Do you have tough technical questions regarding SharePoint for which you’re seeking answers? Do you want to tap into the deep knowledge of the talented Microsoft Most Valuable Professionals? Then join me and other SharePoint MVPs for answers to your questions in a live forum. So please join us and bring on the questions! These chats will cover WSS, MOSS and SharePoint 2010. Topics include setup and administration, design, development and general questions. This month there is only one time slot for the chat. I’ll be there so bring your questions to the chat on Wednesday June 22nd. Other MVPs who will also be attending include:
- Alex Pearce
- Corey Roth
- Darrin Bishop
- Ivan Sanders
- John Timney
- Kanwal Khipple
- Kris Wagner
- Laura Rogers
- Liam Cleary
- Paul Galvin
- Randy Drisgill
- Rob Foster
- Serge Tremblay
- Woody Windischman
Wed, June 22nd, 2011
Noon EDT (9am PDT)
Join the chat room on the day of the chat:
Twitter hastag: #spmvpchat
SharePoint Team Blog post: http://blogs.msdn.com/b/mvpawardprogram/archive/2011/06/14/special-live-sharepoint-chat-announcement.aspx
The SharePoint product team announced yesterday that Service Pack 1 for SharePoint 2010 will be available sometime late in June. But this service pack is more than just a bug fix. It will include some new features and functionality for SharePoint, including:
- A Site Recycle Bin – Recover accidentally deleted SharePoint Sites and Site Collections.
- Shallow Copy – The ability to move site collections containing Remote Blob Storage (RBS) elements from one content database to another without having to physically move the RBS Blobs.
- StorMan.aspx – The return of a Storage Allocation page where you can see how much storage is being used by major portions of your farm.
Read more about these new features and much more on the SharePoint Product Group Team Blog here:
Its been a busy four days since I got home from the EU SharePoint Best Practices Conference and a short holiday in London with my wife last week. I’ve been spending the last 4 days getting caught up so I can spend the next three weeks at the 8th MCM Rotation that starts on Monday. Needless to say its been a really busy spring.
The conference was EXCELLENT! After missing it last year due to the Icelandic volcano eruptions I was really looking forward to going. I can’t say enough about how Steve Smith and Zoe Watson take care of the speakers at their conferences. In addition to the wonderful arraignments there were lots of great sessions to hear, attendees to talk to, and friends to visit with. I’m hoping to go back again next year.
For any of those who attended, I’ve attached the slide decks from my talks below.
Users, Profiles, and MySites: Managing a Changing SharePoint User Population: Presentation Slides.
How to teach an old dog ‘IT Team’ New Tricks Presentation Slides.
I co-presented a webinar this week for ShareSquared on using the Business Connectivity Service (BCS) to integrate application data into SharePoint. A recording of the webinar is available here. One of the questions that came up in the Q&A was from someone who was having a problem exposing a Business Connectivity Service (BCS) External List for anonymous access on an Internet facing site. They had already configured the BCS content type to authenticate using the BDC Identity (RevertToSelf authentication) and had setup AllowAnonymousExecute on all the method instances, but still were being required to authenticate in order to see the list. According to them this worked in SharePoint 2007 BDC, but something was preventing it from working in BCS. There wasn’t really enough room in the Q&A document we published after the webinar to go into detail so this post will explain why it didn’t work and a step by step solution to the problem.
For the purpose of this post I will assume that you have already successfully configured an External Content type to use BDC Identity as its security setting. Using any of the other three settings (User’s Identity, Impersonate Windows Identity, or Impersonate Custom Identity) won’t work with anonymous access because they are all dependent on the logged on User’s Identity and anonymous users have no identity. You can read more about how to configure an External Content type to use the BDC Identity setting in this post on the BCS Team Blog: http://blogs.msdn.com/b/bcs/archive/2010/03/12/authenticating-to-your-external-system.aspx.
The BDC Identity setting uses the Application Pool Identity of the Web Application as the security context for retrieving the data from database for an external content type. But even if you use the BDC Identity setting an anonymous user will get an Access denied by Business Data Connectivity error like the one in the screenshot below.
The problem is that BCS requires that a user have access to the external content type in the BCS service application to access BCS data. BDC Identity handles how the BCS service app gets the data from the backend data source, but does nothing to give an anonymous user access to the data in the service app itself. This is one of the most frequently overlooked steps when configuring an external content type using SharePoint Designer (SPD) 2010. After configuring an external content type in SPD you must set user permissions for the content type in Central administration. These permissions are displayed in SPD, but can’t be set in SPD.
But anonymous users by definition aren’t logged in so how can we set permissions for them in central admin? There is a built-in group called NT Authority\anonymous Logon that represents all anonymous users. But when we try to add that group to the BCS permissions in Central Admin it fails, as you can see from the screenshot below. So how can we give anonymous users permission to access a BCS external content type?
The answer is that although you can’t set these permissions in the user interface you can set them by editing the XML of the underlying BDC model directly. The XML of the BDC model for the external content type includes <AccessControlEntry> elements that specify what rights an individual user or group has to the BCS external content type. Adding users to the BCS permissions in the UI creates additional entries in the XML of the model. To give anonymous users access to the BCS model we need to add the following entry to several <AccessControlList> elements in the BDC model’s XML.
<AccessControlEntry Principal="NT Authority\Anonymous Logon">
<Right BdcRight="Execute" />
Here is the step by step procedure to add AccessControlEntries for anonymous users to the BDC model:
- In Central Admin Manage the BCS service application you created and add the Execute right for a specific user. This will give you an entry that you can do a search and replace on in the XML file later.
- Go back to SharePoint Designer and export the default model for your external content type. Once you’ve exported it you can rename it or delete it. (You need to do this or you won’t be able to import your edited copy later)
- Now edit the BDC model XML file that you exported. Do a search and replace for the user you added and replace them with ‘NT AUTHORITY\ANONYMOUS LOGON’
- Go back to Central Admin and use the Import button on the ribbon to import the edited BDC model into your BCS service app. When you return to SPD 2010 your edited External Content type will now display like the original.
- Do an IISreset to make sure that you flush any BCS caching that is in place
After completing the above steps you can browse out to your anonymous access site and access the external list you created from your external content type. As you can see from the screenshot below anonymous users now have access to the BCS external content type and the BDC Identity can now access and display the data.
Presentation – Upgrading to SharePoint 2010
I will be speaking at the Cleveland SharePoint User Group on Wednesday, July 28th. The meeting will be from 4:00-6:30pm. My topic will be "Upgrading to SharePoint 2010”. Here’s a brief agenda for the talk:
- Supported and unsupported upgrade paths
- Choosing an upgrade approach
- Preparing for an upgrade
- Overview of the upgrade process
- Post-upgrade steps
- Upgrade best practices
Demos of all the major steps will be included!
The location for the July 28th event will be the Microsoft Office Conference Room. Address information for the office is below:
Cleveland Microsoft Office at 6050 Oak Tree Blvd.
Wednesday, July 29th from 4pm – 6:30pm
The slides from the presentation
are available by clicking on the
image to the left.