Friday, January 22, 2016

How to upgrade SharePoint from one version to another version without any downtime

Hi All,

Today I want to share about how to upgrade SharePoint farm from one version to another version without downtime. This is the best approach when we are working on business application where we can not take down time or we can say where will have impact on business if we take down time like banking applications.

Here we need to set up Disaster Recovery farm has been set up with SQL Server AlwaysOn.

Now follow the below steps to upgrade SharePoint farm.

Step 1: Leave users going to primary site and meanwhile patch disaster-recovery/secondary site.
    1. Ddetach the content database from the DR farm 1st, as PSConfig will fail to finish the upgrade while these databases are still connected to the farm & in read-only mode (as the DR site will still be the secondary replica in SQL Server).
    2. syntax: Dismount-SPContentDatabase <ContentDB GUID>
    3. PSConfig will update all databases except the content databases.
    4. Re-attach the content databases, and maybe even run an incremental crawl if you want your indexes to include updates since the content DBs went offline.
    5. Syntax: Mount-SPContentDatabase <databasename> -DatabaseServer <db_server> -WebApplication <webapplication_URL>
    6. Verify SharePoint is happily working again on the DR site – check logs, site-access etc

Step 2: Switch users to the upgraded DR site + failover SQL Server to use the secondary node as the new primary. SharePoint on the DR site will use the content-databases in compatibility mode but with read/write access.
There will be a service interruption while this simultaneous databases + user switchover happens. Might want to make the switch at night, for example.

Step 3: Patch primary farm, now that users are on the DR site.
Once the normal farm is verified as healthy again, failover users there again if you so wish.
Both farms are now upgraded with content-databases in compatibility mode.

Step 4: On the farm with read/write access to the content-databases, finish the upgrade with Upgrade-SPContentDatabase. This may cause some read-only access while the upgrade is happening but it’ll be much less read-only time than the safer method below.
This is the preferred way: read/write functionality still works for users almost without interruption. This full functionality is available much more than was previously possible as AlwaysOn lets us switch primary servers back & forth trivially.

Shortly: upgrade DR farm 1st (with content DBs disconnected) while users still use the primary farm. Then reconnect content DBs, switch users + content DBs at the same time to DR farm once the DR farm is upgraded. Once everyone’s on the DR farm, upgrade primary farm. Finally upgrade content-databases in PowerShell.


Tuesday, January 19, 2016

How to retrieve all items from list (having more than 5000) using CSOM?

Hi All,

As we know that by default the Threshold limit to retrieve litem from a list is 5,000 and OneDrive for Business has a 20,000 limit.
So any list with more then 5,000 items can cause some problems in your apps.

Luckily CSOM allows you to retrieve all items by using the ListItemCollectionPostion. Every time you execute a query for list items, you will be presented with a ListItemCollection that contains the ListItemCollectionPosition.

If that ListItemCollectionPosition is not null you can use that position to execute the same query again, however with a different starting point. This way you can ‘loop’ through all items in a list and construct an object that contains all your items. By putting everything in a while loop you are making sure that you will retrieve all items.

string siteUrl = "http://MyServer/sites/MySiteCollection";
ClientContext clientContext = new ClientContext(siteUrl);
Web site = clientContext.Web;
List targetList = site.Lists.GetByTitle("Announcements");
CamlQuery query = new CamlQuery();
query.ViewXml = "<View><ViewFields><FieldRef Name='Title'/></ViewFields><RowLimit>10 </RowLimit></View>";
ListItemCollection collListItem = targetList.GetItems(query);
string msg = "Titles, 10 at a time:\n";
foreach (ListItem myListItem in collListItem)
msg += "\nTitle=" + myListItem["Title"];
ListItemCollectionPosition position = collListItem.ListItemCollectionPosition;
msg = "";
query.ListItemCollectionPosition = position;
collListItem = targetList.GetItems(query);
position = collListItem.ListItemCollectionPosition;
foreach (ListItem myListItem in collListItem)
msg += "\nTitle=" + myListItem["Title"];
} while (position != null);

Monday, January 18, 2016

Limitations with RunWithElevatedPrivelege in SharePoint

Hi all,

I just want to share couple of things about security issues with RunWithElevatedPriveleges in SharePoint.

Elevated Privilege can be used to bypass or work with security, and can be performed either through SPSecurity or through impersonation techniques involving the SPUserToken and the SPSite class.

Avoid using SPSecurity.RunwithElevatedPrivilege to access the SharePoint object model. Instead, use the SPUserToken to impersonate with SPSite. If you do use SPSecurity.RunwithElevatedPrivilege, dispose of all objects in the delegate. Do not pass SharePoint objects out of the RunwithElevatedPrivilege method.

Only use SPSecurity.RunwithElevatedPrivilege to make network calls under the application pool identity. Don't use it for elevation of privilege of SharePoint objects.

Here the sample code to show what is the issue with RunWithElevatedPrivileges.

SPList taskList=null;
      SPSite elevatedSite = SPContext.Current.Site;

      using (SPWeb elevatedWeb = elevatedSite.OpenWeb())
           taskList = elevatedWeb.Lists["Tasks"]
//This code will succeed even outside the block as it is accessed via elevated SPWeb. Hence Security Risk.

Always use the SPSite constructor with an SPUserToken to create an elevated privilege security context in SharePoint.

This is most recommend way and best practice  to perform impersonation in context of SharePoint. However,When using SPUserToken, you need ensure that the user exists whom you are impersonating, and that user has the proper permissions. In production scenarios, you may not know the user in advance and this technique may not work
Below is the example to impersonate SHAREPOINT\SYSTEM account.
SPWeb oWeb = SPContext.Current.Web;
SPUserToken token = oWeb.AllUsers[@"SHAREPOINT\SYSTEM"].UserToken;
using (SPSite elevatedSite = new SPSite(oWeb.Site.ID, token))
    using (SPWeb elevatedweb = site.OpenWeb())
      // Perform administrative actions by using the elevated site and web objects.
      // elevatedWeb.CurrentUser.LoginName gives SHAREPOINT\system
      // WindowsIdentity.GetCurrent().Name gives current logged-in username i.e. SPContext.Current.Web.CurrentUser.LoginName.
      // Hence,Only SharePoint Security context is changed while Windows Security context is not changed.

If you see the code above, WindowsIdentity.GetCurrent().Name is same as the Name of current user making the request which is SPContext.Current.Web.CurrentUser.

So  any call to external systems like DB or WebServices will be made by windows account of the current user. It succeeds or not depends on the permissions that the user have on that external system.

If you want make network calls under the application pool identity  or you don’t have a valid and known SPUser to retrieve SPUsertoken then SPSecurity.RunWithElevatedPrivileges is the only choice.

And also the tokens time out after 24 hours, so they can be used in the code that needs to impersonate users in the case of workflow actions or asynchronous event receivers occurring within 24 hours.After the  SPUserToken object is returned to the caller, it is the caller’s responsibility to not use the token after it is expired.
The token timeout value can be set by using the Windows PowerShell console or stsadm.
stsadm -o setproperty -propertyname token-timeout -propertyvalue 720