Thursday, June 6, 2013

Where are SharePoint Farm Features/Farm Solutions installed?

If you have ever installed a Farm Feature or a Farm Solution, you may be curious as to where the Farm Feature or Farm Solution is stored on the Windows file system.

Here is the path for all of the installed Farm Features and Farm Solutions (for SharePoint 2010):

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\FEATURES

Wednesday, June 5, 2013

Unable to deploy solution to Claims-enabled SharePoint Site using Visual Studio 2012

I was creating a Custom Claims Provider in Visual Studio 2012 for my Claims-based SharePoint Web Application and had a need to debug my Custom Claims Provider to troubleshoot why some methods were not behaving as expected.

Well, in order to debug my solution, I had to be able to deploy my solution from within Visual Studio.

Unfortunately, whenever I tried to deploy my solution from within Visual Studio, I would receive the following error message:

Error occurred in deployment step 'Recycle IIS Application Pool': <nativehr>0x80070005</nativehr><nativestack></nativestack>Access Denied.

One of the problems I determined from some Google searching was that I was using Visual Studio 2012 with my Windows ID/Windows Domain Login, while my SharePoint Site Collection was Claims-enabled and thereby required a Claims-based Login ID for authentication and authorization into the system.

So, I had to do the following:


  1. Open up Central Administration
  2. Click on Manage web applications
  3. Click on my specific Web Application to select it
  4. Click on the User Policy button
  5. Search for your user id/login id
  6. Now, rather than selecting your User ID from the SAML Provider, select from the Active Directory provider instead.
  7. You should now see a Claims-based Windows User Token in the list of users in the User Policy dialog.
  8. Now, once again try to deploy your solution from within Visual Studio 2012.  If all went well, it should  now deploy successfully!






Monday, June 3, 2013

Converting a SharePoint 2010 NTLM Web Application to Claims--Soup to Nuts

  1. If you haven't already done so, apply an SSL certificate to the SharePoint site(s) that will be configured for Claims Based Authentication.  You can use a Self-Signed Certificate such as one that might be generated by SelfSSL7 or apply one from a Certificate Authority.
  2. Run the PowerShell script to convert the application from NTLM to Claims Based Authentication 
     function Convert-NTLMToClaimsAuth  
     {  
          param([string]$webAppUrl)  
          $ConvertApp = Get-SPWebApplication $webAppUrl  
          $ConvertApp.UseClaimsAuthentication = $true  
          $ConvertApp.Update()  
     }#function  
    
  3. Run the PowerShell script to configure the TrustedIdentityTokenIssuer and specify the Claim Mappings
     function Import-TokenSigningCert  
     {  
          param([string]$certFilePath)  
          #Import the Token Signing Certificate  
          $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certFilePath)  
          New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert  
          return $cert  
     }#function  
     function Add-ClaimTypeMapping  
     {  
          param ([string]$claimType, [string]$claimDisplayName)  
          #Add the Claim Mappings  
          $map = New-SPClaimTypeMapping -IncomingClaimType $claimType -IncomingClaimTypeDisplayName $claimDisplayName -SameAsIncoming  
          return $map  
     }#function  
     function Add-TrustedIdP  
     {  
          param([string]$IdPName, [string]$IdPDescription, [string]$realm, [string]$trustedCert, [array]$claimMappings,  
          [string]$signInUrl, [string]$identifyingClaim)  
     #     Write-Host $claimMappings.Count  
     #     [string]$claimString = ""  
     #       
     #     for ($i=0; $i -lt $claimMappings.Count; $i++)  
     #     {  
     #          $claimString = [System.String]::Format("{0},", $claimMappings[$i])  
     #          Write-Host $claimString  
     #     }#for  
          #$ap = New-SPTrustedIdentityTokenIssuer -Name $IdPName -Description $IdPDescription -Realm $realm -ImportTrustCertificate $trustedCert -ClaimsMappings $claimMappings -SignInUrl $signInUrl -IdentifierClaim $identifyingClaim  
     }#function  
     function Add-CustomClaimsProvider  
     {  
          param([string]$spSolutionPath, [string]$spSolutionName, [string]$trustedIdPName, [string]$claimProviderName)  
          #Remove-SPSolution -Identity $spSolutionName  
     #     Add-SPSolution -LiteralPath $spSolutionPath  
     #     Install-SPSolution -Identity $spSolutionName -GACDeployment  
          #Update-SPSolution -LiteralPath $spSolutionPath  
          $trust = Get-SPTrustedIdentityTokenIssuer $trustedIdPName  
          $trust.ClaimProviderName = $claimProviderName  
          $trust.Update()  
     }#function  
     Clear-Host  
     #Import the Token Signing Certificate  
     $certFilePath = "C:\Scripts\ADFSTokenSigning.cer"  
     $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2] (Import-TokenSigningCert $certFilePath)  
     #  
     ##Add the Claim Type Mappings  
     $emailAddrClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"  
     $roleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"  
     $upnClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"  
     $claimMap1 = Add-ClaimTypeMapping $emailAddrClaimType "EmailAddress"  
     $claimMap2 = Add-ClaimTypeMapping $roleClaimType "Role"  
     $claimMap3 = Add-ClaimTypeMapping $upnClaimType "UPN"  
     $adfsServerUrl = "https://win2k12adfs.sharepoint.local/adfs/ls"  
     #$claimMappings = @($claimMap1, $claimMap2)  
     $trustedIdPName = "SAML Provider"  
     Add-TrustedIdP -IdPName "ADFS Provider" -IdPDescription "ADFS SAML Claims Provider" -realm "urn:sp2010ent:sharepoint" -trustedCert $cert -claimMappings $claimMappings -signInUrl $adfsServerUrl -identifyingClaim $emailAddrClaimType  
     $ap = New-SPTrustedIdentityTokenIssuer -Name $trustedIdPName -Description "ADFS SAML Claims Provider" -Realm "urn:sp2010claims:sharepoint" -ImportTrustCertificate $cert -ClaimsMappings $claimMap1, $claimMap2, $claimMap3 -SignInUrl $adfsServerUrl -IdentifierClaim $upnClaimType  
    
  4. Open up the Web Application in Central Administration and click on Authentication Providers
  5. Enable the Trusted Identity Provider that you just configured in PowerShell
  6. Open up User Policy for the Web Application
  7. Search for an Administrative user for your Web Application
  8. Grant the Administrative user Full Control on your Web Application
  9. Verify that you can log into the Web Application/Site Collection with the user you just configured in User Policy.
  10. If you are able to successfully log into the system, you have successfully converted an NTLM Web Application to a Claims-based Web Application using Claims Authentication!

How to file an online Microsoft Technical Support Incident with your MSDN Subscription

If you have an active MSDN subscription, depending on the type of MSDN subscription level that you have, you can be eligible to file up to 4 technical support incidents per year!

Here is how you begin the process for filing for a support incident:


  1. Log into your MSDN account
  2. Click on the My Account tab
  3. In the left hand navigation underneath Account, look at your Subscriber ID
  4. Click back on the Home page
  5. Beneath the Quick Links, click on the link for Contact Technical Support
  6. Beneath the region (in my case North America-->United States), click on the Online link
  7. Choose your country and click on the arrow button to proceed
  8. Select the product platform for which you need Technical Support
  9. Select a topic for your technical support incident
  10. If you are not able to find an answer for your issue, click on the Start Request button
  11. Select MSDN/TechNet Subscription from the list of options
  12. If you do not already have a Professional Support Contract number in place, you will need to click on the radio button for "Use another contract"
  13. You will need your Access ID and your Contract ID to enable your contract for the Incident  (If you do not have your Access ID and Contract ID, you can chat with a support representative to obtain these IDs)
  14. Enter your Contact Information and click Continue
  15. Enter your Problem details, check the checkbox to accept the Agreement for Microsoft Services and click on Submit for your incident.  
  16. That is all there is to it!!