Develop Reference

Sharepoint anonymous access to layouts folder in anonymous web application

I have a Sharepoint Foundation server 2013 with a Web Application deployed, a root Site Collection and another Site Collection in this Web Application. The Web Application is configured for Anonymous Access, the second Site Collection requires Sharepoint authentication (MS TMG).
I have Application Pages that are deployed to the server (scope = web), these Application Pages are used within the second Site Collection by users and so require authentication, which works as desired. Those Application Pages must also be accessible anonymously, they are of course in the _layouts folder and so are included in the root Site Collections _layout path, this part does not work.
I can access anonymously the root server address https://myserver.mycompany.co.uk/
(maps to https://myserver.mycompany.co.uk/_layouts/15/start.aspx#/SitePages/Home.aspx which is turn maps to https://myserver.mycompany.co.uk/SitePages/Home.aspx). I cannot however get anonymous access to https://myserver.mycompany.co.uk/_layouts/15/mysite.ApplicationPages/MyPage.aspx?QueryString=etc
It requires authentication and of course works when I provide authentication.
Suggestions? More info required?

// This
public partial class DoWithComment : UnsecuredLayoutsPageBase
{
// And this was required as well
protected override bool AllowAnonymousAccess
{
get
{
return true;
}
}
}

If your app pages need to be accessible via anonymous access, your pages should inherit from Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase instead of LayoutsPageBase
See: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.unsecuredlayoutspagebase.aspx

Apart from Colin's answer there is indeed a case when the above does not work (SharePoint 2013 with SP 1).
SharePoint is accessed via Windows Authentication.
User utilizes Chrome (my version is 35) to access page.
User has been logged off from different browser or user's domain login is locked.
User tries to access the anonymous page.
User gets the login popup from Chrome.
My only workaround was to create a HTTP module to remove all the cookies including WSS_KeepSessionAuthenticated cookie on BeginRequest. Most probably removing the WSS_KeepSessionAuthenticated is only required but I'm pasting original code which removed every cookie as the issue is quite hard to reporduce.
public class SPNoAuthModule : IHttpModule
{
public void Dispose(){ }
public void Init(HttpApplication context)
{
context.BeginRequest+=context_BeginRequest;
}
private void context_BeginRequest(object sender, EventArgs e)
{
var app = (HttpApplication)sender;
var context = app.Context;
if (context.Request.FilePath.ToUpper().EndsWith("YOURPAGEADDRESS"))
{
var cookieNames = context.Request.Cookies.AllKeys;
foreach (var cookieName in cookieNames)
{
context.Request.Cookies.Remove(cookieName);
}
}
}
}
And of course register it in proper Web.config in c:\inetpub\wwwroot\wss\VirtualDirectories\YOURAPPNAME:
<modules>
<add name="YOURMODULENAME" type="YOURNAMESPACE.SPNoAuthModule, YOURASSSEMBLYNAME, Version=YOURVERSION, Culture=YOURCULTURE, PublicKeyToken=YOURKEYTOKEN" />
</modules>

Liferay search does not provide results for web-contents

Our company is using Liferay portal 6.0.5 CE.
Within liferay we have a Community, community has few members and few web-contents.
By default all members have role Community member and they can view these web-contents. But if user tries to search web content via liferay search, it does not provide any results.
If I set permissions for web-contents such that Guest role can also view, then search provides the relevant results.
If it matters, before we had a Liferay 5.x and have migrated to 6.0 & then to 6.0.5.
Any ideas for this?
Thanks.

It seems that the guest view permissions for articles have not been set when migrating from 5.0 (if at all permissions have been set before for guest users). Easy fix would be assigning guest view permissions for all the articles that you want to make visible for guest in the respective community. this line in the below code assigns view permissions
JournalArticleLocalServiceUtil.addArticleResources(groupId,
article.getArticleId(), new String[] { "VIEW" },
new String[] { "VIEW" });
its been referred as resource and you will be adding permissions to the Article Resources.
ThemeDisplay themeDisplay = (ThemeDisplay) request
.getAttribute(WebKeys.THEME_DISPLAY);
long groupId = themeDisplay.getLayout().getGroupId();
List<JournalArticle> articles = JournalArticleLocalServiceUtil
.getArticles(groupId);
for (JournalArticle article : articles) {
JournalArticleLocalServiceUtil.addArticleResources(groupId,
article.getArticleId(), new String[] { "VIEW" },
new String[] { "VIEW" });
}

Thank you for advice, but I solved this trouble via hook for search portlet. For searching I used DynamicQuery and PermissionChecker and simple method String.contains(). It works bit slower, but it works--at least for 1k+ web contents!

Redirect loop when liferay integrated with OpenSSO

My softwares are:
Liferay 6.0.6 with Tomocat 6.0.29, OpenSSO 9.5.2_RC1 Build 563 with tomcat 6.0.35, CentOS 6.2 Operating system
Setup:
I have setup both liferay and opensso on the same CenOS machine, making sure that both of its tomcat run on very different port, I have installed and configured OpenSSO with Liferay as per the guidelines availaible on liferay forums
Problem:
when i hit my application URL i get redirected to Opensso login page which is what i want, when i login with proper authentication details it trys to redirect to my application which is exactly how it should behave, however this redirect goes in a loop and i don't see my application dashboard. The conclusion i come to is that the redirect is trying to authenticate in liferay but somehow it does not get what it is looking for and goes back to opensso and this repeats infinitely. I can find similar issues been reported here. Unfortunetly, it did not work.
Later i decided to debug the liferay code and i put a break point on com.liferay.portal.servlet.filters.sso.opensso.OpenSSOUtil and com.liferay.portal.servlet.filters.sso.opensso.OpenSSOFilter. The way i understand this code is written is it first goes to the OpenSSOUtil.processFilter() method which get's the openSSO setting information that i have configured on liferay and later checks if it is authenticated by calling the method OpenSSOUtil.isAuthenticated(). This particular implementation basically reads the cookie information sent and tries to set the cookie property on liferay by calling the method OpenSSOUtil._setCookieProperty(). This is where it fails, it tries to read the cookie with name [iPlanetDirectoryPro] from the liferay class com.liferay.util.CookieUtil using the HttpServletRequest object but all it get's a NULL. this value set's the authenticate status to false and hence the loop executes.
Following is the code from class com.liferay.util.CookieUtil
public static String get(HttpServletRequest request, String name) {
Cookie[] cookies = request.getCookies();
if (cookies == null) {
return null;
}
for (int i = 0; i < cookies.length; i++) {
Cookie cookie = cookies;
String cookieName = GetterUtil.getString(cookie.getName());
if (cookieName.equalsIgnoreCase(name)) {
return cookie.getValue();
}
}
return null;
}
Can anyone please let me know why liferay is not able to find the cookie that opensso sent. If its related to Opensso setting about enable cookie value, then i have done that already which is here
In OpenSSO go to: Configuration -> Servers and Sites -> -> Security -> Cookie -> check Encode Cookie Value (set to Yes)
What works:
when this loop is executing i open another tab and login to my application explicitly, from my application when i signout it get's signout from opensso also. This is strange to me.
For more information, while this redirect loop happens, following URL's give me these set of information
http://opensso.ple.com:9090/openam/identity/getCookieNameForToken
string=iPlanetDirectoryPro
http://opensso.ple.com:9090/openam/identity/isTokenValid
boolean=true

SharePoint 2010 event handler (receiver) not working on personal sites of the MySites site collection

I have a SharePoint 2010 MySites set up on its own web application. There is the standard site collection at the base level, http://site:80/.
The personal sites for each user is at the managed URL /personal/.
I have a working event handler which add items to the Newsfeed when a user adds something to a picture library.
THE PROBLEM:
The problem is, this only works if they add to a picture library at the base site collection, http://site:80/, and does NOT work if they add to http://site:80/personal/last first/.
Does anyone know why? The event handler feature is site scoped and my understanding is that it should work on all subsites.

The problem is that personal sites are not subsites of My Site host. In fact each user's personal site is a site collection on its own. So basically you need to register your event receiver not only for My SIte host, but also for each user's personal site.

Ok. Because you can only 'staple' features to site definitions which will be provisioned in the future, you need a way to activate new features on existing sites.
So, the fix I discovered and used follows:
The default page for the newsfeed is http://site:80/default.aspx. If you create an event receiver and scope it for 'site' and deploy it globally or to that web application, then it will work on the base site collection. Each personal site is a site collection and has the feature but it needs to be activated on each personal site collection.
So, in the default.aspx page, you place the following which will activate the feature if it has not yet been activated.
<script runat="server" type="text/c#">
protected override void OnLoad(EventArgs e) {
base.OnLoad(e);
String sAccount = (((SPWeb)((SPSite)SPContext.Current.Site).OpenWeb()).CurrentUser.LoginName).Split('\\')[1];
String basePersonalURL = "http://site:80/personal/";
String eventReceiverFeatureId = "12345678-1234-1234-1234-1234567890ab";
using(SPSite site = new SPSite(basePersonalURL + sAccount)) {
site.AllowUnsafeUpdates = true;
using(SPWeb web = site.RootWeb) {
web.AllowUnsafeUpdates = true;
try { site.Features.Add(new Guid(eventReceiverFeatureId)); } catch {}
web.AllowUnsafeUpdates = false;
}
site.AllowUnsafeUpdates = false;
}
}
</script>
You also need to edit the web.config file in order to allow inline code to run for this page. Hope this helps.

SharePoint -custom sign-in page

I am running a CMS web site on WSS 3.0.
I would like to have a custom sign-in page for the publishers. Do I have any other alternative other than the Welcome control? (For example, could I use ASP.NET Login control?
Thank you for your help.

That would depend on the authentication mechanism that you use. If you're using Active Directory, you're pretty much tied to the Welcome control.
If however you're using Forms Based Authentication, you can control to login page more completely.
FBA can be tricky to configure and I'd recommend staying with AD if you can, but if you have to go FBA, here's a good guide:
http://technet.microsoft.com/en-us/library/cc262201(office.12).aspx

This is really not much difficult.
It can only be happen if you have Forms based authenticated site not windows based, then you must have to modify login.aspx page.
this relies in _layouts folder of 12 hive. so you have to modify it.
Best way to do is, fo to _layouts folder, make a copy of it and paste it in somewhere in the disk and then change the location in IIS properties for the site of the _layouts folder to your copied one. and make the changes of that login page.
Points to remember.: It uses a master page and there are 5 or 6 customplaceholders requires. so do have them in your new masterpage.
Next is about the code behing for login control to work.
If you are customizing your login code. then you have to modify
this is an example :
using System;
using System.Web.Security;
using System.Web.UI.WebControls;
namespace CustomLoginPage
{
public class Login :
Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase
{
protected System.Web.UI.WebControls.Login loginBox;
protected override bool AllowAnonymousAccess { get { return true; }
}
protected override bool AllowNullWeb { get { return true; } }
protected void Login_Click(object sender, EventArgs e)
{
if (AuthenticateUser(loginBox.UserName, loginBox.Password))
return;
}
protected bool AuthenticateUser(string emailAddr,
string password)
{
string userName = emailAddr;
MembershipUserCollection coll =
Membership.FindUsersByEmail(emailAddr);
if (coll != null && coll.Count == 1)
{
// We're doing this to force the enumerator to give us the
// one and only item because there is no by int indexer
foreach (MembershipUser user in coll)
{
userName = user.UserName;
}
}
if (Membership.ValidateUser(userName, password))
{
FormsAuthentication.RedirectFromLoginPage(userName, true);
return true;
}
return false;
}
}
}
so please do modify it.
The one Url which i follow to perform this is :
http://www.devx.com/enterprise/Article/35068/1954
Go ahead and if you face any issues. feel free to contact me : ankurmadaan2787#live.in

The answers below are really helpful -but I'm afraid my environment is limited (WSS 3.0, shared hosting).
So I simply added this link which opens up the authentication dialog:
Sign in
(Where the Source parameter indicates the URL to redirect to upon authentication.)
Thank you.