How to use Android 4.0

This is a pretty good article that explains the basics of Android version 4.0, aka Ice Cream Sandwich or ICS. If you are already experienced with Android it will probably not be all that helpful.

Android 4.0 guide

More useful if you are experienced with Android, this chart helps you find where to do things in ICS. I know for me it was something of an adjustment when I moved from Gingerbread (2.3) to ICS as a number of everyday things were changed, e.g. adding widgets. So this was useful to me.

Android 4.0 quick reference

Enjoy.

Advertisements
Posted in Android | Tagged | Leave a comment

How to log in to a SharePoint site as a particular user with server-side code

I needed to integrate content from a back-end system with an anonymous, public SharePoint site. The back-end system came with web parts for the purpose, but trusted that SharePoint had authenticated the user and simply pulled that logon name to pass through the web part to the server for access control. This was an issue because the anonymous site by definition had no logged-in user. The back-end system also had an anonymous capability, but the system administrator was not comfortable turning it on for fear of inadvertently exposing confidential data (and rightly so). In short, my “anonymous site” needed to be logged in as some actual logon account. This had to happen behind the scenes without prompting the user for credentials. It was time to hit Google.

I found a number of articles on the web with similar-but-not-quite-the-same needs. I also found these articles sometimes making things more complicated than it seemed it should be. Well, after a lot of reading and much trial and tribulation and lots of errors, I eventually found something that worked. I will give you step-by-step instructions, but first I will give you with a little background. I have always found it a good idea to try and understand what I am doing rather than blindly following a recipe, so I will try to explain how this works.

Generally speaking, SharePoint is configured to use the authentication mechanisms built in to Windows, i.e. Active Directory integration. There is another supported mechanism called forms based authentication, usually abbreviated as FBA. When using FBA, you can specify custom authentication providers. There are a few built in providers, one of which is Active Directory (AD). Why would you turn on FBA only to use AD? Keep in mind that there is only ever one authentication provider being used within a SharePoint site zone (a URL, this will be explained); you can’t use Windows and Forms authentication at the same time. With Windows authentication, I could not find a straightforward way to override the integrated security to log in as someone other than an actual Windows-authenticated user. Even Microsoft articles pointed me in the general direction of FBA. So the AD provider via FBA is what I have used, and in fact thus far it appears to be working for me just fine.

Now about those SharePoint zones… You can “extend” a SharePoint application from Central Administration. Among other things, when you do this, you must select an unused zone (there are five all together). SharePoint will create a new IIS site for each such zone you extend into, each with its own URL, web.config and app pool process, but serving pages from the same content database. The authentication provider is defined in the web.config for a site (zone). So extending the site into a new zone gives you the option of logging into the site with ‘normal’ integrated Windows authentication using one URL, and having completely different authentication for users coming in through another URL. I recommend you maintain a SharePoint-standard, Windows-integrated zone so you can easily ensure you have administrative access to the site, restorable through Central Administration settings if necessary, without the complications of a custom authentication configuration. It can also simplify problem-solving if you do run into issues with the non-integrated authentication.

Assumptions

  • The existing Windows-authenticated site: internal.example.com
  • The new FBA-authenticated site: external.example.com

Extend the web application

  • Open Central Administration and select Application Management.
  • Click Create or extend Web application, and choose Extend an existing Web application.
  • Make sure you have the proper Web Application selected, i.e. internal.example.com.
  • Choose to create a new (IIS) site called external.example.com.
  • You can use the same port 80, but be sure to add the host header for external.example.com.
  • Update the path if necessary for your standards. You will need to know the path for later steps.
  • Leave NTLM as the provider; leave Allow Anonymous set to No.
  • Set Zone to Internet. Note: you can use another zone, just make sure you pick the same one throughout these procedures.
  • Click OK and wait for the site to be created.

Set up a new provider for the extended site, and for Central Administration

  • Open the web.config for external.example.com (located in the path you set when extending the app).
  • Find the <PeoplePicker> element and add this as a child node.
<add key="MyADProvider" value="%" />
  • Add the following just above the <system.web> element. You should of course change some-dc to an appropriate domain controller.
<connectionStrings>
  <add name="MyADConnection" connectionString="LDAP://some-dc" />
</connectionStrings>
  • Add the following just above the <authentication mode=”Windows” /> element. connectionUsername and connectionPassword are for an account that can read Active Directory. If the application pool identity for this app can already do that, you can omit these attributes. However, be sure to leave the other attributes in place.
<membership defaultProvider="MyADProvider">
<providers>
<add name="MyADProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
     attributeMapUsername="sAMAccountName"
     connectionStringName="MyADConnection"
     connectionUsername="someusername" connectionPassword="somepassword" />
</providers>
</membership>
  • Now make all the changes you just made to set up the new provider in the web.config for external.example.com to the web.config for Central Aministration. This will allow Central Administration to find users that belong to the new provider.

Set up forms-based authentication

  • Back in Central Administration Application Management and click Authentication providers.
  • Make sure internal.example.com is the selected web app (see the upper right part of the page).
  • Click the Internet zone.
  • Change Authentication Type to Forms.
  • Uncheck Enable anonymous access.
  • Enter MyADProvider in Membership provider name.
  • Click Save.
  • Go to Central Administration Application Management and click Policy for Web application.
  • Make sure internal.example.com is the selected web app in the upper right.
  • Click Add Users.
  • Make sure internal.example.com is the selected web app and choose the Internet zone.
  • Add an administrative logon and give it Full Control, then click Finish.
  • You should now be able to log in to external.example.com and authenticate as the (internal) administrative user you just added.
  • You can now add users and grant permissions as always. The difference is that you can now add users from either the Windows or the FBA provider. It can be confusing when the FBA provider is also Active Directory, as in this case. When selecting names use the People Picker as it will show you the account name prefixed with MyADProvider: on the Account Name column.
  • You can also modify the User Information List view to display the Account column, which also displays the prefix.
  • Note that you cannot use wildcards in the People Picker to locate FBA users – you must enter their full logon username to “find” it.
  • Add an FBA user and make sure you can log in as that user.

Override the SharePoint login to use a specific user

  • Make sure you have a working FBA-enabled extended site before going any further.
  • In Windows Explorer, navigate to TEMPLATE\LAYOUTS inside the 12-hive folder; by default the full path would thus be C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS.
  • Create a new folder we will call ext. You should make the name something non-obvious as it will be a valid URL that can be seen in the HTTP headers when a user accesses the site.
  • Create a new empty text file in ext and rename it extlogin.aspx. Note the relative URL of this new file is thus /_layouts/ext/extlogin.aspx.
  • Now save the following code in extlogin.aspx, substituting somelogon and somepassword with the credentials of the user to be logged in.
<%@ Page Language="C#" MasterPageFile="/_layouts/simple.master" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System" %>
<script runat="server">
public void Page_Load(object sender, EventArgs e)
{
  if (Membership.ValidateUser("somelogon","somepassword"))
  {
    FormsAuthentication.SetAuthCookie("somelogon", true);
    FormsAuthentication.RedirectFromLoginPage("somelogon", true);
  }
}
</script>
<asp:Content ID="PageTitle" runat="server" contentplaceholderid="PlaceHolderPageTitle" >
Let me see your identification.
</asp:Content>
<asp:Content ID="PageTitleInTitleArea" runat="server" contentplaceholderid="PlaceHolderPageTitleInTitleArea" >
This isn't the page you're looking for.
</asp:Content>
<asp:Content ID="Main" runat="server" contentplaceholderid="PlaceHolderMain" >
Move along.
</asp:Content>
  • In the web.config for external.example.com, set this custom page as the default login page, like this:
<authentication mode="Forms">
<forms loginUrl="/_layouts/ext/extlogin.aspx" />
</authentication>
  • Close all browsers, then open external.example.com. The site’s default page should open and assuming the site is a standard SharePoint template, should show somelogon in the upper right. If it takes you to the extlogin.aspx page then the login failed and you should double-check all the steps above, and the status of the somelogon account to be sure it is not locked or disabled. Also be sure that you added the MyProvider:somelogon user and not the NT Authority\somelogon user.

That should be all you need to do to get a site to automatically log in a particular user. You’re done!

Posted in SharePoint | 6 Comments

How to prevent Firefox closing when you close the last tab

Maybe I’m just getting old, but I am still a heavy keyboard user. So sometimes I am cleaning up my Firefox sessions using Ctrl-W to close windows and I get a little itchy and close that last tab and boom – Firefox closes. Ok, it is a little thing, but still annoying. But there is a solution using our good friend about:config. Just set the following to false, which is not the default.

browser.tabs.closeWindowWithLastTab

If you are not familiar with about:config, just enter that in the address bar. Promise to be careful, then in the Filter box enter the first part of the string above, say browser.tabs and you should see that preference listed. Double-click it to change the value, at which point it will go bold indicating it is no longer at the default setting. You’re done.

Posted in Firefox | Leave a comment

Open a SharePoint document library in Windows Explorer

Document libraries are a SharePoint feature that for many people looks and works just like a fileshare or “network drive”. Of course you are accessing it through a browser, so while functional, the SharePoint pages are somewhat limiting if you are used to using Windows Explorer. Fortunately, you can work with a SharePoint document library in Windows Explorer. As you might expect, this is easiest if you use Internet Explorer (IE), but I’ll show you how you can get to any library by copying part of the URL shown when the library is open in your browser.

For IE, open your site and navigate to the document library. Make sure your view in the upper right is set to All Documents. On the toolbar, under Actions, select Open with Windows Explorer. That should take you straight to Windows Explorer opened to your document library.

If you are using another browser, it is a little extra work. You still navigate to the library and make sure it is set to All Documents view. In your address bar, you should see something like https://yoursite.example.com/sitecollection/bla/bla/bla/DocumentLibraryName/Forms/AllItems.aspx. Copy to the clipboard everything from the URL except for the trailing /Forms/AllItems.aspx.

Now open Windows Explorer. If you are using Windows 7 navigate to Computer and right-click in the right-hand panel and select Add a network location. For XP, navigate to Network Places and open Add Network Place . In either case you’ll now get a wizard. Select Choose a custom network location (XP is Choose another network location) and click Next. Paste in the address you copied earlier, click Next, then accept or modify the descriptive name and click Next. Click Finish and you should see your document library in Windows Explorer. This will also add a shortcut to Computer (or for XP My Network Places) so next time you can just open that directly.

For those still using Vista, I no longer have a working box to test out this process. It should be very similar, since as you can see the process is not much different between Windows 7 and Windows XP.

That’s all there is to it. Enjoy.

Posted in Microsoft Windows, SharePoint | 3 Comments

Displaying the real SharePoint error

I am picking up some coding for SharePoint at work again and starting to remember all the stuff I forgot. :-P

You have to love SharePoint error messages. For example, “an error has occurred”. I’m all for not intimidating the user but that is a bit terse. They could at least put the “technical information” somewhere on the screen for the poor guy who has to figure out the problem.  Ah well, fortunately there is a fix to get much more information. You just need a modification to the web.config file for your web app.

Search for <customErrors mode=”on”> and replace it with <customErrors mode=”off>.

Search for callStack=”false” (it should be in a SafeMode tag) and replace it with callStack=”true“.

Now you should get somewhat more helpful messages. Good luck!

Posted in SharePoint | 1 Comment

Firefox and NTLM authentication

As is common to many large organizations, my employer has many sites that ask for your Windows logon credentials, using a process often referred to as “NTLM authentication”. On Windows, the idea is that the credentials will be passed through to the requester and you won’t have to enter them yourself. Firefox can support but does not by default allow this out of security concerns, but annoyingly does not provide a GUI way to change it. Instead, you will need use the infamous about:config page to fix this.

If you’ve never used it before, you simply open a tab and type about:config where you would normally enter a web site address. You may get a warning; that’s ok, just click the I’ll be careful, I promise!! button. You’ll then get a slew of options that control pretty much everything about Firefox. Fortunately, there is that Filter text box – enter ntlm in there. You should now see an entry below named network.automatic-ntlm-auth.trusted-uris; double-click that. Firefox checks this string for a match with the host name portion of the site wanting to authenticate – that’s the part between the http:// or https:// and the first solitary /. You can have multiple sites separated by a comma and space. So let’s say you have two internal sites, https://first.example.com/ and http://last.example.com/. In the text box, you would enter first.example.com, last.example.com. Unfortunately, as far as I know there is no way to specify a wild card such that everything ending in say example.com authenticates.  Update: actually, I just experimented with this a bit. It turns out it only appears to match a substring. So if you use just example.com it would match both first.example.com and last.example.com.

When you have what you need in the text box, click OK. If you want to test it out but have already authenticated to the site, close Firefox and re-open it. Just closing the tab will likely not test it, as Firefox will cache the credentials you provided when prompted. When you re-open the site, you should no longer be prompted to enter your credentials.

Posted in Firefox | Leave a comment

Setting a scheduled task process priority

I have been testing some long-running processes running over night, initiated from the Windows Server 2008 Task Scheduler. To my chagrin, they were still running when I checked them in the morning. I found out the default task priority for processes initiated from a scheduled task is “below normal”. To make matters worse for me, there is no way to override this from the Task Scheduler GUI. I have not confirmed it, but suspect this may all have been true in earlier Windows Server versions as well.

As usual, there is a way around this, but this time we don’t even have to alter the registry (no really!). In the Task Scheduler, right-click the task and select Export… and save the exported task in a file, then open that in a text editor (like Notepad). This is the XML that defines the task. Each action will have a <Task> section, which contains <Settings>, which contains a <Priority> element. The default value, for “below normal”, is 7. You can use either 6, 5, or 4 for “normal” priority. You will not usually want to go above “normal”. See http://msdn.microsoft.com/en-us/library/aa383512.aspx for more information on priorities. Quick answer: 6 will probably work for you.

Update the value to what you want for the priority and save the modified XML. Go back to the Task Scheduler Library and choose Action > Import Task… from the menu. Feed it your modified XML file and it will open the Create Task dialog, using the name of your XML file as the default task name. Note that you cannot have duplicate task names. There is no ‘task name’ element in the XML; you can only name it when you import it. If you want to replace an existing task, you will either have to delete the existing task before the import, or give the import a new name then delete the old task and rename the new task with the old name.

Posted in Microsoft Windows, Windows Server 2008 | 24 Comments