Navigation Option was displaying only 50 items

We recently faced an issue while setting up top link bar on our sites, as we were using publishing  sites, we can see Navigation option instead of top link bar on site settings page.

After checking Navigation option we got to know that some of the links were not showing on top link bar and we were unable to change the position of few of the links.

After searching we got to know by default you can see only 50 items on Navigation items and if you want to increase it, there is a procedure to do that..

Below is the procedure to fix this issue :

Locate the web.config file on your server and do the below changes

<add name="CombinedNavSiteMapProvider" description="CMS provider for Combined navigation" type="Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider, Microsoft.SharePoint.Publishing, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" NavigationType="Combined" EncodeOutput="true" />

<add name="CurrentNavSiteMapProvider" description="CMS provider for Current navigation" type="Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider, Microsoft.SharePoint.Publishing, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" NavigationType="Current" EncodeOutput="true" />

<add name="CurrentNavSiteMapProviderNoEncode" description="CMS provider for Current navigation, no encoding of output" type="Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider, Microsoft.SharePoint.Publishing, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" NavigationType="Current" EncodeOutput="false" />

Add a DynamicChildLimit="0" before the end tag "/>" on each line to disable the default 50elements limit:

PS: Reference http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.publishing.navigation.portalsitemapprovider.dynamicchildlimit.aspx

Thanks !

Shared Document library page got corrupt

Recently I was reported for an issue in which user tried to upload a document and the shared document library AllItems.aspx page got corrupt and not working at all.

I dig-in the issue and found that somehow knowingly or unknowingly someone tried to alter AllItems view which caused the page to get corrupted.

Now the issue was how to create a default view for shared document library to make the library working again..

So here is the solution steps:





1) Open site that contains the library

2) Click on “Site Actions” >> “Site Settings” to view the site settings page “_layouts/settings.aspx”

3) Click on the Site list and library option under Site Administration heading and then click on the library name that displays the error to view the library’s settings page.

4) And create a new view for document library and make it as default view for document library and save it.  And here you go!

You can browse the document library and it should work.!

Enjoy!
Keep Learning :)

Move Wiki Pages to another library

Recently my lead asked me to move old wiki pages from one library to another, I was searching for traditional option of move to other location but to my surprise, I didn't find that option , I did some research and found that option is only available for normal document library and not for Wiki document library.

I did some search and found below method to move wiki pages from one library to another within same site or different site.

To move Wiki pages,

1. Go to Site Settings page of main site (site collection).


2. Go to the ‘Site Content and Structure’ page. You can access this site with either Site Actions > Site Settings or http://portal/_Layouts/sitemanager.aspx
3. Navigate to your source List or Document Library and mark all the items that you would like to have moved. Then click on Actions > Move
4. You’ll then be prompted with a pop-up that will let you navigate to your destination List or Document Library. After you find that, just press the OK button and you’ll be good to go!

Enjoy!!

Edit Page option is disabled\grayed out

Recently I got one issue, one user raised it saying like his edit page option was disabled(the ‘Edit page’ option in the Site Actions menu is disabled (greyed-out)!)

This is not an error. Edit page command will be disabled when another user has checked-out that particular page. To see which user has done so you will need to navigate to Pages library on your site.

If you have the right permissions and you need to edit the page, you can show the page editing toolbar and then click on Page -> Override Check Out. This will undo any changes the other users has made and the page will be checked out to you, but is useful if you really need to make a modification to the page.

Thanks !

Use Confirmation Page

Recently I came across a weird issue, one of the user raised an incident that he can't see the use-confirmation page and he is getting access denied error in-spite of having administrative rights on the site.

I checked myself and confirmd that he was one of a site collection admin, when I myself tried to access that page, I was getting SQL error, that page doesn't exist.

I searched a lot and found some solution, below are the steps:

Use Confirmation page URL : http://sitename/_layouts/useconfirmation.aspx

Description: This page is used to confirm that this site is in use,
Issue type: If anytime you get access denied error that means, this site has read only access or might get locked

Solution:

• Go to --> central admin--> application management---> 

• under site collection--> configure quotas & lock

• select the desirable site---> and check "lock status for this site" should be selected as "Not locked"

And that's it, it  should work.

Feature stapling

One aspect of features I wanted to cover quickly is the relationship SharePoint Features have with site definitions. Site definitions are created by a developer and subsequently used by site owners to create new sites. Much of this facility is also available by the 'Save site as template' functionality, though there are some minor differences. Additionally the 'Save site as template' functionality is removed on SharePoint publishing sites (or at least the link in Site Settings is via a HideCustomAction feature element), due I think, to some site information/functionality which SharePoint cannot properly save into a .stp file. So developers often create site definitions as part of their customization, and it's a process well-documented in the WSS SDK.

If you have created a site definition, there are several ways of using features with it. These are:-

1. Create a site from the definition and subsequently deploy your features to the site.
2. Include the features in the site definition (onet.xml) before using it to create sites.
3. Use feature stapling to associate your features to the site definition.

Since the first option doesn't really associate the Features to the site definition, we'll focus on options 2 and 3.

2. Include features in site definition

This option should be used if the site definition has not yet been deployed, and no sites have yet been created from it. The section of the onet.xml file where features are associated with the site definition contains may look something like:

<Configuration ID="0" Name="BLANKINTERNET">

    <SiteFeatures>

        <Feature ID="C85E5759-F323-4EFB-B548-443D2216EFB5" />

        <Feature ID="A392DA98-270B-4e85-9769-04C0FDE267AA" />

        <Feature ID="7C637B23-06C4-472d-9A9A-7C175762C5C4" />

    </SiteFeatures>

    <WebFeatures>

        <Feature ID="00BFEA71-DE22-43B2-A848-C05709900100" />

        <Feature ID="00BFEA71-E717-4E80-AA17-D0C71B360101" />

    </WebFeatures>

    <Modules>

        <Module Name="Home" />

    </Modules>

</Configuration>

The ID value is, of course, the feature GUID. The SiteFeatures element contains features which should be activated when the site definition is used to create a site collection, and the WebFeatures element contains features for when the definition is used to create a standard web within a site collection.

3. Use feature-stapling to associate your features to the site definition

This option should be used when the site definition is already in use (and sites have been created). This is because there are risks in modifying a site definition once it has been deployed, since the site definition files on the filesystem are used for pages which are ghosted (not modified).

To use feature-stapling, you first need the feature(s) you wish to link to the site definition - these should be created in the normal way. The, you should create a 2nd feature which does the actual stapling. Sample values for the various files are shown below:

The manifest.xml file if you are wrapping your feature in a solution:

<?xml version="1.0" encoding="utf-8"?>

<Solution xmlns="http://schemas.microsoft.com/sharepoint/" SolutionId="26E1A1D9-7BB2-4e76-888E-B20184B16E3B">

  <FeatureManifests>

    <FeatureManifest Location="COB.Demos.FeatureStapling\feature.xml" />

  </FeatureManifests>

</Solution>

The feature.xml file which defines the feature 'header' information:

<?xml version="1.0" encoding="utf-8" ?>

<Feature Id="4AF9999A-0517-4224-9ED3-D2F9F87D92E2"

        Title="COB.Demos.FeatureStapling"

        Description="Staples a set of features to custom site definitions. The features/site definitions are defined in stapling.xml."

        Version="1.0.0.0"

        Scope="Farm"

        Hidden="FALSE"

        xmlns="http://schemas.microsoft.com/sharepoint/">

  <ElementManifests>

    <ElementManifest Location="stapling.xml" />

</ElementManifests>

</Feature>

And finally, the core feature definition in the stapling.xml file:

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">

  <FeatureSiteTemplateAssociation Id="F6924D36-2FA8-4f0b-B16D-06B7250180FA" TemplateName="MySiteDefName#0" />

  <FeatureSiteTemplateAssociation Id="94C94CA6-B32F-4da9-A9E3-1F3D343D7ECB" TemplateName="MySiteDefName#0" />

  <FeatureSiteTemplateAssociation Id="02464C6A-9D07-4F30-BA04-E9035CF54392" TemplateName="MySiteDefName#0" />

</Elements>

The FeatureSiteTemplateAssociation element maps feature GUIDs to site defintions - note that the format of the TemplateName attribute value is <SiteDefName>#<ConfigurationID>. This obviously allows a degree of flexibility and allows you to do fairly complex things with different configurations of site definitions.

The final thing to note is that feature-stapling won't affect any sites which have already been created from a site definition, only subsequent sites. The only way to do this is to activate your features individually on the site, though obviously an STSADM script can help you activate multiple features against multiple sites.

Introduction

Active Directory Federation Services (ADFS) is based on the emerging, industry-supported Web Services Architecture, which is defined in WS-* specifications.

ADFS is a component in Microsoft® Windows Server™ 2003 R2 that provides Web single-sign-on (SSO) technologies

• To authenticate a user to multiple Web applications
• Over the life of a single online session

ADFS accomplishes this by securely sharing digital identity and entitlement rights, or "Claims," across security and enterprise boundaries.

ADFS is not:

• A database or repository for employee or customer identity data
• An extension of the Active Directory™ directory service schema
• A type of Windows domain or forest trust

Key features of ADFS

Federation and Web SSO: When an organization uses the Active Directory™ directory service, it currently experiences the benefit of SSO functionality through Windows-integrated authentication within the organization's security or enterprise boundaries.

ADFS extends this functionality to Internet-facing applications, which enables customers, partners, and suppliers to have a similar, streamlined, Web SSO user experience when they access the organization’s Web-based applications.

Web Services (WS)-* interoperability: ADFS provides a federated identity management solution that interoperates with other security products that support the WS-* Web Services Architecture.

Extensible architecture: ADFS provides an extensible architecture that supports the Security Assertion Markup Language (SAML) token type and Kerberos authentication (in the Federated Web SSO with Forest Trust scenario).

Active Directory, Domain, Trust and Forest

Active Directory is a centralized and standardized system that automates network management of user data, security and distributed resources and enables inter-operation with other directories. Active Directory is designed especially for distributed networking environments.

Active Directory is a centralized and standardized system that automates network management of user data, security and distributed resources and enables inter-operation with other directories. Active Directory is designed especially for distributed networking environments.

Windows Server 2003 Active Directory provides a single reference, called a directory service, to all the objects in a network, including

• Users
• Groups
• Computers
• Printers
• Policies
• Permissions

Active Directory networks are organized using four types of divisions or container structures. These four divisions are forests, domains, organizational units and sites.

Forests: The collection of every object, its attributes and attribute syntax in the Active Directory.

Forests are not limited in geography or network topology. A single forest can contain numerous domains, each sharing a common schema. Domain members of the same forest need not even have a dedicated LAN or WAN connection between them. A single network can also be the home of multiple independent forests. In general, a single forest should be used for each corporate entity. However, additional forests may be desired for testing and research purposes outside of the production forest.

Domain: A collection of computers that share a common set of policies, a name and a database of their members.

Domains serve as containers for security policies and administrative assignments. All objects within a domain are subject to domain-wide Group Policies by default

Furthermore, each domain has its own unique accounts database. Thus, authentication is on a domain basis. Once a user account is authenticated to a domain, that user account has access to resources within that domain.

A domain must have one or more servers that serve as domain controllers (DCs) and store the database, maintain the policies and provide the authentication of domain logons.

With Windows NT, primary domain controller (PDC) and backup domain controller (BDC) were roles that could be assigned to a server in a network of computers that used a Windows operating system.

The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network.

One server, known as the primary domain controller, managed the master user database for the domain. One or more other servers were designated as backup domain controllers. The primary domain controller periodically sent copies of the database to the backup domain controllers. A backup domain controller could step in as primary domain controller if the PDC server failed and could also help balance the workload if the network was busy enough.

Organizational units: Containers in which domains can be grouped. They create a hierarchy for the domain and create the structure of the Active Directory's company in geographical or organizational terms.

Organizational units are much more flexible and easier overall to manage than domains. OUs grant you nearly infinite flexibility as you can move them, delete them and create new OUs as needed. However, domains are much more rigid in their existence. Domains can be deleted and new ones created, but this process is more disruptive of an environment than is the case with OUs and should be avoided whenever possible.

Sites: Physical groupings independent of the domain and OU structure. Sites distinguish between locations connected by low- and high-speed connections and are defined by one or more IP sub-nets.

By definition, sites are collections of IP sub-nets that have fast and reliable communication links between all hosts. Another way of putting this is a site contains LAN connections, but not WAN connections, with the general understanding that WAN connections are significantly slower and less reliable than LAN connections. By using sites, you can control and reduce the amount of traffic that flows over your slower WAN links.

Domain is territory over which rule or control is exercised; most organizations that have more than one domain have a legitimate need for users to access shared resources located in a different domain.

Controlling this access requires that users in one domain can also be authenticated and authorized to use resources in another domain. To provide authentication and authorization capabilities between clients and servers in different domains, there must be a trust between the two domains.

Trusts are the underlying technology by which secured Active Directory communications occur, and are an integral security component of the Windows Server 2003 network architecture.

Trusts help provide for controlled access to shared resources in a resource domain (the trusting domain) by verifying that incoming authentication requests come from a trusted authority (the trusted domain).

In this way, trusts act as bridges that allow only validated authentication requests to travel between domains.

Types of trust relationships:

ONE-WAY, providing access from the trusted domain to resources in the trusting domain

TWO WAY, providing access from each domain to resources in the other domain

NONTRANSITIVE, trust exists only between the two trust partner domains

TRANSITIVE, trust extends to any other domains that either of the partners trusts

In some cases, trust relationships are automatically established when domains are created; in other cases, administrators must choose a type of trust and explicitly establish the appropriate relationships.

Group Policy management and Active Directory

It's difficult to discuss Active Directory without mentioning Group Policy. Admins can use Group Policies in Microsoft Active Directory to define settings for users and computers throughout a network. These setting are configured and stored in what are called Group Policy Objects (GPOs), which are then associated with Active Directory objects, including domains and sites. It is the primary mechanism for applying changes to computers and users throughout a Windows environment.

Through Group Policy management, administrators can globally configure desktop settings on user computers, restrict/allow access to certain files and folders within a network and more.

ADFS 2.0, which was released in early May, "doesn't require changes to Active Directory server -- it's a separate server that knows how to talk to Active Directory,"

ADFS 2.0 is a central piece of Microsoft's identity management strategy, providing a two-way gateway for sending and receiving claims-based requests, as Microsoft calls them, using SAML-based tokens containing information about users and what they want in terms of information and access.

ADFS 2.0 supports the open standard protocol Security Assertion Markup Language (SAML) 2.0,

"SAML interoperability is built into ADFS 2.0,"

ADFS 2.0 is expected to be baked into many future Microsoft application products, such as SharePoint 2010. But the reality is today legacy applications don't have the ability to easily work under a SAML-based framework, though they can be made to work that way.

"Policy framework is not part of ADFS 2.0,"

The authorization protocol Extensible Access Control Markup Language (XACML) from the Organization for the Advancement of Structured Information Standards (OASIS) has emerged as the preferred standard for fine-grained authorization.

IBM says it supports XACML in its Tivoli Federated Identity manager product. But it's unclear if Microsoft is going to go the XACML route

Claims-Based Identity Model

When you build claims-aware applications, the user presents an identity to your application as a set of claims. One claim could be the user’s name, another might be an e-mail address. The idea here is that an external identity system is configured to give your application everything it needs to know about the user with each request she makes, along with cryptographic assurance that the identity data you receive comes from a trusted source.

Under this model, single sign-on is much easier to achieve

Under this model, your application makes identity-related decisions based on claims supplied by the user. This could be anything from simple application personalization with the user’s first name, to authorizing the user to access higher valued features and resources in your application.

Security Token

The user delivers a set of claims to your application along with a request. In a Web service, these claims are carried in the security header of the SOAP envelope. In a browser-based Web application, the claims arrive through an HTTP POST from the user’s browser, and may later be cached in a cookie if a session is desired. Regardless of how these claims arrive, they must be serialized, which is where security tokens come in. A security token is a serialized set of claims that is digitally signed by the issuing authority.

Claim

Think of a claim as a piece of identity information such as name, e-mail address, age, membership in the Sales role. The more claims your application receives, the more you’ll know about your user.