Alonso Robles

When doing custom development for MOSS 2007 or WSS 3.0, the PeopleEditor class can come in handy. However, it seems that it begins misbehaving when the the Visibility attribute is changed from its default value of true. Recently, I had the need to make it disappear and reappear depending on certain conditions in a custom form that was developed and I ran into this problem. The work around simply involves using a display style attribute. To make control invisible, set the display style attribute value to none. To make the control visible again, set the display style attribute value back to block.

Here is a sample C# method that I used to make this happen:


private void SetPeopleEditorVisibility(ref PeopleEditor pe, bool visible)
{
  if (pe.Style.Keys.Count > 0 && pe.Style["display"] != null)
  {
    pe.Style.Remove("display");
  }
  if (visible)
  {
    pe.Style.Add("display", "block");
  }
  else
  {
    pe.Style.Add("display", "none");
  }
}

When developling for SharePoint, I find myself always turning on the call stack and disabiling the custom errors in my development environment. It really does help when trying to debug run-time problems. I know there a few posts out there that describe how to do this, but I figured I would repost it as a reference for myself (which you are welcome to use).

Just remember that I do this in my development environment only. I don’t recommend changing the web.config files in any other environment.

Enabling the Call Stack

Set the value CallStack attribute in the SafeMode element in the web.config file to true.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <configuration>
  ...
  <SharePoint>
   <SafeMode MaxControls="200"
             CallStack="true"
             DirectFileDependencies="10"
             TotalFileDependencies="50"
             AllowPageLevelTrace="false">
    ...
   </SafeMode>
   ...
 </SharePoint>
 ...
</configuration>

Disabling Custom Errors

Set the value of the mode attribute in the customErrors element to Off.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <configuration>
  ...
  <system.web>
   ...
   <customErrors mode="Off" />
   ...
  </system.web>
 ...
</configuration>

Enabiling Compilation Debugging

Set the value of the debug attriute in the compilation element to true.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <configuration>
  ...
  <system.web>
   ...
   <compilation debug="true">
    ...
   </compilation>
   ...
  </system.web>
 ...
</configuration>

 Putting it all together

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <configuration>
  ...
  <SharePoint>
   <SafeMode MaxControls="200"
             CallStack="true"
             DirectFileDependencies="10"
             TotalFileDependencies="50"
             AllowPageLevelTrace="false">
    ...
   </SafeMode>
   ...
 </SharePoint>
 <system.web>
   ...
   <customErrors mode="Off" />
   ...
   <compilation debug="true">
    ...
   </compilation>
   ...
  </system.web>
 ...
</configuration>

[via Daniel Larson]

Daniel Larson, a MOSS MVP, has been ranting over the past few days about the use of the SPSecurity.RunWithElevatedPrivileges method. While I have been amused with his rants, I share his concerns and frustrations as a result of using the method in my SharePoint development experience and seeing the method abused and missused in many code reviews. Today, he posted a list of his best practices for gaining “elevated privileges” SharePoint.

Daniel Larson’s list of best practives for elevated privileges in SharePoint:

• Avoid using SPSecurity.RunwithElevatedPrivilege to access the SharePoint object model. Instead, use the SPUserToken to impersonate with SPSite.
• If you do use SPSecurity.RunwithElevatedPrivilege, dispose of all objects in the delegate. Do not pass SharePoint objects out of the RunwithElevatedPrivilege  method.
• Only use SPSecurity.RunwithElevatedPrivilege to make network calls under the application pool identity. Don’t use it for elevation of privilege of SharePoint objects.
• Always use the SPSite constructor with an SPUserToken to create an elevated privilege security context in SharePoint. To impersonate the system, use the SystemAccount.UserToken property of the current SPSite context, such as:
  var site = new SPSite(SPContext.Current.Site.ID,  SPContext.Current.Site.SystemAccount.UserToken);
• Avoid passing SharePoint objects between different security contexts (SPSite instances), with the exception of the SPUserToken used in the SPSite ctor. An SPUser object created from SPSite A cannot (reliably) be passed to SPSite B. This can be the source of obscure bugs in production that are difficult to reproduce in development. For example, an SPUser reference created from SPContext.Current.Site cannot reliably be used in an elevated site context, as the user reference may take on a different meaning in the alternate context.
• Never use elevated privilege to bypass security– always use it to work with security.
• Restrict what assemblies can use elevated privilege by running in minimal trust, avoiding the GAC, and auditing any CAS policies deployed with vendor solutions.

Two conferences were announced last week that I want to share with you:

PDC2008 [via Andrew Connell] – Regristration for the Microsoft Professional Developers Conference 2008 is now open and is scheduled to take place in Los Angeles on October 27-30 at the Los Angeles Convention Center.

SharePoint Best Practices and Governance Conference [via Bill English] – The conference has been announced and will be taking place in Washington DC on September 15-17.

I would like to attend both of these, but I am not sure if I will be able to.

[via Andrew Connell]

This morning Andrew Connell held a webcast introducing ASP.NET developers to Silverlight development for SharePoint. The webcast is the third in a series of webcasts to help ASP.NET developers get primed for SharePoint development. After the webcast Andrew was kind enough to post the steps he took in preparing his SharePoint development environment for Silverlight development.

I wonder if it is possible to create a solution file to deploy the Silverlight 2 Beta 1 DLL and make the necessry configuration changes to the web.config file to make the set up of the environment easier? I might have to try that.

Here are some updates and announcements regarding tools and utilities for SharePoint:

• Application Pool Manager [via Andrew Connell] – New version is available and is recommended by Andrew Connell as a must have utility for SharePoint developers.
• Kavati Studio [via Joel Oleson] – A new tool to help accelerate SharePoint deployments by creating deployment script generation for deployments.

Robert Bogue raises some challenging questions and makes some powerful statements in his post, How Best are Your Best Practices, regarding his experiences and struggles with reaching consensus on what a best practice is and applying it. I was in the middle of posting a comment to his post when I realized my thoughts on the post were quite a bit more than a couple of lines in a comment box. And without further adeu, here are my thoughts…

Doing what we know we should do

In his post, Robert asks, “when are we going to do what we say?” This question was in context of his findings that there are very few professionals out there that actually use the best practices they know. From a consulting professional perspective, I feel that failing to do what we know we should do is ethically wrong. Clients and customers pay for our expertise and deserve to get it. While I agree that the SharePoint space is so large that even experienced professionals are learning something new about SharePoint on a daily basis, we need to ensure that make use of the best practices that we do know in every project that we undergo regardless of its size and complexity. This is our duty as professionals.

On defining best practices

I agree with Robert when he states that the definition of best practices has been a problem space in software development that has yet to be resolved. There are many reasons for this. But let me list a couple:

• Academically, software engineering methodologies regarding the definition of development practices are still in their infancy. While a lot of progress has been made in this area in the last few decades, software development is not a hard science. Some of us consider it more of an art than a science.
• While progress has been made academically in this problem space, there is a large disconnect between academic approaches to the problem and practical approaches used in the industry. I think some of this has to do with the cost of trying different frameworks that generate process and procedures that still end in leading a good number IT and software projects to failure.

So what can we do to help reach consensus on best practices? Honestly, I don’t have a good answer to this question right now. What I can tell you is that what ever practice we do try to use, whether a best practice or not, we should make the effort to take review how the practice helped or hindered us, learn from the experience, and share it so that we may continue to define new best practices and debunk those practices that are not so best anymore (assuming they really were a best practice at one time).

A colleague recently asked me for tips on how to prepare for the 70-630 exam (TS: Microsoft Office SharePoint Server 2007, Configuration) and asked me to look at some sites with sample questions. Frankly sample questions are great to prepare you for an exam, but they only really help if you have already studied necessary material first. I highly recommend and enjoy getting solid hands on instructor lead classroom based training (for example check out the courses offered by the Ted Pattison Group that are actually taught by SharePoint MVPs). I also highly recommend to read, read, and read (yes that includes reading authoritative material on the Internet, however, there is something about reading an old fashioned paper and ink book that I enjoy so much more). With that said, I want to share my existing SharePoint library as well as books on my shopping list.

1. Inside Microsoft Windows SharePoint Services 3.0 by Ted Pattison and Daniel Larson - This is a must read for all SharePoint developers. If you are working with WSS 3.0 and/or MOSS 2007, then you have to read this book. Personally, I have read it cover to cover three times and refer to it on a regular basis. The book is organized very well and cover the fundamental topics for developing anything SharePoint. It also includes download-able examples that are easy use and help to expose you to best development practices and the object model rapidly without overwhelming you. Highly recommended for developers.
2. Inside Microsoft Office SharePoint Server 2007 by Patrick Tisseghem - Another solid read. This book covers development with the added value features of MOSS 2007 that were not covered in the Pattison/Larson book (look at #1 above). I don’t use this book as much as I use the Pattison/Larson book since I find that most of my projects really only require use of the WSS 3.0 framework, but when I do need to develop against the BDC and Search (or other MOSS 2007 features) this is my reference of choice. Recommended for developers.
3. Microsoft Office SharePoint Server 2007 Administrator’s Companion  by Bill English - As a developer, this 1200 page monster-sized book was not my typical read. It’s target audience is the system administrators, network infrastructure, and other non-developer type IT professionals that need to manage and administrate MOSS 2007. However, this book provided me with a solid foundation for preparing for the 70-630 exam. Not to mention, I believe that developers really need to understand how the platforms we develop operate to get clear insight as to how power users use the solutions and software we build (this is another topic that I need to blog about some day, great progress has been done in software engineering to consider end user interface design but the smaller audience of power users and administrators, who are also end users, get left out). Highly recommended for administrators. Recommended for developers.

That’s it. Three books. You take those three books plus the documentation and white papers on MSDN and TechNet and the great blogs (not the junk blogs which are way too abundant) that are on the Internet and you have enough resources to prepare for the 70-630 exam.

There have been some recent announcements of upcoming titles that I want to pick up and add to my library. Here is a quick list:

• Microsoft Office SharePoint Server 2007 Best Practices by Ben Curry and Bill English - I like Bill’s work. It never hurts to know best practices. Last I heard, this book is coming out in June 2008.
• Inside the Index and Search Engines: Microsoft Office SharePoint Server 2007 by Patrick Tisseghem and Lars Fastrup – Search is a very aggressive Microsoft initiative and many clients that I have worked with are using MOSS 2007 search. Knowing more about it is a good thing. This book came out last month.
• 6 Microsoft Office Business Applications for Office SharePoint Server 2007 by Rob Barker, Joanna Bichsel, Adam Buenz, Steve Fox, John Holliday, Bhushan Nene, and Karthik Ravindran – I just love patterns. I eat them up like cookies. This book came out this past January. I don’t know why I haven’t picked it up yet. I better head out to the store right now.
• Professional SharePoint 2007 Web Content Management Development: Building Publishing Sites with Office SharePoint Server 2007 by Andrew Connell - An amzing MVP. I am looking forward to picking up a copy of his book which is due out some time mid June.

I know that most of these books are from Microsoft Press and that is not because I am partial to them. There are some other great books out there from Wrox other technical references. However, the books listed up there have been authored by (or with) SharePoint MVPs whose work I professionally admire and respect.

If you need more SharePoint books for your library, then check out Andrew Connell’s “Best Damn SharePoint Books” List.

I wish I would have seen this schedule earlier since the first webcast was today. Nevertheless, I will be trying to catch the others live (or on demand if I miss them). Even as an experienced WSS3/MOSS2007 developer, getting the chance to see a couple of MVPs (Andrew Connell and Rob Bogue) introduce the basics is great review and a chance to check your skills.

If you have any interest in SharePoint development, then you don’t want to miss these webcasts.

A couple of weeks ago I posted an apology for not following through and posting anything about SharePoint solutions and features like I had promised almost a year ago. This post is a start on coming through with that promise. The only thing that is different from what I had promised in that post is that I will not focus on using Visual Studio 2005 or any other IDE. Rather, my approach will be to help you learn the essentials so that you don’t have to rely on a specific version of an IDE to accomplish the task.

Today in this post, I am going to explain why solution packages are important, what makes up a solution package, how the solution deployment works, and how to create them to effectively deploy solutions and features to a WSS 3.0 or MOSS 2007 farm.

Importance of Solution Packages

SharePoint deployments vary in size from a stand-alone installation on a single server to large multi-server farms. A solution or feature may require configuration changes to the web application, placing files on the file system, and/or deploying assemblies. As such, manual deployments can be administratively difficult since the possibility of deployment error increases with the number of servers in the farm as features and solutions are moved from a development environment to a test environment and finally to a production environment. In order to reduce deployment complexity and possibility of error, SharePoint uses solution packages a deployment mechanism to ensure consistent deployment of solutions and features to all servers in the farm. This allows the testing of a deployment and enables system administrators to create scripted installations (a typical requirement in most enterprise-class IT organizations).

Anatomy of a Solution Package

A solution package is a compressed CAB file with a WSP (.wsp) extension that contains the contents to be deployed including its required additional meta data.

The contents inside the WSP file may include, but is not limited to, assemblies, as?x files, feature manifests, schema XML files, site definitions, WEBPART files, DWP files, InfoPath forms, resource files, images, javascript files, other media files, html files, XML files and the solution manifest. In other words, it can contain just about any type of file you can think of. I may go into details of some of the SharePoint specific content files in some future post.

Every solution package requires additional meta-data to provide the WSS run time with instructions on what to do with the content of the WSP file. The meta-data is stored in a manifest file in XML that must be located in the root of the WSP file; the file is appropriately named manifest.xml. Perhaps I will dive into the details of the Solution schema that defines the XML structure of the solution manifest in another post in the future.

How Solution Packages Work

Basically, they just do.

But in all seriousness, the deployment of a solution package happens in two stages. In the first stage, or the installation stage, WSS takes the WSP file and copies it to the configuration database. In the second stage, or the deployment stage, WSS takes the WSP file from the configuration database, extracts the content(s), and places the content(s) as specified in the package meta-data. Simple huh? Obviously, a system administrator needs to tell WSS to install and deploy a package. This is easily accomplished by executing three simple STSADM utility commands.

stsadm -o addsolution -filename my.wsp
stsadm -o execadmsvcjobs
stsadm -o deploysolution -name my.wsp

The addsolution and deploysolution operations both take additional operational parameters that may be needed depending on the needs of actual solution to be deployed. It should be noted that the  STSADM utility commands only need to be executed on the server that is hosting the Central Administration application. Let’s look at what each command actually does:

1. The first line (stsadm -o addsolution -filename my.wsp)creates a timer job that asynchronously performs the installation stage of the solution deployment. When the job executes, WSS takes the specified WSP file and copies it to the configuration database.
2. The second line (stsadm -o execadmsvcjobs) forces WSS to execute any timer jobs that are pending. This is necessary because the actual deployment stage cannot commence until the installation stage has been completed successfully.
3. The last line (stsadm -o deploysolution -name my.wsp) creates another timer job that asynchronously performs the actual deployment stage of the solution deployment. When the timer job executes, WSS gets the WSP file from the configuration database and deploys the contents of the package based on the instructions defined in the solution package meta-data. It should be noted that the WSS service on each server in the farm performs this task at the same time as triggered by the timer job ensuring a consistent and timely deployment on all servers in the farm.

Another great thing about the solution deployment mechanism is that it also simplifies the removal of a solution from a farm. Solution removal also happens in two stages. In the first stage, or retraction stage, WSS uses the solution package meta-data to remove the contents from each server in the farms. In the second and final stage, or deletion stage, WSS deletes the copy of WSP file from the configuration database. A system administrator can accomplish this easily be executing three STSADM utility commands on the server hosting the Central Administration application.

stsadm -o retractsolution -name my.wsp
stsadm -o execadmsvcjobs
stsadm -o deletesolution -name my.wsp

The retractsolution and deletesolution operations both take additional operational parameters that may be needed depending on the needs of actual solution to be removed. Like we did with the deployment commands, let’s now review what each command actually does:

1. The first line (stsadm -o retractsolution -name my.wsp) creates a timer job that asynchronously tells the WSS service on each server in the farm to go get the WSP file from the configuration database, take a look at the solution package meta-data, and retract any features, files, and/or assemblies that were previously deployed. This command initiates the retraction stage of the removal process.
2. The second line (stsadm -o execadmsvcjobs) forces WSS to execute any timer jobs that are pending. This is necessary because the actual deletion stage cannot commence until the retraction stage has been completed successfully.
3. The last line (stsadm -o deletesolution -name my.wsp) creates another timer job that asynchronously performs the deletion stage of the solution removal. This job tells the WSS run-time to delete the copy of WSP file from the configuration database.

And that is how solution packages work.

Creating a Solution Package

While SharePoint elegantly utilizes Microsoft’s most advanced bleeding edge technology (such as SQL Server, the .NET 3.5 framework, etc.), the actual process of creating a WSP file is ironically a bit archaic. If you are using Visual Studio 2005 for development, then the Visual Studio 2005 extensions for WSS 3.0 can jump start the process of creating the WSP file (but it won’t save you as much time as I expected it to when I first used the extensions). The process of creating a WSP file is the same as creating a  CAB file using the MAKECAB operating system utility. The MAKECAB utility creates the WSP file by reading and processing the cabinet definition contained in a DDF file, also known as the Data Description File. Creating a DDF file is not difficult and can be done with any plain text editor, but the maintenance of the DDF file is manual (this is why I called the process a bit archaic) and become quite tedious with large solutions.In any case, let’s build a sample solution package.

The first step is to create the data description file (DDF) that describes the files for the CAB archive. You can use any text editor to create the file (download the sample DDF file).

; ** my.wsp (Alonso Robles) **

.OPTION EXPLICIT                   ; Generate Errors
.Set CabinetNameTemplate=my.wsp
.Set DiskDirectoryTemplate=CDROM   ; All cabinets go in a single directory
.Set CompressionType=MSZIP         ; All files are compressed in cabinet files
.Set UniqueFiles="ON"
.Set Cabitet=on
.Set DiskDirectory1=Package

; All solution packages require additional metadata

manifest.xml   manifest.xml

; Deployment files, Schemas, and Assemblies

my.html        LAYOUTS/mysample/my.html

There are lot of things going on in the DDF file, but here is what I think is important to understand.

• Comments in the file begin with a semi-colon
• .OPTION lines tell the MAKECAB utility what options to use when building the CAB archive
• .Set lines tell the MAKECAB utility what values to apply to certain parameters that are used when building the CAB archive
  • Make sure the CabinetNameTemplate parameter is set to what the name of the WSP file will be (in the example above the MAKECAB utility will generate a CAB archive named my.wsp)
• Each content file to be added to the CAB archive is listed on a line in a space separated source-destination format
  • For example, this CAB archive will contain an HTML file (my.html); the last line in the example above tells the MAKECAB utility to grab the my.html file from the file system (the source location) and place copy it to LAYOUTS/mysample/my.html in the CAB archive (the destination location)
  • Double quotes can be used to define sources that contain spaces in the path or file name
  • Make sure to include the solution meta-data XML file (manifest.xml) at the root of the CAB archive

The next step is to create the solution manifest file (download the sample solution manifest file).

<Solution SolutionId="01234567-89AB-CDEF-0123-456789ABCDEF"
	 xmlns="http://schemas.microsoft.com/sharepoint/">
  <TemplateFiles>
    <TemplateFile Location="LAYOUTS/mysample/my.html" />
  </TemplateFiles>
</Solution> 

The example is a very simple solution manifest, but there are a couple of things to take away from it.

• Every solution has a GUID (globally unique identifier) that identifies uniquely
• As a general rule, every deployment file, schema, and/or assembly contained in the CAB archive must also be listed in the solution manifest or another manifest listed in the manifest.xmlfile; otherwise it will be ignored by the WSS runtime
• The locations of the deployment file, schema, and/or assembly in the manifest refer to the location in the CAB archive

The last step is to use the MAKECAB utility to generate the solution package – the actual WSP file (you might want to download the sample HTML file if you want to try to create the sample solution package yourself). This is done by using a command window and executing a simple command:

makecab /f my.ddf

And that’s how a solution package (WSP file) is created.

I hope you enjoyed this post. Now I am not making any promises that I might have to apologize for, but I hope to post about other topics such as the solution and/or feature manifests or other fun SharePoint topics in the future.

References & Additional Linkage

• Inside Microsoft Windows SharePoint Services 3.0 by Ted Pattison and Daniel Larson
• Understanding Solution Packages in Microsoft Office SharePoint Server 2007/Windows SharePoint Services 3.0
• Application Development on MOSS 2007 & WSS V3
• Automate Web App Deployment with the SharePoint API
• Development Tools and Techniques for Working with Code in Windows SharePoint Services 3.0 – Part 1
• Development Tools and Techniques for Working with Code in Windows SharePoint Services 3.0 – Part 2