Spatacoli
In the first post I said that there are a lot of good instructions for setting up Forms Based Authentication in SharePoint. I'm still not going to rehash those instructions, because for the most part they are easy. Setup the database, add a user or two, configure SharePoint for forms authentication and let it know the DB info. Simple right?
So let's complicate it a bit. If you follow the instructions and hit your SharePoint site you'll get a SharePoint looking login page. I want my own login page. Simple enough right? Set up a virtual directory in IIS pointing to a directory that will contain our application. Then set up your login page. There's an important thing to know. When setting up forms authentication in the web.config file, be sure to use the default cookie name, ".ASPXAUTH". If you don't then SharePoint won't think you are authenticated. Trust me, I went around and around trying to figure out why I was authenticated in my user management application but not in SharePoint.
My user management application is fairly simple right now, I have a login page, a default page that shows what user you are currently logged in as and some links to: a create user page and a change password page.
This is now working the way I want, but there are still two features that have been requested. First, the client wants to have a login box on their home page and have that authenticate the user in SharePoint. Out of the box SharePoint requires the post back from the asp.net page in order to perform the login. So sending the username and password to the /login.aspx page is not possible. I have my own login page though so I added code to it to listen for this form and authenticate the user.
After this authentication the user is left in User Management and not in SharePoint. The easy solution would be to set the defaultUrl in web.config to the SharePoint home page like this, "../".
The real twist here is that in the application that I'm setting up, the clients logging in don't have access to the root of SharePoint. They each have their own site buried in the /projects/ site. So I added a profile property called HomeUrl. When creating a user you set the appropriate home page for the user and when they login the login page reads this property and redirects the user to that page.
Easy right? Well no. In the third installment of this series I'll go over the problems I had with profiles in asp.net.
Posted: 25 July 2007 by Todd Anthony Spatafore
If you search the Internet you will find some very good instructions for setting up forms based authentication (FBA) in both Windows SharePoint Services v3 (WSS) and Microsoft Office SharePoint Server 2007 (MOSS2007). I won't rehash all those instructions here. However I do want to make a couple of observations. One person actually posted about a missing step which involves ensuring that the user account that your SharePoint Application Pool runs under has permission in your SQL Server. I think they assume you are just going to give that user owner rights on your aspnetdb database. I don't like giving that much permission to a limited user account.
The documentation from Microsoft states give that user read and write permissions on that database, but unknown errors kept occurring. What I ended up doing was adding the run time user to certain roles that aspnet_regsql.exe had set up in the aspnetdb database. Those roles were:
- aspnet_Membership_FullAccess
- aspnet_Personalization_FullAccess
- aspnet_Profile_FullAccess
- aspnet_Roles_FullAccess
I added these in addition to data reader and data writer. There was an additional role called aspnet_WebEvent_FullAccess. I don't know what that is for so I didn't set it. I'm sure I'll run across it in the future.
How did I know that I needed to set those? Well this leads me to my second tip. Some instructions for setting up FBA tell you to only use Visual Studio's Web Configuration tool to do the initial configuration and set up the user accounts. However, if you create a login page and try to log in using this login page you'll get some error messages that lead directly to the realization that the user account doesn't have the right perms.
This login page could be a whole application for user management. Read my next post when I explain why I set up the custom login page to begin with.
Posted: 25 July 2007 by Todd Anthony Spatafore
Tim Sneath posted a blog entry titled "From A to Z... 50 Silverlight Applications" Now I am really excited about Silverlight, but with the customers that I have to support I have to be realistic when it comes to developing solutions. Microsoft has stated that Silverlight 1.0 will be released this summer. For those of you new to Microsoft product development that means it will be released probably in October or November. I figure if I have a web application that needs to go live in December or maybe late November I'm pretty safe suggesting Silverlight version 1.0 as an alternative to Flash.
During Mix 07 I pointed out that they also released an "alpha" build of Silverlight 1.1 and all the really cool features were in that. Nobody with a Microsoft business card would even guesstimate when version 1.1 will be released (even after multiple shots at the friendly neighborhood bar). However, it seems that with all the ease of development built into version 1.1 nobody was paying attention to version 1.0.
Anyway, back to Tim's post today. He posted links to 50 Silverlight applications (which most are really technology previews than applications, but let's not dwindle on that). I went through and tried my best to find out what people are using. I was surprised to find that of the 50, 18 of them were written in version 1.0. Good job to those of you who wrote your demo in version 1.0. I'm proud of you. 5 of them I either didn't want to install (executable Silverlight? Why not just stick with WPF) or they required a login. One didn't work, and one was actually a duplicate from the version 1.0 pile. That left 24 that were written in version 1.1.
Now I understand the power that Silverlight 1.1 contains, but lets be honest, it's still an alpha build. Come on everyone, let's get the documentation and examples around version 1.0 up to the point that Microsoft is willing to say "We will release version 1.1 in April of next year." That way you'll know that sometime around September of next year you can start demonstrating your great Silverlight 1.1 applications to a released product.
Posted: 09 July 2007 by Todd Anthony Spatafore
With Visual Studio 2008 I've done something I never thought I'd do. I'm actually using a beta of Visual Studio to write production code at work. I'm doing that not because it's the most stable platform, it's at beta 1 quality right now. I'm using it because of all the great features it adds as well as the unique ability that it can now target a .NET Framework that is different from the one it was written for. More on that in another post.
The reason that I'm writing this post is to point you to a blog by Scott Guthrie that he posted yesterday. It is describing the great and wonderful features of JavaScript Intellisense in Visual Studio 2008. I highly recommend reading this post:
http://weblogs.asp.net/scottgu/archive/2007/06/21/vs-2008-javascript-intellisense.aspx
Posted: 23 June 2007 by Todd Anthony Spatafore
Yesterday I was writing a SQL Query that would return data to be displayed in a drop-down list. Rather than add a row first that contained your typical "Select One" and then bind the data, I wanted the data returned from my SQL Query to contain that row first.
I've done this in the past and I can't remember how I did it. This time I decided to use a UNION operator.
For example, let's say I have a SQL database with a table "Table1" and in Table1 there are two columns, "A" and "B". "A" holds some id number that starts at zero, and "B" has some label that I want to display in the drop-down list. Normally my SQL query would be just:
SELECT A, B FROM Table1
However, because I wanted to inject a row at the top I did this instead:
SELECT -1 AS A, 'Select One' AS B
UNION
SELECT A, B FROM Table1
I'm sure there are other ways of doing this. Please comment and let me know what they are. Maybe one of them is the way I did it a few years ago.
Posted: 14 June 2007 by Todd Anthony Spatafore
Fret not, this is not the longest product name in Microsoft history. This is a very useful product and I use it on my main development machine so that I can have multiple development environments for all of my many different projects. I would highly recommend this over VirtualPC 2007.
The service pack adds so many new features it really should be called Microsoft Virtual Server 2005 R3. You can now use this natively on a 64-bit OS and it also makes use of hardware virtualization. You can cluster these, but I've never tried that, and you can use VSS (shadow copy not source safe) to backup running VM's.
Check it out here.
Oh, and it's enterprise class software for free! Maybe now that they are finally done with it they will kick Windows Server Virtualization into high gear. I just wish I didn't have to wait until the end of the year to get a beta of that. WSV will allow 64-bit guests. VS2005R2SP1 will only allow 64-bit hosts.
Posted: 12 June 2007 by Todd Anthony Spatafore
Coding Horror has a post today with a title, "Don't Ask -- Observe". In it he documents how if you ask a user what features from a set they want they will tell you they want them all. Technically he cites a "digital device" and when asked to chose from 25 features most people wanted about 80% of them. However, in using the object with all those features they longed for the simpler object.
You should read the article because it's a very good analysis of user interaction design and why you shouldn't ask, but observe the users using various versions of a product, be it a web site or an application.
View article...
Posted: 06 June 2007 by Todd Anthony Spatafore
Well, maybe not the whole thing, but you will be able to serve static HTML, Classic ASP, JSP, PHP, and ColdFusion from a Server Core server. This is a really cool thing and I think it's a great application for the Server Core. It seems to me a more reasonable version of Windows than the Web edition.
This was announced today at TechEd. I am kicking myself that I am not there right now, but I am getting as much information as I can from here.
Posted: 04 June 2007 by Todd Anthony Spatafore
I've noticed a disturbing trend lately with regards to the onload event of an HTML page. This trend includes one developer overwriting the onload event with their own function. I've seen some web pages that have this for the body tag:
<body onload="myLoadFunction();">
And because this doesn't seem to work for them they put this right before the closing body tag:
<script type="text/javascript">
myLoadFunction();
</script>
</body>
They do this without first finding out why the onload doesn't work. The issue is that in one of the many script libraries that they've included in their document is a function that destructively adds its own onload function into the DOM.
In a JavaScript book that I read a while ago the author included this code for adding an onload function in a non-destructive way:
function addLoadEvent(func)
{
var oldonload = window.onload;
if (typeof window.onload != 'function')
{
window.onload = func;
}
else
{
window.onload =
function()
{
oldonload();
func();
};
}
}
To use this after your function that you want to add to the onload event just call:
addLoadEvent(myFuncName);
I believe I got this function from the O'Reilly book "JavaScript: The Definitive Guide" by David Flanagan.
If you are using the Prototype framework you can just use the observe method on the Event object to do this. More information can be found here.
Posted: 04 June 2007 by Todd Anthony Spatafore
Today I got the new version of Windows Live Writer. I'm in the beta program for it and as such I am testing it. One thing that I found annoying about the last version was it's use of the WebLog API. I implemented this API for my blog and I noticed that when listing out the sites available for publishing Windows Live Writer used the Name of the blog and not the Blog ID. Microsoft Word also allows you to publish to your blog, but it does the right thing and sends the Blog ID. I'll have to crack open my debugger to see if they fixed that.
Posted: 30 May 2007 by Todd Anthony Spatafore