 지정되어 있어 발생하였습니다.

해결 방법은 아래 이미지와 같이 프로젝트 속성으로 들어가, 빌드 플랫폼 타켓을 x64로 변경해주시면 됩니다.