how to remove unnecessery handler mappings from Sharepoint 2010 web application for security purpose

27/10/2011 Leave a comment

This article explains how to restrict or remove unnecessary handler mappings for  Microsoft SharePoint Foundation web application in the Integrated Request Pipeline of Internet Information Services (IIS) .

As you know Sharepoint has modifed the pipeline for more information about Why Sharepoint modifing the request pipeline please read this topic :
http://msdn.microsoft.com/en-us/library/ee537834.aspx

For a general web application you can modify pipleline using:

  • Pipeline Changes at the ASP.NET Framework Level: Sharepoint  does not change any thing for this level that mean sharepoint makes no changes to the machine.config file or the global web.config file.
  • Pipeline Changes at the IIS Configuration Level : The modifications on applicationhost.config file.This file is located in the %WinDir%\System32\inetsrv\config\ directory and it contains registrations of the IIS Web sites and application pools on the server, as well as some settings that apply to all Web applications on the Web server. The settings in applicationhost.config are primarily oriented to the parts of the pipeline that are contributed by IIS, whereas the machine.config and the global web.config files contain settings that are primarily oriented to the parts of the integrated request pipeline that are contributed by ASP.NET.
  • Pipeline Changes at the SharePoint Web Application Level: The modifications on web.config files.
  • Pipeline Changes at the Directory Level : The modifications on directory levels still using web.config files.Particular physical or virtual directories in an IIS Web site can also have their own web.config file to add new settings or override inherited settings. The new settings and overrides, of course, apply only to HTTP requests for resources located within the directory and its subdirectories.

Important ! :In this article scope of “Pipeline Changes at the IIS Configuration Level” so get backup your applicationhost.config file before do anything in %WinDir%\System32\inetsrv\config\

Bellowed configuration is for standart sharepoint web application so if you have some custom codes that need extra handler please add needed handlers to list.

For removing handler mappings

1) open your IIS console.
2) select your Sharepoint Web Application
3) Click Handler Mappings.

And Remove unneceserry handler mappings by selecting and clicking remove button on iis console.

 The handlers in  picture below are the needed ones so don’t delete them.

So sharepoint is not use any .net framework 4.0 components and the other iis default isapi extentions.
Always make a test that your site is working correctly. For testing use these starting points:

  • Test Pages
  • Test System Pages
  • Test File Upload
  • Test Search
  • Test Sharepoint Designer Connection
  • Add your custom test items.

see you next articles.

Filed under Sharepoint 2010 Tagged with , , , , ,

Getting error of “Unable to display this Web Part” on WSS2.0/SPS2003 after installing MS11-074

04/10/2011 Leave a comment

September Security Bulletin (MS11-04) is affecting WSS 2.0/SPS2003 ,  After installing security update MS11-074 for Windows SharePoint Services 2.0 / SharePoint Portal Server 2003 (KB 2494007), we are faced with problems with some DataViewWebPart s.
The error message is :
Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Windows SharePoint Services-compatible HTML editor such as FrontPage. If the problem persists, contact your Web server administrator.”

the problem is cause by The Security Update breaks some XSLT ddwrt functions in the Data View Web Part, for example, ddwrt:FormatDate(string szDate, long lcid, long formatFlag) and ddwrt:FilterLink().

For resolving this issue you ;

1) Upgrade to Windows SharePoint Services 3.0 or Office SharePoint Server 2007.
2. Evaluate how widely the Data View Web Part is used and apply the following workaround if there are very few pages affected:
Remove broken ddwrt functions in the Extensible Stylesheet Language Transformation (XSLT) code of the Data View Web Part.
Here is an example when the broken ddwrt function is
ddwrt:FormatDate(string szDate, long lcid, long formatFlag):

Replace code “ddwrt:FormatDate(string(@someDateField), 1033, 5)” with “@someDateField”. By applying this work around, the Data View will render in browser, however, the formatting of the Date field will be changed as following:

Before the security update, the date is in this format: 9/27/2011 6:21 PM
After above work around, the date is in this format: 2011-09-27T18:21:03

Another example, ddwrt:FilterLink(), this function returns an empty string. Just remove the function, the Data View should render the same way as before.

The above concept can be applied to other ddwrt functions with caution. There are possibilities that removing ddwrt functions will impair the function of XSLT so that the data displayed in Data View is not in the desired format. In those situations, please consider option 1 or 3.

3. Rollback the WSS 2.0/SPS 2003 farm to a state prior to installing the above Security Update. A backup of the farm/content databases before the security update is required for this to be successful.

Filed under Sharepoint Tagged with , , , , , , ,

Think twice for installing September Security Bulletin (MS11-074) KB2560890 on Sharepoint 2010

23/09/2011 Leave a comment

We have getting more problem after installing September Security Bulletin (MS11-074) if you not have sp1 .So i decided to write an article for that.

we have two known issue:

Issue #1- Users unable to browse Publishing sites
Actually i didnt face this problem yet but for this in Tehnoon Raza blog says:
This issue affects the ability of users to browse to and use SharePoint Publishing sites. When browsing to the site, users may experience the following error:
“An Unexpected error has occurred”
Following error is reported in the ULS logs or on the SharePoint page if the “CallStack” attribute of set to “true” in the web.config file:

Method not found: ‘Void Microsoft.Office.Server.WebControls.AudienceLoader.GetAudiencesFetchedDuringPageRequest(System.Collections.Generic.Dictionary`2<System.Guid,Boolean> ByRef, System.Collections.Generic.Dictionary`2<System.String,Boolean> ByRef, System.Collections.Generic.Dictionary`2<System.String,Boolean> ByRef)’.

Issue #2- Unable to Manage User Profile Service Application
the main problem is when you try to open User Profile Service Application , you are getting a “File Not Found” error :

System.IO.FileNotFoundException: Could not load file or assembly ‘Microsoft.ResourceManagement, Version=4.0.2450.34, Culture=neutral, PublicKeyToken=65bf2559ag374f77′ or one of its dependencies. The system cannot find the file specified.    at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.InitializeIlmClient(String ILMMachineName, Int32 FIMWebClientTimeOut)     at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager..ctor(UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID)     at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.ProfileAdminPage.IsProfileSynchronizationRunning() 

For resolving this problem you can apply the KB article action plan (but this is not solve the problem) :
To do this, follow these steps:

  1. Open Central Administration.
  2. In the System Settings section, click Manage Services
  3. Find User Profile Synchronization Service in the list of services. If its status is Started, click Stop. Click Start, and then provide the credentials to start the User Profile Synchronization service.

After do that may be you need a full reset for Sharepoint Machine. i could say this not resolve your problem even if the problem “file not found” has gone. If you try full syncronization you will notice that FIM service gonna hang on MOSS_EXPORT step with an error of “ma-extention-error” and your users not synced at all.
And you can see the error on your Event Viewer Application Log:

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.MissingMethodException: Method not found: ‘Void Microsoft.Office.Server.UserProfiles.ProfileManagerBase.UpdateProfileWithBulkProperties(Int64, System.String, System.String, System.Collections.Hashtable)’. at Microsoft.Office.Server.UserProfiles.ProfileImportExportService.UpdateWithProfileChangeData(Int64 importExportId, ProfileChangeData[] profileChangeData) — End of inner exception stack trace — at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.Office.Server.WebServiceDirectProxy.WebMethodInfo.Invoke(Object webServiceInstance, Object[] args) at Microsoft.Office.Server.WebServiceDirectProxy.Invoke(String methodName, Object[] args) at Microsoft.Office.Server.UserProfiles.ManagementAgent.ProfileImportExportDirect.UpdateWithProfileChangeData(Int64 importExportId, ProfileChangeData[] profileChangeData) at Microsoft.Office.Server.UserProfiles.ManagementAgent.ProfileImportExportExtension.Microsoft.MetadirectoryServices.IMAExtensibleCallExport.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry) Forefront Identity Manager 4.0.2450.34

Root Cause:
The problem has been caused due to inconsistent assembly versions on the SharePoint servers after the installation of the package KB2560890. Multiple packages were released as part of the security bulletin that affect SharePoint 2010 and all applicable packages must be installed on SharePoint servers to ensure that version inconsistencies are not created in the environment.  However, it has been observed that only KB2560890 was pushed to servers via WSUS, resulting in the SharePoint assemblies being in an inconsistent state and creating dependency issues

Resolution:
Only known resolution yet:
Install SP1 and Lasted CU.
iSP1 + June Cu there are lots of fixes over all included in it, and also from June Cu we have new bits for the FIM agent and some performance improvements.
Anyway, after applying the udpates and patches, you should recreate the UPA as well to gain full functionality of all added fixes.
But don’t forget that the SP1 and Lasted CU has also some known issues . For preventing problems please check the microsoft release documents and blogs in Technet.

Prepare to deploy software updates (SharePoint Server 2010)
http://technet.microsoft.com/hi-in/library/ff806331(en-us).aspx

Sharepoint SP1 and June CU information
http://blogs.msdn.com/b/joerg_sinemus/archive/2011/06/29/sharepoint-2010-sp1-and-post-sp1-june-2011-cu.aspx
http://blog.bugrapostaci.com/2011/06/29/sharepoint-2010-service-pack-1-sp1-and-june-2011-cu-released/

Resources:
http://blogs.msdn.com/b/tehnoonr/archive/2011/09/19/september-security-bulletin-ms11-074-and-sharepoint-2010-issues.aspx
http://support.microsoft.com/kb/2560890
http://social.msdn.microsoft.com/Forums/en-AU/sharepoint2010general/thread/8b4d64ed-5f7b-473b-8121-d7f5b0bb5902

Have a nice patching.

Filed under Sharepoint 2010 Tagged with , , , , ,

The security validation for this page is invalid.

27/04/2010 Leave a comment

When you working with sharepoint and  you encounter with this error:

The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again:

Solution is easy:

set “AllowUnsafeUpdates” propery true.

Example:

Guid webID = SPContext.Current.Web.ID;
Guid siteID = SPContext.Current.Site.ID;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(siteID))
    {
        site.AllowUnsafeUpdates = true;
        using (SPWeb web = site.OpenWeb(webID))
        {
            web.AllowUnsafeUpdates = true;
            //your code here...
        }
    }
}

Filed under Sharepoint Tagged with , ,

Follow

Get every new post delivered to your Inbox.