Wednesday, May 18, 2016

Public website with SharePoint Online

You can create and host a public website to use with SharePoint Online. This public web site can be accessed anonymously by users.
To create a public web site, select Sites from Office 365 app launcher icon and select Website under Recommended Sites section
SharePoint online Public Website
The web site will be opened in offline mode which will be available only by the office 365 users. To make it online for anonymous users, click MAKE WEBSITE ONLINE and click Make online button.
Make Public Website Online
You site will be made online after successfully making the site online.
Make Public Website Online

Note: For security reasons, you will not be able to enable anonymous access to other SharePoint online sites.

Thursday, May 12, 2016

Creating a Folder in a SharePoint List and adding Items to it programatically

The following code is to create a folder in a SharePoint list and add items to it. This code is written for a Custom Visual Studio Workflow, the workflow will be started when a new item is added to a list.

public Guid workflowId = default(System.Guid);
public SPWorkflowActivationProperties workflowProperties = new SPWorkflowActivationProperties();
SPList list = null;
SPListItem folderItem = null;

private void onWorkflowActivated1_Invoked(object sender, ExternalDataEventArgs e)
{
 SPListCollection listCollection = workflowProperties.Web.Lists;

//Creating folder in "MyContacts" Lists
list = listCollection["MyContacts"];

// create a folder under the path specified
folderItem = list.Items.Add(list.RootFolder.ServerRelativeUrl, SPFileSystemObjectType.Folder);

// set the folder name and update
folderItem["Title"] = "My Folder"
folderItem.Update();

//create a listitem object to add item in the foler
SPListItem listItem = list.Items.Add(folderItem.Folder.ServerRelativeUrl, SPFileSystemObjectType.File, null);

//Set the values for other fields in the list
listItem["Contact ID"] = workflowProperties.Item["Contact ID"];
listItem["Contact Name"] = workflowProperties.Item["Contact ID"];
listItem.Update();
workflowProperties.Item.Update();
oWeb.AllowUnsafeUpdates = false;
}

Tuesday, May 3, 2016

Using Windows azure active directory for sharepoint 2013 authentication

Introduction


SharePoint supports the SAML Profile for single sign-on out of the box. This post provides guidelines to configure Windows Azure AD service as Identity Provider.

Create Azure AD tenant and namespace


Use the following steps to create a new Azure AD tenant and an associated namespace. In this example, we use the namespace “saml11acs2”. This can be done using Windows Azure GUI or Powershell.
Using Azure GUI;
  1. In the Azure Management Portal, click Active Directory, and then create a new Azure AD tenant.
  2. Click Access Control Namespaces, and create a new namespace.
  3. Click Manage on the bottom bar. This should open this location, https://saml11acs2.accesscontrol.windows.net/v2/mgmt/web.
Using Powershell;


  1. Open Windows PowerShell. Use the Microsoft Online Services Module for Windows PowerShell, which is a prerequisite for installing the Azure for Windows PowerShell cmdlets.
  2. From the Windows PowerShell command prompt, type the command: Connect-Msolservice, and then type your credentials.
  3. From a Windows PowerShell command prompt, type the following commands:
Import-Module MSOnlineExtended –Force


$replyUrl = New-MsolServicePrincipalAddresses -Address https://saml11acs2.accesscontrol.windows.net/


New-MsolServicePrincipal -ServicePrincipalNames @("https:// saml11acs2.accesscontrol.windows.net/") -DisplayName "SAML ACS Namespace" -Addresses $replyUrl


Add a WS-Federation identity provider to the namespace



Use the following steps to add a new WS-Federation identity provider to the saml11acs2 namespace.
  1. From the Azure management portal, go to Active Directory > Access Control Namespaces, click Create a new instance, and then click Manage.
  2. From the Azure Access Control portal, click Identity Providers > Add, as illustrated in the following figure.
Add or Manage Identity Providers

  1. Click WS-Federation identity provider, as illustrated in the following figure, and then click Next.
Add Identity Provider settings

  1. Fill out the display name and logon link text, and then click Save. For the WS-Federation metadata URL, type https://accounts.accesscontrol.windows.net/saml11acs2.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml. The following figure illustrates the setting.
     Identity Provider Settings

Add SharePoint as a relying party application


Use the following steps to add Web Framework Portal as a relying party application.
From the Azure Access Control portal, click Relying party applications, and then click Add, as illustrated in the following figure.
Relying Party Applications Settings


Authentication Providers Settings


Configure End Points



  1. From the Access Control services portal, add a relying party, as illustrated in the following figure.
Edit Relying Party Application Settings.



Create a rule group for claims-based authentication


Use the following steps to create a new rule group to control claims-based authentication.
  1. In the left pane, click Rule groups, and then click Add.
  2. Type a name for the rule group, click Save, and then click Generate. For the purposes of this article, we are using Default Rule Group for SharePoint, as illustrated in the following figure.
Edit Rule Group Settings


  1. Click the rule group that you want to change, and then click the claim rule that you want to change. For the purposes of this article, we add a claim rule to the group to pass name as emailaddress, as illustrated by the following figure.
Input Claim TypeSettings


  1. Delete the existing claim rule named name

Configure the X.509 certificate


Use the following steps to configure the X.509 certificate to use for token signing.
  1. In the Access Control Service pane, under Development, click Application integration.
  2. In Endpoint Reference, locate the Federation.xml that is associated with your Azure tenant, and then copy the location in the address bar of a browser.
  3. In the Federation.xml file, locate the RoleDescriptor section, and copy the information from the <X509Certificate> element, as illustrated in the following figure.
X509 Certificate element of Federation.xml file
  1. From the root of drive C:\, create a folder named Certificates.
  2. Save the X509Certificate information to the folder C:\Certificates with the file name, AcsTokenSigning.cer.

Define the certificate used to validate the signed WSFed assertion




Open "SharePoint Management Shell" on SharePoint server and execute the lines codes to create a claim mapping:
  • $cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\Certificates\AcsTokenSigning.cer")


  • New-SPTrustedRootAuthority -Name "Azure Certificate" -Certificate $cert


  • $email=New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming


  • $realm = "urn:sharepoint:acs2"


  • $x=New-SPTrustedIdentityTokenIssuer -Name "WAAD" -Description "Azure Identity Provider" -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $email -SignInUrl "https://saml11acs2.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=urn%3asharepoint%3aacs2" –IdentifierClaim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress



Configure the site to use Trusted Identity Provider




Open "SharePoint 2013 Central Administration" on SharePoint server and create new Web Application with SSL Enabled or update existing Web Application.
  1. Navigate - "Application Management
  2. Click - "Manage web applications"
Manage Web Applications Settings
  1. Select a SharePoint Web Application w/ SSL Enabled. Note: "SharePoint Central Administrator" can NOT be used with SSO.
  2. Click "Authentication Providers" from the top menu options.
  3. Click "Default - Claims Based Authentication"
Authentication Providers Settings
Edit Authentication Settings


  1. Click "Save"

Define the Initial Users



  1. Select the web application for which Windows Azure IdP is configured


  1. Select "User Policy" from the menu ribbon to bring up the "Policy for Web Application" dialog box.
Policy for Web Application Settings.


  1. Select "Add Users" in the menu ribbon.


  1. Select the appropriate zone or select the default "All Zones" and select the "Next" button.


  1. From the "Add Users" dialog, select the people picker book in the "Choose Users" section.


  1. Select the Trusted Identity Provider in the left frame and enter a group or account name to grant access in the "Find" text box at the top.


  1. Click Ok
  2. Select the Permissions intended for the user or group.


  1. Select the "Finish" button to go back to the "Policy for Web Application" Dialog.


  1. Select the "OK" button to close.




Login to SharePoint



  1. Use the following steps to verify that the new identity provider is working by ensuring that the new authentication provider appears on the sign-in prompt.


New Identity Provider login
  1. Click on the Identity provider that is mapped to the portal
  2. Login with WAAD credentials

WAAD credentials sign in.