SharePoint Alternate Access Mapping Problem - sharepoint

I have an Info-path task form in a custom SharePoint workflow that I have made.
The custom task form says to the user you have a task you need to complete here is a link to the document that you need to fill out in order to complete the task.
However the client's server has an alternative access mapping.
I pass the generated workflow URL to the task form of the document in the item-metadata.xml however this does not take into account the alternate access mapping and therefore the link is the wrong URL on the client's machine.
How do I manage to generate a URL on the server that takes into account the access mapping?

From the AAM page which URL is the workflow using, Default?
If so what about swapping around the AAM so the one you want to use is listed as Default?

Related

Secure the 2-stages approval application using SharePoint & Power Apps & Power Automate

We have a travel request application. where a user submit a request which should go into 2 stages of approval process before it gets Final Approval.
Now we did the following:-
Create a SharePoint list which contain those fields; Title, Description, StareDate, EndDate, FirstApproval (the requestor direct manager), SecondApproval (the requester regional approval), Statues (system-generated with those options; open, first-approved, second-approved, Final-Approved).
Power Apps, which send emails to the first-approval and the second-approval users , and show-hide the Approved & Reject buttons based on the item status.
Power Automate,to set item-level permissions, so for example when the item needs first-approval only the approval's direct manager can edit the item, while all stakeholders can read-only.
now the process is not 100% secure, as a requestor using API call or using SharePoint built-in forms, can easily create a new request and define its status as Final-Approved. so in other words the requestor can bypass the Power Apps business logic. so how we can secure our process? so if an item has a status = "Final-Approved", then we can 100% sure that it actually went through the 2 approvals users?
One Approach i am thinking of, is as follow:-
To create additional SharePoint list >> which stores the ItemID + ItemStatus.
Grant all users Read-Only on this new list while grant the service account Contribute.
Update this new list from Power automate Only. so for example only if the submitter's direct manager did the approval, to change the status inside the new list to First-Approved, and so on.. Also only if the submitter's regional manager approve the request + there is already an approval from the direct manager to change the status from First-Approved to Second-Approval.. so what ever the status is inside the new lit i can be sure that it has not been hacked, as end-user will have read-only on this new list.. can anyone advice please?
Thanks
I believe this question is not unique to you, many SharePoint developers need to make specific configurations or use some artifices to ensure a certain process developed in SharePoint.
Using exclusive/custom permission control into List and uses the PowerAutomate layer to conntrol List Item permission only to approver will secures some update from Rest API, for example.
If you want to block New Insert items and/or block Update items by PowerApps, you can substitute the instruction into "OnEdit" and/or "OnNew" events using ResetForm(SharePointForm1);; RequestHide();; with this instructions in these events block some user to create or update SharePoint Items.
Into SharePoint list settings, in advanced settings, you can disable attachments, disable comments in list item, disable search, disable quick edit, disable launch form in dialog.
I think that's all.

Is it possible to show alert message on the page or popup window, when user SHARE the document

My SharePoint Environment is SharePoint 2019 On Premise
Is it possible to show alert message on the page or popup window, when user SHARE the document on the Document Library.
When we Share the document, whether or not we could modify the mail alert template/ Content.
Thanks
By 'share', I assume you mean you want to show a message anytime someone edits the permissions of a document. (Since technically, I could 'share' a document by emailing someone the link to it.)
To my knowledge, the only way to achieve this would be to build a custom-code (SPFx) solution which uses API's to interact with the document's permissions granted via app-only access. And block users' ability to access those documents in the traditional way through SharePoint. This would give you full control over the UI, and prevent users from granting access (sharing) elsewhere.
Another option you might investigate is Azure Rights Management. Sensitivity labels applied to documents/libraries can be configured to automatically display headers, footers, watermarks, and even encryption when they are accessed. Exchange can also be configured to display a 'tip', when it detects users are trying to email a sensitive document. Full disclosure: I have only worked with these features in SharePoint online and I'm not certain of their capability in an on-premise environment.

Automate the creation of a user in IIS7

How can I automate the creation of a user in IIS7?
I'm using C#. I have code that automates the creation of a website, and I found some examples for automating the creation of an FTP site.
I also need to automate the creation of a IIS user for each FTP site that I create.
I could possibly just edit the administration.config file, under I could just add another element for each new user, but I wouldn't know how to set the password attribute, which is encoded. Plus, there's gotta be an easier more reliable way to do this.
The FTP users that I need to set up are not associated with any website. These users will only log into the FTP site, not into any website.
To manually add a user, I can run the feature "IIS Manager Users", then simply click on "Add User..."
This adds an entry to the config file, as I mentioned in my original post.
I then associate that user to my ftp site by adding an FTP Authorization Rule for that user.
As for my current configuration... On IIS7, under Management Service, under "Identity Credentials" I selected "Windows credentials or IIS Manager credentials".
For adding the users to Administration.config you can use the API in Microsoft.Web.Management.dll ManagementAuthentication.CreateUser, the following blog shows how to call it from POwerShell: Link
To add the FTP Authorization Rule you can use Microsoft.Web.Administration.dll. See: http://www.iis.net/ConfigReference/system.ftpServer/security/authorization for an example on how to do that.
Also consider using Configuration Editor to generate the code to automate changes to IIS configuration.
http://blogs.iis.net/webdevelopertips/archive/2009/01/11/tip-42-did-you-know-configurationeditor-allows-you-to-generate-c-javascript-or-appcmd-script-to-update-configuration.aspx
The answer is to use:
Microsoft.Web.Management.Server.ManagementAuthentication.CreateUser(userName, password);
This method will encode the password for us.

Sharepoint 2010 public facing website, anonymous users allowed

I have enabled anonymous users on the farm and on the entire site.
I also have Windows Authentication turned on.
Whenever an anonymous user attempts to view the site, they are prompted to log in.
And they get prompted to login on every single page they view.
I would like to allow users to log in via Windows Authentication, (perhaps through a special page), but anonymous users should not get prompted to put in their password ever.
Does that mean I need to switch to forms based authentication for the entire site, or is there an option in 2010 to somehow get Windows Authentication and allowing anonymous users to live harmoniously.
It could be because some of the file is not published. For ex, if master page, CSS stylesheet or any image is unpublished, it will prompt the user for login.
Make sure everything is published and it will work.
You need to see if it is anything on this path http://server/_catalogs/masterpage/Forms/AllItems.aspx
that it is not published.
You must publish everything
May be you missed some of the configuration steps .So i wish if you take a look to the following article
SP2010 Branding Tip #9 – Turn on Anonymous Access
Regards
I assume that you are using the Publishing Site Template for the public site and hence the default.aspx (the welcome page of all the subsites) is not published so you would need to start the approval workflow publish the pages and any other assets (master page, css, images etc)
You need to do some prepwork to set the site up using two web applications, both with different authentication methods. You can't run SharePoint effectively for Windows users and anonymous (or Forms based authentication) at the same time.
Essentialy:
Create your SharePoint site for internal users using Windows Authentication
Extend the site to a new site (using the same content database) but using anonymous or forms based authentication (whichever makes sense for you)
A MSDN article can be found here on this:
http://msdn.microsoft.com/en-us/library/ff648385.aspx
You can also read Andrew Connell's blog about this (he talks about Forms based authentication but you can do the same with anonymous access)
http://www.andrewconnell.com/blog/articles/HowToConfigPublishingSiteWithDualAuthProvidersAndAnonAccess.aspx
Basically you want dual authentication, Windows for one set of users and anonymous or FBA for another (and each access the site using a different URL)
Hope that helps.

Getting (Public) Internet URL for the Sharepoint Portal Site

I have a custom infopath workflow which allows users to submit expesne reports. Whenever someone submits an expense report in the Forms Library the workflow is initiated. The workflow checks the weburl and using a generic method creates a link to point to the workflow item and sends this link in a mail to the submitter and approvers.
Now what i want to achieve is that i need a way to point to the workflow item using a public url so even if the user is submitting a request from intranet or internet the link will be pointing to the internet url and hence the users can open items from their mailbox using internet url when the intranet is not available.
So i guess in short i need a way to get the public url for a site. Also keeping in mind that site may be extended for internet with some security settings in place. What would be the easiest and most efficient way to do this.
Relative path of you Page or the Link will be same irrespective of the Zone from which the user access the Site. All you need to change in the URL is the host name part.
You can get the URL for any Zone with the Following code
SPContext.Current.Site.WebApplication.GetResponseUri(Microsoft.SharePoint.Administration.SPUrlZone.Default).AbsoluteUri
You can make sure you always get URLs from a specific zone by creating a new SPSite object and specifying the zone for it in the constructor. In your case you could try with the Default zone (SharePoint uses URLs from this zone when sending emails for example) or the Internet zone. You have a small sample below:
using(SPSite site = new SPSite(currentSiteId, SPUrlZone.Default)
{
string publicUrl = site.MakeFullUrl(serverRelativeUrl);
// note that MakeFullUrl takes a server relative url not a site relative one
}
If I understand what you are attempting, you want an internet accessible method to access a SharePoint workflow object. Correct me if I am wrong.
Here is what I would do: I would set up a simple website w/ DNS that has a single page that exposes the workflow object. That way, you can just use this site as the base for the link in the notification.
Example: I have an HTML forms engine that I wrote a while back. A customer just requested that it be accessible on the internet as well. I created a new site in IIS, reverse proxied the IP address, and voila, my intranet application is exposed to the internet. Of course, there are security issues and small intranet caviats that had to be taken care of, but nothing too major.
Hope that helps.

Resources