Download the slide deck : https://drive.google.com/file/d/0B5Qpxy54-PeeWFdYZlRHRnViNnM/view?usp=sharing
Tuesday, August 15, 2017
All about SharePoint Licensing
Download the slide deck : https://drive.google.com/file/d/0B5Qpxy54-PeeWFdYZlRHRnViNnM/view?usp=sharing
Monday, April 10, 2017
Document Upload IFrame inherits Custom Master Page
I developed a MasterPage with an proper Header and Footer and then we deployed the same to staging site but to my surprise i saw the footer appearing in the iframe when I tried uploading the document (Image a).
I googled and found out that there are few CSS class which needs to be placed based on your requirememt
- s4-notdlg :To avoid applying customizations to dialogs add the CSS class to all HTML elements you wish to hide.
- ms-dialog :If you are applying custom CSS to standard HTML elements you'd need to use the CSS class ms-dialog to reset them to their respective default values.
Once I applied the css to the footer the Upload Iframe window looked perfect.
So the code change was as below
Sunday, July 12, 2015
Setting up SharePoint 2013 on Azure
I was planning to have a blog on configuration of SharePoint on Windows Azure from
a long time but was not able to get time, but finally I managed to start the same.
At least there will be 4 minimum steps for setting up but can extend based on how
large infrastructure you want to set-up.
- Setting up and configuring Network Components
- Setting up and configuring Domain Controller
- Setting up and configuring SQL Server
- Setting up and configuring SharePoint server 2013
So before we start with the above process let’s look into the architecture of what
we plan to develop.
So on a high level we have above 1 Virtual Network, 1 Affinity Group, 3 cloud services,
2 VM Machines with their corresponding Availability set.
Setting up and configuring Network Components
Now starting with the first step of creating and configuring the Network Component. Things that we are planning to do here are as follows
- Setting up the Affinity Group
- Setting up Windows Azure Storage account
- Register a DNS Server in Windows Azure
- Setting up VPN Network
- Planning the Cloud Service
Setting up the Affinity Group
When you use an affinity group, Windows Azure will keep all services that belong
to your affinity group running within the same data center as close as possible
to each other to reduce latency and increase performance.
How to do this.
- Log on to the Management Portal.
- In the navigation pane on the left, click Settings, and then click Affinity Groups at the top of the page.
- On the Settings/Affinity Groups page, click Add at the bottom of the page. If you
are creating the first affinity group for this subscription, you can click Add an
Affinity Group.
- On the Specify affinity group details page, enter the following information, and
then click the check mark.
- Name: Enter a name for this affinity group.
- Description: Enter a description for this affinity group
- Region: Select the region where this affinity group is to be located.
- Once created it will display as below on the Settings > Affinity screen
Setting up Windows Azure Storage Account
Virtual Machines that are provisioned in Windows Azure are stored in the world-wide
cloud-based Windows Azure Storage service. In terms of high availability, the Storage
service provides built-in storage replication capability. In addition, Windows Azure
Storage provides a geo-replication feature for also replicating your VMs to a remote
data center region.
Now how to create a storage account
- Log on to the Management Portal.
- Click Create New, click Storage, and then click Quick Create.
- In URL give a name in lowercase for the storage account name. I gave storageaccsp2013.
- In affinity group select the Affinity group you created earlier.
- In Replication, select the desired level of replication for your storage account. The recommended replication option is Geo-Redundant replication, which provides maximum durability for your data.
- Click Create Storage Account.
Note: When you create a VM storage account gets created automatically and hence it is not necessary to create it but it is good practice to have one created.
Register a DNS Server in Windows Azure
You may need to allow VMs and role instances you create to communicate with other
VMs and role instances. Although this communication can be done by using IP addresses,
it is much simpler to use hostnames that can be easily remembered. However, these
hostnames must be resolved to IP addresses in some way to establish communication.
Now how to create a DNS Server
- Log on to the Management Portal.
- Click Create New, click Network Services, and then click Virtual Network and then Register DNS Server.
- Complete the DNS Server fields as follows:
- NAME: DNSSP2013
- DNS Server IP Address: 10.0.0.4
Setting up the VPN Network
A virtual network is a network overlay that you can configure in Azure. VMs and
services that are part of the same virtual network can access each other. However,
services outside the virtual network have no way to identify or connect to services
hosted within virtual networks unless you decide to configure that specific type
of connection, as in the case of VNet to VNet configurations. This provides an added
layer of isolation to your services. Azure Virtual Network also lets you extend
your network into Azure and treat deployments as a natural extension to your on-premises
network.
Just like a real network, the virtual network needs a range of IP addresses (known
as an address space) to assign to virtual machines that you place within it. The
virtual network also supports subnets, which need their own address spaces, derived
from the virtual network address space.
Extract from:
https://msdn.microsoft.com/en-us/library/azure/jj156007.aspx
- Log on to the Management Portal.
- Click Networks and then click “Create a Virtual Network”
- In the Virtual Network Page 1 provide the Name and Region of the VPN.I provided
- Name: VNSP2013
- Location: Southeast Asia
- In the Page 3 of the Virtual Network select the DNS Servers and VPN Connectivity.
We already created the DNS Server earlier choose those.
- Lastly in the Page 3 of the Virtual Network select the Virtual Network Address Space
and create subnets for the farm.
First thing why subnet: Subnets as a way to partition networks into logical segments for greater ease of administration. When subnets are properly implemented, both the performance and security of networks can be improved.
As per our architecture we will be creating three Subnets
- First for DC/AD VM (DCSubnetSP2013)
- Second for SharePoint Web Server VM (WebSubnetSP201)
- Third for Database Server VM (DataSubnetSP201)
- After completing these details click on the Ok arrow and after some time the VPN
will be provisioned.
Planning the Cloud Service
A cloud service in Azure is a logical container within a virtual network for hosting
virtual machines. Cloud services are typically used to group virtual machines by
role, based on functionality that occurs at the cloud service level.
Some important points about cloud Service
- Cloud services and the virtual machines within them can be started and stopped separately.
- Cloud services can load balance endpoints. For example, a cloud service can load balance requests to two or more SharePoint web servers contained in it.
- You can export and import a cloud-service configuration. The configuration controls monitoring, remote access, and other settings for the virtual machines contained in the cloud service.
- You can use a cloud service to auto-scale roles (grow computing resources dynamically), but this is not supported by SharePoint. Do not create additional cloud services for this purpose.
So as we are planning for three Virtual Machines which will also serve different functionalities hence advised to have 3 cloud service.
- AD/DNS
- APP/Web Server
- Database Server
- Log on to the Management Portal.
- Click Create New, click Compute, and then click Cloud Service and then Quick Create.
- Provide the URL and Affinity group of the Cloud Service
- URL: CSADDNSSP2013
- Region/Affinity Group:AGSP2013 (We created this earlier)
- Similarly as above create Cloud Service for other Items. After the creation you
will have 3 cloud services.
This completes the first part of setting up the Network infrastructure for the VM’s.
Saturday, June 6, 2015
Windows Server Machine: How to disable SSL v3 Protocol
Now in the last article “Are you POODLE secure? Does your server still Supports SSL version 3” we discussed on the POODLE attack and we learned that best prevention is to disable SSL v3 and SSL v2 protocol if they are still enabled.(Note: Unless your site can work only on IE 6 or older browsers. I don’t think this will be the case for most of the sites.)
Now coming to how we disable the SSL v3 and SSL v2. (Please note we are going to make changes into the registry, and hence it is always advisable to take backup of your registry before making any changes.)
Also the steps discussed here are tested on Windows server 2008RT and should also work for windows server 2012.
- Open the Registry Editor and run it as administrator. For example, in Windows 2008:
- On the Start screen type regedit.exe.
- Right-click on regedit.exe and click Run as administrator.
- Once the Registry Editor window is open, go to the path below
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
Disabling SSL 2.0
- When you open SSL 2.0 folder you will see just one subfolder called Client we need
to add new one called Server, so in the tree structure 1) Right-click on SSL 2.0
folder, and in the pop-up menu, click New > Key. 2) Name the new Key , Server
- Now under SSL 2.0, 1) right click on Server, and in the pop-up menu, click New >
DWORD (32-bit) Value. 2) Name the value Enabled
- Now this disables SSL 2.0
Disabling SSL 3.0
- In the navigation tree, right-click on Protocols, and in the pop-up menu, click
New > Key. Name the Key SSL 3.0
- In the navigation tree (Left Side), (Red Highlighted in pic below)
- Right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
- Name the Key as Client
- Right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
- Name the Key as Server.
- Now under SSL 3.0, 1) right click on Client, and in the pop-up menu, click New>DWORD
(32-bit) Value. 2) Name the value DisabledByDefault
- In the navigation tree, under SSL 3.0, select Client and then, in the right pane,
double-click the DisabledByDefault DWORD value and in the Edit DWORD (32-bit) Value
window, in the Value Data box change the value to 1 and then, click OK.
- In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up
menu, click New > DWORD (32-bit) Value. 2) Name the value Enabled
Now just restart your Windows server.
You have successfully disabled the SSL 2.0 and SSL v3.0 protocol.
Thursday, June 4, 2015
Are you POODLE secure? Does your server still Supports SSL Version 3
Lately we performed a scan on an internet portal using the website:
https://www.ssllabs.com/ssltest/analyze.html and must tell you the scan
was eye opening and Jaw dropping. Most important SSL 3.0 was supported and because
of this Poodle
Let’s understand by the diagram above as to how it works on a high level
The key issue is the integrity of the padding on SSL 3.0 block ciphers. This padding is not verified by the protocol. This will allow an attacker to alter the final block of the SSL cipher if the hacker can successfully hijack the connection from an end user to the Web server.
There are a couple of caveats to the vulnerability; for the attack to work, the attacker must be on the same wireless network as you or in the path of your communications (as shown above), and your client must be running JavaScript.
This vulnerability in SSL 3.0 that can be exploited to steal certain confidential information, such as cookies. By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website.
Only if you rely on older browsers like IE 6 and others which still use SSL 3.0 then you have to think else I believe disabling SSL 3.0 altogether is a way to go.
So one backup plan involves preventing the "downgrade dance" that makes the Poodle attack possible. That patch, called TLS_FALLBACK_SCSV, basically forces the browser to inform the server when it offers a weaker security protocol, as it might during a "downgrade dance" attack. That allows the server to reject the connection. Unfortunately, the TLS_FALLBACK_SCSV workaround is only effective when both browsers and servers have been patched.
Please do check the coming article on: **COMING SOON** Windows Server Machine: How to disable SSL v3 Protocol
POODLE stands for (Padding Oracle On Downgraded Legacy Encryption), In this by using
a series of connection failures between a browser and website, an attacker can trigger
what is called a “downgrade dance” where the browser eventually falls back to using
the SSL 3.0 protocol to maintain communications. When this happens, the attacker
can use the exploit within SSL 3.0 to grab sensitive data.
Let’s understand by the diagram above as to how it works on a high level
- You use your browser to access a site and provide secure details believing TLS 1.2 is there to protect and your request is passing through it.
- Hacker does the downgrade or fallback on the earlier. That is, even if both the server and client support more modern protocols, as long as they're willing to support SSLv3, an active attacker can force them to use this old, terrible protocol. In many cases this fallback is transparent to the user.
- Now the request is send through the old SSL 3.0 protocol.
- Server respond by using the same SSL 3.0 which because of its flaws, the response can be intercepted and then attacker can hijack sessions and confidential information
The key issue is the integrity of the padding on SSL 3.0 block ciphers. This padding is not verified by the protocol. This will allow an attacker to alter the final block of the SSL cipher if the hacker can successfully hijack the connection from an end user to the Web server.
There are a couple of caveats to the vulnerability; for the attack to work, the attacker must be on the same wireless network as you or in the path of your communications (as shown above), and your client must be running JavaScript.
This vulnerability in SSL 3.0 that can be exploited to steal certain confidential information, such as cookies. By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website.
How to stop poodle attack
I have not seen till now any way to patch SSL 3.0 against the POODLE, but still
why to take risk when you can handle it by disabling SSL 3.0 altogether.Only if you rely on older browsers like IE 6 and others which still use SSL 3.0 then you have to think else I believe disabling SSL 3.0 altogether is a way to go.
So one backup plan involves preventing the "downgrade dance" that makes the Poodle attack possible. That patch, called TLS_FALLBACK_SCSV, basically forces the browser to inform the server when it offers a weaker security protocol, as it might during a "downgrade dance" attack. That allows the server to reject the connection. Unfortunately, the TLS_FALLBACK_SCSV workaround is only effective when both browsers and servers have been patched.
Please do check the coming article on: **COMING SOON** Windows Server Machine: How to disable SSL v3 Protocol
Monday, June 1, 2015
BASICS OF CONTENT QUERY WEBPART: PART 1
CQWP has been around from ages but still I find it a most important component for
any developer to rollup content over several different scopes, anywhere from a single
list or library, to multiple list or libraries across an entire Site Collection.
CQWP is used for aggregating content from multiple data sources across your Web
site, and then present it all in one place. On top of this you can present the information
with your own custom UI by manipulating XSLT and CSS.
In this multi-part series I will be dwelling into various aspects of the CQWP
PART 1: Basics of CQWP
Part 1 : BASICS OF CONTENT QUERY WEBPART
In this part we will learn how to configure and customize the CQWP. This part is intended to the audience who have little or no experience with the CQWP.
- Adding CQWP to the Site
- Choosing Source or place from where data will be fetched.
- Learning the Additional Filters
- Presentation Section (Presenting the CQWP)
Adding CQWP to the Site
So let’s start by adding CQWP to our site.
- Open your SharePoint site and click the Site Actions drop-down and select Edit Page.
- Click on the Add a Web Part Link which open the Web part Gallery and then follow numbering to include the webpart.
- This will add the webpart and now to configure the webpart click “Edit the webpart”
as shown
Choosing Source or place from where data will be fetched.
- Expand the Query Category in the Web Part Property Pane. This is basically used to choose your source and define list and content type based on that. There are three sources to choose from.
 |
 |
Learning the Additional Filters.
You can filter the data based on the columns/properties of the List. For E.g. I
have a list “External News” with a column called “News Category” where I have category
like “Political” and “Business”, now by default when I connect my list to CQWP then
it will show all the items of the list as shown fig 4
So now if I want to show the “Political” news category then do as below, this will filter out the based on the “News Category” Political.
In SharePoint 2010, 2 new more advanced and dynamic way of filtering were introduced
PageFieldValue: Based on the field value present on the Page Layout, it will filter the items on the Content Query list. Let’s understand by example.
I have a Page Layout field called “Title” and based on the value of the Title I want to filter the “News Category” column of the List “External News”.
Now If I keep the page Title as “Business” and also changed the Content Query Filter as shown below then based on the page Title the data will be filtered from the List.
PageQueryString: This one I like the most. Let’s keep the same example. Define the filter as shown below [PageQueryString:
Using the query string parameter is better when you want to show different sets of results in a web part without having to make a new page for each different results set.
Presentation Section (Presenting the CQWP)
- Grouping and Sorting: You can select the column by which you want to
group and sort the data.
For e.g. I want to group the data based on the “News Category” column and sort based on “Created” column also u can tell whether you want to sort in Ascending or Descending order and limit the number of items to display. - Styles: These define what information and how that information is displayed.
I always feel styles section as a great value add to the CQWP. You can define style
for the Group Style and Item Style, these styles are XSL templates, not CSS styles.
You can create your own XSL templates. How to create styles will be part of the
later series but just to show their power here is a small example.
E.g. In the earlier list if I want to show the description of the title (In the list I have a column called Notes) and have the group heading as large text then this can be done as below.
Note: The “Fields to do display” section fields will change based on the
“Item Style” you choose and you need to provide the column name from your list to
display items.
I hope this walkthrough helps people configure and use the Content Query Web Part.
Rest of the Article’s on other functionalities of the CQWP will be coming soon.
I'd be interested to hear and see examples of how people are using the web part.
So, post your comments!
Monday, April 1, 2013
How to Customize/Replace the “You are not allowed to respond again to this Survey” SharePoint 2010 Survey Message
Survey Questions can be easily created on SharePoint 2010, where it is often required
that no user fills the Survey twice. This can be easily achieved in OOB (Out of
Box) fashion.
But the problem is that user sees the error message like the one shown below (Pic 1) which will definitely not look good on your Site and there is no easy way to change this.
There are many ways to fix this issue but the approach which i applied was on the client side Ecmascript method. As shown in the image on left we will be performing the following tasks.
But the problem is that user sees the error message like the one shown below (Pic 1) which will definitely not look good on your Site and there is no easy way to change this.
There are many ways to fix this issue but the approach which i applied was on the client side Ecmascript method. As shown in the image on left we will be performing the following tasks.
- Create a Link to Survey Question.
- Include a CEWP on the page where the image having link to survey question will be shown.
- The code in CEWP will checks if user has responded to survey earlier
- Based on response Show either "Thanks for feedback :Image 2" or "Fill the Feedback: Image 1"
How to get the Link to Survey Questions
- Open the Survey List and get the code for replying to survey as shown below
- Copy the code in a Notepad file. This will be looking somewhat like the below code.
- Now add the CEWP to the page where you want the user to click on the Image to Fill up the Survey. I have shown the below image as the link to survey in my example.
- The image we will be showing after the user fills up the survey is (This image will not have any hyperlink)
- So to do this transition we will put the below code in the CEWP
So we will now never get the error message that the user has not registered becuse if the user is already registered then we will not show the hyperlink to the survey questions..
Subscribe to:
Posts (Atom)