BP Conference: Giving away an MSDN Subscription

 BP Conference2010 If you haven’t decided to come to this year’s SharePoint Best Practices Conference then maybe this will help convince you to come.  One lucky attendee who attends at least one of my sessions will receiver a FREE one year subscription to Visual Studio 2010 Ultimate with MSDN subscription*

MSDNUltimate Microsoft was kind enough to provide me with 3 of these subscriptions to give away when I was renewed as an MVP in July. I’ll be giving away the other two at future events.  So stay tuned to this Blog if you want to be in on future give-aways.  That’s an $11,899 value if you ordered it online from Microsoft yourself.  Better yet it includes everything you need to go home from the conference and build your own test environment to try out everything you’ve learned at the conference. Here’s how it works.  Attend one, two, or all three of my sessions at the conference August 24-27.  here are my session dates, times and topics:

SharePoint Designer 2010: Using it Safely in an Enterprise Environment

Aug. 25th

8:00-9:15

Internet Facing SharePoint Sites: Best Practices for a Secure Design

Aug. 26th

8:00-9:15

SharePoint’s Branding Continuum: Customizing your Look and Feel

Aug. 26th

3:00-4:15

    After you fill out an evaluation drop your business card in one of the receptacles marked MSDN subscription.  After my final session on Thursday from 3:00-4:15 PM I’ll head over to the ShareSquared booth (#24) in the exhibit hall.  At 4:55 PM I’ll draw a winner for the MSDN Subscription.  You don’t need to be present to win, but if you are at the booth I will be able to give you your prize right away.  Otherwise I’ll contact you and arrange for delivery.

So if you hadn’t planned to come to the BP Conference now’s the time to make your plans.  Register today.  If you are already planning to come then I hope to see you at my sessions.

*The subscription is a not-for-resale version with some benefit restrictions such as no technical support benefits or MSDN magazine subscription and all product licenses are for development and test only. The subscription must be activated before the end of 2010.

Enabling Anonymous Access to a BCS External List

I co-presented a webinar this week for ShareSquared on using the Business Connectivity Service (BCS) to integrate application data into SharePoint.  A recording of the webinar is available here.  One of the questions that came up in the Q&A was from someone who was having a problem exposing a Business Connectivity Service (BCS) External List for anonymous access on an Internet facing site.  They had already configured the BCS content type to authenticate using the BDC Identity (RevertToSelf authentication) and had setup AllowAnonymousExecute on all the method instances, but still were being required to authenticate in order to see the list.  According to them this worked in SharePoint 2007 BDC, but something was preventing it from working in BCS.  There wasn’t really enough room in the Q&A document we published after the webinar to go into detail so this post will explain why it didn’t work and a step by step solution to the problem.

For the purpose of this post I will assume that you have already successfully configured an External Content type to use BDC Identity as its security setting.  Using any of the other three settings (User’s Identity, Impersonate Windows Identity, or Impersonate Custom Identity) won’t work with anonymous access because they are all dependent on the logged on User’s Identity and anonymous users have no identity.  You can read more about how to configure an External Content type to use the BDC Identity setting in this post on the BCS Team Blog:  http://blogs.msdn.com/b/bcs/archive/2010/03/12/authenticating-to-your-external-system.aspx.

The BDC Identity setting uses the Application Pool Identity of the Web Application as the security context for retrieving the data from database for an external content type.  But even if you use the BDC Identity setting an anonymous user will get an Access denied by Business Data Connectivity error like the one in the screenshot below.

BCSAccessDenied

The problem is that BCS requires that a user have access to the external content type in the BCS service application to access BCS data.  BDC Identity handles how the BCS service app gets the data from the backend data source, but does nothing to give an anonymous user access to the data in the service app itself.  This is one of the most frequently overlooked steps when configuring an external content type using SharePoint Designer (SPD) 2010.  After configuring an external content type in SPD you must set user permissions for the content type in Central administration.  These permissions are displayed in SPD, but can’t be set in SPD.

But anonymous users by definition aren’t logged in so how can we set permissions for them in central admin?  There is a built-in group called NT Authority\anonymous Logon that represents all anonymous users. But when we try to add that group to the BCS permissions in Central Admin it fails, as you can see from the screenshot below.  So how can we give anonymous users permission to access a BCS external content type?

bcs1a

The answer is that although you can’t set these permissions in the user interface you can set them by editing the XML of the underlying BDC model directly.  The XML of the BDC model for the external content type includes <AccessControlEntry> elements that specify what rights an individual user or group has to the BCS external content type.  Adding users to the BCS permissions in the UI creates additional entries in the XML of the model.  To give anonymous users access to the BCS model we need to add the following entry to several <AccessControlList> elements in the BDC model’s XML.

<AccessControlEntry Principal="NT Authority\Anonymous Logon">
  <Right BdcRight="Execute" />
</AccessControlEntry>

 

Here is the step by step procedure to add AccessControlEntries for anonymous users to the BDC model:

  1. In Central Admin Manage the BCS service application you created and add the Execute right for a specific user.  This will give you an entry that you can do a search and replace on in the XML file later.

    ExecuteRight

  2. Go back to SharePoint Designer and export the default model for your external content type.  Once you’ve exported it you can rename it or delete it. (You need to do this or you won’t be able to import your edited copy later)

     spdexport

  3. Now edit the BDC model XML file that you exported. Do a search and replace for the user you added and replace them with ‘NT AUTHORITY\ANONYMOUS LOGON’
  4. Go back to Central Admin and use the Import button on the ribbon to import the edited BDC model into your BCS service app. When you return to SPD 2010 your edited External Content type will now display like the original.

    bcsImport

  5. Do an IISreset to make sure that you flush any BCS caching that is in place

After completing the above steps you can browse out to your anonymous access site and access the external list you created from your external content type.  As you can see from the screenshot below anonymous users now have access to the BCS external content type and the BDC Identity can now access and display the data.

BCSAccessWorks

Cleveland SharePoint User’s Group

Presentation –  Upgrading to SharePoint 2010

I will be speaking at the Cleveland SharePoint User Group on Wednesday, July 28th.  The meeting will be from 4:00-6:30pm.  My topic will be "Upgrading to SharePoint 2010”.  Here’s a brief agenda for the talk:

  • Supported and unsupported upgrade paths
  • Choosing an upgrade approach
  • Preparing for an upgrade   
  • Overview of the upgrade process
  • Post-upgrade steps
  • Upgrade best practices

    Demos of all the major steps will be included!

    The location for the July 28th event will be the Microsoft Office Conference Room.  Address information for the office is below:

Cleveland Microsoft Office at 6050 Oak Tree Blvd.

Independence, 44131

Wednesday, July 29th from 4pm – 6:30pm

Register for the Event

Migrating to SharePoint 2010

The slides from the presentation

are available by clicking on the
image to the left.

My Third Year as an MVP

I just got my email that I’ve been awarded an MVP award again this year for SharePoint server.  This is my third year and I am still as EXCITED and HONORED as I was my first year.  Being an MVP this past year while SharePoint 2010 was being completed and released has been incredible.  I often wonder how I learned as much as I did before I gained access to the resources and contacts available to me as an MVP.

But the bottom line is still that I wouldn’t be an MVP if it weren’t for all of you out there in the community.  My thanks to all those who have asked me questions this past year and to those who came to listen to me at conferences.  Without you I wouldn’t have received this award.  I hope to continue to live up to the honor and hope that I never get complacent about what its really about: Helping to support the SharePoint community.

Best Practices Conference: Aug. 24-27, 2010

BPConf125x125 Ever wondered whether the way you’ve designed, implemented and continue to support your SharePoint installation is the best way possible? Or could there be easier, better, more efficient ways to get things done?

Almost every SharePoint practitioner I’ve met has wondered the same thing at one time or another.  Well here is your chance to find out.  Join some of the brightest SharePoint experts in the business to discuss just what are SharePoint’s Best Practices.

I’ll be speaking again at this summer’s SharePoint Best Practices Conference in Washington, DC.  The Conference is from Aug. 24-26 with an extra day of post conference workshops on Aug. 27th.  I’ll be speaking on the following topics:

  • SharePoint Designer 2010: Using it Safely in an Enterprise Environment – Many companies restrict the use of SharePoint Designer 2007 to a small group of people on the professional IT staff.  Some companies prohibit its use entirely.  But many users, in all but the most locked down corporate enterprises, can and do still download and install the free product for themselves.  This has made SharePoint Designer the product that many professionals love to hate.  But SharePoint Designer 2010 is changing all that.  In this session we will demonstrate how changes in SharePoint make it possible to control who can use SharePoint Designer and what they can use it for.  We’ll also examine how changes in SharePoint Designer itself have made it safe to use without the "unghosting" of pages that was the primary problem with previous versions.  Finally, we’ll discuss a Best Practice framework that will allow the controlled use of SharePoint Designer 2010 by average Information Workers in almost every corporate environment.
  • Internet Facing SharePoint Sites: Best Practices for a Secure Design – The advent of two licensing levels for unrestricted use of SharePoint 2010 as an Internet facing environment has opened the floodgates on companies considering using SharePoint for more than a corporate Internet.  But there are still issues to be faced when constructing an Interenet facing SharePoint site.  In this talk we will review how traditional Best Practices for Internet facing Web sites should be adapted to fit a SharePoint installation.  We’ll discuss whether to install SharePoint into a DMZ or as an internal server accessible through a firewall.  We’ll also look at the complications raised by SharePoint’s dependence on Active Directory and Microsoft SQL Server.  Along the way we’ll review various designs and highlight the strengths and weaknesses of each approach.
  • SharePoint’s Branding Continuum: Customizing your Look and Feel – SharePoint 2010 has expanded the possibilities available when you want to brand your SharePoint site with a custom "Look and Feel".  You can now change color schemes by using the new THMX themes, change the basic "look and feel" using custom CSS, or radically change the layout of the page using a custom master page.  In this talk we’ll help you decide which of these is the right approach for your branding project.  We’ll discuss the technical expertise required to pull it off and look at examples of just what you can accomplish with each approach.  Along the way we’ll also discuss general "Branding" Best Practices that will preserve the availability of the whole branding continuum no matter which approach you implement.

    I hope to see you there…