Wednesday, December 14, 2016

How to inject javascript in SharePoint Online with powershell

Hi All,

As we know that SharePoint Online recommended not to update master pages.
If we want to add/update master page we have to use inject JavaScript to any Site or Site Collection via a User Custom Action's ScriptLink property.

we can add user custom actions in different ways.

I. Using PowerShell:

i. Upload the files, like JQuery, custom javascript and css files.
ii. Now open powershell and connect to SharePoint online as below.

$urlAdmin =
$user = ""
$urlSite =

$passwordSecureString = ConvertTo-SecureString -string $password -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $user, $passwordSecureString

Connect-SPOService -Url $urlAdmin -Credential $credential

$spoCredentials = New-Object -TypeName Microsoft.SharePoint.Client.SharePointOnlineCredentials -argumentlist $user, $passwordSecureString

iii. Now add custom actions as below

#Injecting JQuery file
$spoCtx = New-Object Microsoft.SharePoint.Client.ClientContext($urlSite)
$spoCtx.Credentials = $spoCredentials
$spoCtx.RequestTimeout = "500000"
$newAction = $spoCtx.Site.UserCustomActions.Add();
$newAction.Location = "ScriptLink";
$newAction.scriptSrc = "~SiteCollection/SiteAssets/scripts/jquery-2.1.3.min.js";
$newAction.Sequence = 1001;

#Injecting custom javascript file
$newAction = $spoCtx.Site.UserCustomActions.Add();
$newAction.Location = "ScriptLink";
$newAction.scriptSrc = "~SiteCollection/SiteAssets/scripts/CustomJS.js";
$newAction.Sequence = 1002;

Thats it now you can add other javascript/css files from CustomJS.js files.

Its so simple right!!!

Here the complete code.

Friday, February 26, 2016

Error Type: The type or namespace name 'LayoutsPageBase' could not be found

Hi Guys,

Today i want to share about one common error in SharePoint is "The type or namespace name 'LayoutsPageBase' could not be found".

This error occurs while we working on creating application page in visual studio.

The reason for this error is when we try to create application page in sandbox solution it will throw this error. As we know that we can create application as form solution only but not in sandbox solution.

Hence, now change the Sandbox solution property value to "False" and try to compile and deploy it.

Friday, February 5, 2016

News ticker in SharePoint with AngularJS/RestAPI - Part 2

Hi all,

In my previous blog, have shown how to use news ticker in a page/master page.

Now i want to show one more type of active news ticker

Here the steps.

1. Create custom list named as "News" with two columns i.e. PageURL, HeadLines, IsActive.

2. Add few items to the list.

3. Now we want to show only active news headlines so we are changing RestAPI call as below,

var restUrl = _spPageContextInfo.webAbsoluteUrl+"/_api/web/lists/getbytitle('" + listTitle + "')/items?$filter=isActive eq 1";

As i told in the previous we can use the below snippet in a page or in master page.

Here the code snippet.

Here the final output..

Here the complete source code.

News ticker with AngularJS/RestAPI in SharePoint

Hi all,

In this post, i want to show you how to add news ticker in SharePoint with AngularJS/RESTApi.

Here the steps:

1. Create custom list named as "News" with two columns i.e. PageURL, NewsBody.

2. Add few items to the list.

3. Now upload required javascript/css files named as
    a. modern-ticker.css
    b. theme.css
    c. jquery-1.11.0.min.js
    d. angular.min.js

4. Here am adding new page to show the news ticker and you may can add this snippet in your master page.

Here the complete code snippet for new ticker,

Here the final Output:

Here the complete source code.

Friday, January 22, 2016

How to upgrade SharePoint from one version to another version without any downtime

Hi All,

Today I want to share about how to upgrade SharePoint farm from one version to another version without downtime. This is the best approach when we are working on business application where we can not take down time or we can say where will have impact on business if we take down time like banking applications.

Here we need to set up Disaster Recovery farm has been set up with SQL Server AlwaysOn.

Now follow the below steps to upgrade SharePoint farm.

Step 1: Leave users going to primary site and meanwhile patch disaster-recovery/secondary site.
    1. Ddetach the content database from the DR farm 1st, as PSConfig will fail to finish the upgrade while these databases are still connected to the farm & in read-only mode (as the DR site will still be the secondary replica in SQL Server).
    2. syntax: Dismount-SPContentDatabase <ContentDB GUID>
    3. PSConfig will update all databases except the content databases.
    4. Re-attach the content databases, and maybe even run an incremental crawl if you want your indexes to include updates since the content DBs went offline.
    5. Syntax: Mount-SPContentDatabase <databasename> -DatabaseServer <db_server> -WebApplication <webapplication_URL>
    6. Verify SharePoint is happily working again on the DR site – check logs, site-access etc

Step 2: Switch users to the upgraded DR site + failover SQL Server to use the secondary node as the new primary. SharePoint on the DR site will use the content-databases in compatibility mode but with read/write access.
There will be a service interruption while this simultaneous databases + user switchover happens. Might want to make the switch at night, for example.

Step 3: Patch primary farm, now that users are on the DR site.
Once the normal farm is verified as healthy again, failover users there again if you so wish.
Both farms are now upgraded with content-databases in compatibility mode.

Step 4: On the farm with read/write access to the content-databases, finish the upgrade with Upgrade-SPContentDatabase. This may cause some read-only access while the upgrade is happening but it’ll be much less read-only time than the safer method below.
This is the preferred way: read/write functionality still works for users almost without interruption. This full functionality is available much more than was previously possible as AlwaysOn lets us switch primary servers back & forth trivially.

Shortly: upgrade DR farm 1st (with content DBs disconnected) while users still use the primary farm. Then reconnect content DBs, switch users + content DBs at the same time to DR farm once the DR farm is upgraded. Once everyone’s on the DR farm, upgrade primary farm. Finally upgrade content-databases in PowerShell.


Tuesday, January 19, 2016

How to retrieve all items from list (having more than 5000) using CSOM?

Hi All,

As we know that by default the Threshold limit to retrieve litem from a list is 5,000 and OneDrive for Business has a 20,000 limit.
So any list with more then 5,000 items can cause some problems in your apps.

Luckily CSOM allows you to retrieve all items by using the ListItemCollectionPostion. Every time you execute a query for list items, you will be presented with a ListItemCollection that contains the ListItemCollectionPosition.

If that ListItemCollectionPosition is not null you can use that position to execute the same query again, however with a different starting point. This way you can ‘loop’ through all items in a list and construct an object that contains all your items. By putting everything in a while loop you are making sure that you will retrieve all items.

string siteUrl = "http://MyServer/sites/MySiteCollection";
ClientContext clientContext = new ClientContext(siteUrl);
Web site = clientContext.Web;
List targetList = site.Lists.GetByTitle("Announcements");
CamlQuery query = new CamlQuery();
query.ViewXml = "<View><ViewFields><FieldRef Name='Title'/></ViewFields><RowLimit>10 </RowLimit></View>";
ListItemCollection collListItem = targetList.GetItems(query);
string msg = "Titles, 10 at a time:\n";
foreach (ListItem myListItem in collListItem)
msg += "\nTitle=" + myListItem["Title"];
ListItemCollectionPosition position = collListItem.ListItemCollectionPosition;
msg = "";
query.ListItemCollectionPosition = position;
collListItem = targetList.GetItems(query);
position = collListItem.ListItemCollectionPosition;
foreach (ListItem myListItem in collListItem)
msg += "\nTitle=" + myListItem["Title"];
} while (position != null);

Monday, January 18, 2016

Limitations with RunWithElevatedPrivelege in SharePoint

Hi all,

I just want to share couple of things about security issues with RunWithElevatedPriveleges in SharePoint.

Elevated Privilege can be used to bypass or work with security, and can be performed either through SPSecurity or through impersonation techniques involving the SPUserToken and the SPSite class.

Avoid using SPSecurity.RunwithElevatedPrivilege to access the SharePoint object model. Instead, use the SPUserToken to impersonate with SPSite. If you do use SPSecurity.RunwithElevatedPrivilege, dispose of all objects in the delegate. Do not pass SharePoint objects out of the RunwithElevatedPrivilege method.

Only use SPSecurity.RunwithElevatedPrivilege to make network calls under the application pool identity. Don't use it for elevation of privilege of SharePoint objects.

Here the sample code to show what is the issue with RunWithElevatedPrivileges.

SPList taskList=null;
      SPSite elevatedSite = SPContext.Current.Site;

      using (SPWeb elevatedWeb = elevatedSite.OpenWeb())
           taskList = elevatedWeb.Lists["Tasks"]
//This code will succeed even outside the block as it is accessed via elevated SPWeb. Hence Security Risk.

Always use the SPSite constructor with an SPUserToken to create an elevated privilege security context in SharePoint.

This is most recommend way and best practice  to perform impersonation in context of SharePoint. However,When using SPUserToken, you need ensure that the user exists whom you are impersonating, and that user has the proper permissions. In production scenarios, you may not know the user in advance and this technique may not work
Below is the example to impersonate SHAREPOINT\SYSTEM account.
SPWeb oWeb = SPContext.Current.Web;
SPUserToken token = oWeb.AllUsers[@"SHAREPOINT\SYSTEM"].UserToken;
using (SPSite elevatedSite = new SPSite(oWeb.Site.ID, token))
    using (SPWeb elevatedweb = site.OpenWeb())
      // Perform administrative actions by using the elevated site and web objects.
      // elevatedWeb.CurrentUser.LoginName gives SHAREPOINT\system
      // WindowsIdentity.GetCurrent().Name gives current logged-in username i.e. SPContext.Current.Web.CurrentUser.LoginName.
      // Hence,Only SharePoint Security context is changed while Windows Security context is not changed.

If you see the code above, WindowsIdentity.GetCurrent().Name is same as the Name of current user making the request which is SPContext.Current.Web.CurrentUser.

So  any call to external systems like DB or WebServices will be made by windows account of the current user. It succeeds or not depends on the permissions that the user have on that external system.

If you want make network calls under the application pool identity  or you don’t have a valid and known SPUser to retrieve SPUsertoken then SPSecurity.RunWithElevatedPrivileges is the only choice.

And also the tokens time out after 24 hours, so they can be used in the code that needs to impersonate users in the case of workflow actions or asynchronous event receivers occurring within 24 hours.After the  SPUserToken object is returned to the caller, it is the caller’s responsibility to not use the token after it is expired.
The token timeout value can be set by using the Windows PowerShell console or stsadm.
stsadm -o setproperty -propertyname token-timeout -propertyvalue 720