SharePoint 2010 Blog

All Site Content

Home

Blogging from the trenches

August 08

Mixing it up w/ Mixed SSL & SP 2010

by Tim Nugiel

on 8/8/2010 1:36 AM

Category: FBA

Very good reading if you want to learn more on the inner workings of federated authentication models w/ claims & sp2010:
http://msdn.microsoft.com/en-us/library/ee517293.aspx

So after much digging with firebug + the Firefox webdev extension to inspect my http sessions, I discovered 2 funny things about the cookie SharePoint is setting

1) It ignores most of the settings we put in our <forms tag and uses its own (see below)

2) No matter what attributes I set, the cookie was being written as a secure cookie, which prevented it from being transmitted via non-secure http requests

I inspected the web.config some more and discovered that SharePoint is using a custom cookie handler to read/write cookies:

</cookieHandler>

Enter Reflector:

once I opened up this class in reflector and traced the life of a cookie during an authentication session, it turned out that there was a hardcoded reference to the https protocol in the WriteCore method – this was trumping any of the manual settings we were trying to add in the web.config

The Fix:

Fortunately a custom cookie handler class is not that complex, so I created a new MSNGNChunkedCookieHandler class and updated the web.config entry

This class invokes its base methods for the most part, I just slightly modified the WriteCore event w/ logic that removes the https hard coded reference.

=== BEGIN CODE BLOCK ===

using System;

using System.Web;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using Microsoft.SharePoint.IdentityModel;

using Microsoft.IdentityModel.Web;

using Microsoft.SharePoint.Administration;

using Microsoft.SharePoint.Administration.Claims;

namespace MSNGN.Utility

{

/// <summary>

/// This is an override of the Microsoft.SharePoint.IdentityModel.SPChunkedCookieHandler class

/// with the WriteCore method extended to support both Secure & Non-Secure cookies

/// </summary>

public class MSNGNChunkedCookieHandler : Microsoft.SharePoint.IdentityModel.SPChunkedCookieHandler

{

private ChunkedCookieHandler m_CookieHandler;

public MSNGNChunkedCookieHandler() : base()

{

this.m_CookieHandler = new ChunkedCookieHandler();

this.m_CookieHandler.Path = "/";

}

public MSNGNChunkedCookieHandler(int chunkSize) : base(chunkSize)

{

this.m_CookieHandler = new ChunkedCookieHandler(chunkSize);

this.m_CookieHandler.Path = "/";

}

protected override void DeleteCore(string name, string path, string domain, HttpContext context)

{

base.DeleteCore(name, path, domain, context);

}

protected override byte[] ReadCore(string name, HttpContext context)

{

return base.ReadCore(name, context);

}

/// <summary>

/// Override of the WrieCore method to remove hard coded secure cookie flag

/// which is required to support both http & non-http sessions

/// </summary>

protected override void WriteCore(byte[] value, string name, string path, string domain, DateTime expirationTime, bool secure, bool httpOnly, System.Web.HttpContext context)

{

//override the secure cookie setting

//to enable both https & non https cookie sessions

secure = false;

if (context == null)

{

throw new ArgumentNullException("context");

}

if (context.Request == null)

{

throw new ArgumentException(null, "context");

}

if (null == context.Request.Url)

{

throw new ArgumentException(null, "context");

}

//if (string.Equals(context.Request.Url.Scheme, "https", StringComparison.OrdinalIgnoreCase))

//{

// secure = true;

//}

//else

//{

// secure = false;

//}

if (!string.Equals(path, "/", StringComparison.OrdinalIgnoreCase))

{

path = "/";

}

this.m_CookieHandler.Write(value, name, path, domain, expirationTime, secure, httpOnly, context);

}

=== END CODE BLOCK ===

I also threw together a quick “SSLTrafficCop” http module to route requests to either the secure or non-secure channel. At the moment, the logic directs requests to the following paths to HTTPS, the other requests are routed through HTTP. We can think about the best place to store these settings where they can be more configurable, but for now this will work for the remote authors.

public static string[] SecurePaths = new [] { "/_layouts/login/", "/_layouts/userregistration/"};

To install the traffic cop, simply add the following entry to our ever growing list of modules in the web.config. This should only be installed on machines with valid SSL certs, so probably best to leave this setting off of the dev machines.

0 Comment(s)

February 17

Enabling User Profile & MySite with Claims / FBA authentication

by BIZ\tnugiel

on 2/17/2010 9:41 AM

I have finally integrated the SharePoint 2010 UserProfile manager and MySite with a custom Federated FBA membership provider. I have found several articles on this topic, however every example out there to date use an LDAP provider, in my case I am using a custom SQL based provider without roles - my solution leverages SP as the role provider, however the profile management occurs within my federated provider and not within SharePoint.

I will try to detail out the steps in a future post (gotta keep working), in the meantime you can email me with questions

0 Comment(s)

January 20

Working with Managed Metadata Part 1

by BIZ\tnugiel

on 1/20/2010 5:00 PM

Category: Tagging; MetaData

I am working on a large ECM project which will be a perfect candidate for the new Managed MetaData feature in SharePoint 2010. Using Chris Obrien's blog post as a base I am going to research various options at extending the OOB Managed Metadata field type.

Chris' blog makes reference to an example of extending the metadata framework by creating a list to manage inbound requests for new terms. While this idea sounds like a good approach, I am not crazy about creating a secondary flat list of terms to manage my extended properties. This seems to be a bit "2007'sh" and not quite bullet proof enough (perhaps my expectations are too high). I would prefer to extend the field itself with my additional properties.

It appears that the current MSDN documentation on the new Microsoft.SharePoint.Taxonomy Namespace namespace is a bit limited (), as of the time of this post everything in the online documentation is sporting the disclaimer "[This documentation is preliminary and is subject to change.]"

I will be sure to post an update once I have learned a few lessons with this new and exciting framework.

0 Comment(s)

January 18

No Escaping CAML

by BIZ\tnugiel

on 1/18/2010 1:44 PM

Category: CAML; LINQ

Despite the numerous advertisements about LINQ to SharePoint, I have discovered that we are still stuck with CAML if we want to take advantage of the efficient SPQuery object. Although it is possible to interface with SharePoint lists using LINQ, it appears that doing so still accesses the list item collection directly, therefore doing so will result in executing queries that are not optimized which will degrade platform performance.

Here is a link to an interesting technet article on writing efficient code in SharePoint 2010. Note, the use of the SPQuery is the first example ( looks like we are stuck w/ CAML for a while )

http://msdn.microsoft.com/en-us/library/ee558807%28office.14%29.aspx

0 Comment(s)

January 18

Welcome to your Blog!

by System Account

on 1/18/2010 1:39 PM

To begin using your site, click Create a Post under Blog Tools .

What is a Blog?

A Blog is a Web site designed to help you share information related to a particular subject area in the form of text, images, links, and other media such as video. Blogs can be used as team sites, news sites, journals, diaries, and more.

Blog posts usually consist of frequent short postings and are typically displayed in reverse chronological order (newest entries first). Blogs encourage site visitors to interact with one another by leaving comments on posts.

Blogs can be also be used as a team communication tool. Keep team members informed by providing a central place for links and relevant news.

0 Comment(s)

RSS Feed

Alert Me

About this blog

Tim Nugiel founded MSNGN in 2007 while earning an MBA in Finance at the NYU Stern School of Business. With a Computer Science background and over 10 years of experience in the field, Tim has pioneered a software development methodology with an agile edge. When out of the office, Tim enjoys snowboarding, travelling, and spending time with family. Tim currently lives in NJ with his wife and three children

SharePoint 2010 Blog

SharePoint 2010 Blog

‭(Hidden)‬ Blog Tools

About this blog