Day1 – Dev
Sharepoint sits on top of ASP.NET.To properly use Sharepoint you need to know ASP.NET – which implies that you need to know the .NET Framework. IIS – Internet Information Server.ASP.NET – http/ html/ css / javascript. Microsoft Operating system. Portal is one of the features offered by MOSS.
Sharepoint separate from MOSS: Sharepoint: Use tools to provision things that are needed. Everything is designed for end users to do it themselves.
Sharepoint Products & Techy :
[Server side products]
Underlying techy of all: Win Sharepoints Services,Visual Studio Team foundation server ,Project Server, Search Server, M Off Sharepoint Server, Sharepoint Designer
MSPC: Mic/ Server Project Central
next version: MOPS : Mic/ Off Project Server. Location for participating in project.
MSS: M/s search server, MSS express.
Sharepoint Designer: Client side software that allows us to connect with Server,
with the protocol (Frontpage protocol – Sharepoint protocol – basically HTTP XML over Http)
===========
SITE
===========
Collaboration:Centralized location, restricted access,content of site, auditing.
= Provisioning Sites: Web site.
Any application that has X number of instances each of which that has
totally different security policy then use Sharepoint.
Sharepoint allows end users to create and manage their sites.
http://www.ms.com/sql/default.aspx
protocol – hostname [includes port number] / site / path / querystring
Site is a web site : url identifies some storage on some server: Could be files/folders.
hostname + / is always needing to be there.
Authorization first and then authentication?.
Site: Storage space, quota and access control.
Sites.
Site: all sites administered from one page.
Load balancer: content replication.
backups. Any person or team can create a site without involving admins
In a healthy share point env there should be lots of sites.
Site: Like 1 doc / 1 site
==========
LIST
==========
Data storage and user interface. Can have fields or columns which can vary.
Edit items in list. Now. List structure can change at any given time.
API to manipulate the behavior exists.
Items are used as against sets.
Items : Insert once, update many times. List are optimized for updating.
Querying lists are not flexible. Cannot normalize and joins – not right purpose.
There can be no relation between lists.
Look up allows a column and list and picks values and keeps a copy.
Updates in source list are reflected in the look up list.
If you delete items in list but lookups deletes are not mantained.
Unless that look up item is being used that delete will be operational.
Cascades dont exist because no refrential integrity exists.
Data in list is self contained. List can contain items which have different fields.
Items can have attachment / files.+ Item can be versioned. +
Items can be put to workflows.
Access control can be applied at list level or at the item level.
Approvals are available: Default 1 step approval is available.
Auditing : IS BUILT in for ALL ITEMS and basic AUDITING: who created, modified, when.
Cannot be switched OFF.
RSS and Alert mechanism optional existing in List.
Special kind of list is a Document Library (Faked though actually a LIST).
Document Lib looks like file is the attachment.
Items in LIST exactly have ONE Attachment.
Date and time data in list is adjusted for local timings.
Site’s regional settings are applied.
Template: Layouts. (Lists: Fields/columns/ Sites: Lists and features , default data)
WSS : Core sharepoint technology + Templates. (This is free)
MOSS: Core sharepoint + template + services.
Service: Extra Facility,
SWAS : Sharepoint web application service,
WSSS : Windows sharepoint services search,
BDC : Business Data Catalogue.
Incoming Email Service: Send email to list. Mainly works in Document Libr and dicussion forum.
Outgoing email service: Alerts
Document Conversion Service
Sharepoint timer service: Scheduler (Sends alert etc..)
Web content management:M./s Sharepoint Publishing.
Each
Single Sign On.
Mind sites: Every user to have a site unique to them.
M/s Office Server Search: Search Sharepoint sites and other places and have one result.
Excel services: To see recalculate excel worksheet.
SITE has templates, Templates define which library to use!.
LIST can have pages as items that is Page Library.
When to use Page Library:
When we need to create frequent pages? and need access control, auditing on them.
Looking at URL difficult to determine Site or List page?
So demo usage can be done with WSS can be told which is Moss server, can determine usage from WSS
WSS: Packaging of only core sharepoint technology.
All the others, carries their own packaging: MOSS: Also carries core technology. So does project server.
SQLServer : Reporting services not built using Sharepoint. Can be appended with wss.
Use SP : For Collaboration involves SITES and LIST.
Not USE : Web content mgmt / Doc mgmt: Features existing but
SHOULD not be the core reason for using Sharepoint.
Preserve data: as far as possible.
+++++++++++++
Site collection
Site Definition = Site Template = avg number of pages available to each collection
Eg: Tags,MyForum Msgs, etc pages part of site definition.
At site collection level we can either :
(a)create more sites and workspaces
(b)Or creates pages as part of page library.
To determine level of site collection: one needs to determine
(a)ease of administration
(b)amount of access restriction
(c)search operation that would be required across what all components/data?
So taking into consideration we define the site collection.
Office Excel 2003 can update list but office excel 2007 cannot up but only retrieve.
Office Access 2007 can do but pull/push.
+++++++++++++++++++++
~ Provisioning space: Creating a folder.
ACL: Acess Control Lists: AC Entries : Who can do and on what ?
Processes on microsoft OS runs as a particular USER.
And this process is granted rights in IIS, application pool worker thread – by
default an account called Network Service is used.
User -> Role -> Permissions.
Group : Collection of Users.
Group -> Permissions.
IIS_WPG : Group rep any user who is to get process to read files.
NTFS: Read , Read & Execute, List folder contents. Upload files.
Impersonation is ON by default? Where and HOW ?
Servers receives and validates the request and fulfills the request by acting as the user.
How does IIS get the information?
Anonymous access is not allowed . So server sends a challenge back.
Challenge:
Challenge info
What auth format required. (one or more)
If more than one, then browser chooses and returns one of these,
Browser if it doesnt support and it gives error.
So browers resends information: with BASIC auth, DIGEST auth, WINDOWS INTEGRATED.
Authentication at server. If invalid user/password issue challenge 3 times.
While that session is on – each time the browser resends the information.
If impersonation is off – then all steps except that fact logging takes place but impersonation does not take place.
DIGEST: Hashing of the username and password. Server cannot be decoded.
So, the server has to login as a user. In this case it will give a hash.
And in this the samAccountName and Password: Hash value will be also stored.
So both browser and AD will use the same logic for hash.
Storing digest hashes is lowering your security as per AD.
WINDOWS INTEGRATED: No kind of user information is passed from browser to server.
Instead browser passes a token to server. A token is issued by security principal.
This token is auto refreshed by machine from time to time.
Group of machine with common security policy and one principal which is AD.
Token came from one’s own machine so no one can authenticate.
Authentication happens at browser level in this CASE ONLY.
But if my machine connects to domain AD. Then the token is passed from my machine to another
which is also part of DOMAIN. So token can be authenticated.
two domains – but server will trusts the client domains. (Trusted domain)
If token is not authenticated then the browser pop ups – this pop up is OS specific one.
Browser tries to connect to DOMAIN of the server,
or contact the sam Service of the Server, NETLOGON Service .
The server has to understand this.
Protocol : NTLM SAM OR Kerberos if using AD.
BAsic/Digest: Auth at server level. Identity can be passed to other servers.
WIn Integrated: Auth happens at the browser. To pass identity to other servers, you need to have
Kerberos with AD otherwise cannot be passed to others.
USERS: Group name : Give read permission to all incoming users.
ANONYMOUS USER:
Users:
Process Auth : IIS_WPG: Group name (if impersonation is off then process id)
Incoming user: Could be any group:
Anonymous user: (anonymous user can be set for per resource basis, if impersonation is on,
then web server tries to impersonate the user
Default anon user is : IUSR_ )
Good practice to give anon DENY_WRITE permissions.
Permissions of two kinds :
Allow and Deny. DENY > ALLOW permissions if both given.
Group called administrators: SYSTEM: is given full control.
Create a directory and then putting quota and controlling what goes in and out
and permissions on file system are complex.
Goes in DB : Anything generated by users goes in database: pages/files with aspx and lists.
Administration stuff, developer stuff, stuff using which sharepoint runs:
some of it not stored in DB.all installations/sites admin config stuff: _layouts.
Configuration settings determine how a sp. app going to behave. Metacontent.
1 Configuration DB: Mandatory, Configuration DB has all data about web farms.
Content DB for sites:
Configuration DB keeps refc of where to look in ContentDB : for site collection info.
It keeps listing of this in config actual data is in content DB.
No more creating directories and permissions.Quotas and preventing certain files from going is taken car eof
Replication is unnecessary.
Web Farm: Set of web server machines.
So ALL sharepoint content is NOT stored in file system.
ALL Sharepoint content is managed by Sharepoint.
In IIS there are two concepts:
1. First is web site identified by a unique combination of IP address and port no. and host header.
2.
3. Host Header : Name used to make request.
Passes a header saying: the header that was used to make request is http://www.m.com
Individual web sites have to differ from each other.(ip/port/host header).
Dont use IP add : use names.
Not healthy to work with machines with IP since a single machine can have multiple IP address.
One that IP addresses can change.
Number of services which will work differntly.
This directory can then be accessed using the URL./ Path.
Host header and port:
IIS: Read permission on web site needed. web server and file system permission are to be set.
Web Site != Application
Web site can be full web site
Or part of Application.
Application: Web in IIS6 there are multiple processes running.each of these with unique process id and
application is what maps the web site to one of the processes.
Application Pool = process ID = W3wp.exe which responds with http requests.
Configuration that can be done at pool level.
Sharepoint concept called : Application. (IIS Web site = HostName part of URL can have multiple site collections)
SP creates directory in physical file
and Assign permissions
Content DB is created.
IIS Metabase: Entry needs to be created
Sharepoint does this for us.
Create application in sharepoint = an IIS web site.
entry in IIS which says. combination is = web site.
SQLServerExpress: 4 GB max size.Different levels of access.
Site collection can have any number of sites. at least one site : ROOT site.
Identified by URL of that root site. SITE url’s are relative/ BELOW to the root site.
The root site is relative to the Application which is the host name.
That site might be the root site of the site collection.
So Eg: / – only root site
/hello – it belongs to root or it could be root side of its own site collection.
Or /sites/A
/sites/B is root site of complete difft site
MANAGED PATH:Basically when a request comes to sharepoint application sharepoint looks at the path of the request
The hostname is used to the route a particular copy of sharepoint.
Is this path managed by me? IF not give it back to web server.
Two kinds of managed path:
1.Explicit managed paths: anything on or below the path is managed by sharepoint.
/ is Explicit: Means nothing is unmanaged.
2.Wildcard managed paths: wild card means everything below that path is managed by sharepoint.
/sites
(Everything below sites is managed)
Sites and site collections can be existing on managed path.
Use the above concept to keep sites (managed and non managed) on same host header.
Virtual Directory:
web site is a physical directory connected to host header.
if that dir has sub dir then http://df/sub-dir/file
Virtual dir takes a real dir and map it to a given url path.
Default Web site:
Application: Settings security and
Each web application can have its own security settings
In sharepoint only ONE application Pool per WEB SITE = Per Application
In IIS different application pools per application : can be defined.
Sharepoint version 2.0 was as a filter
sharepoint 3.0 doesnt use its own thing but uses .net handler.
===================================
ASP.NET
===================================
Modules and handlers:
Module just puts additional functionality.
Before response is being sent – it looks at the file and inserts footer info.
Handler: I will take over everything including calling modules,
IIS wild card handler.
aspx.net,asphx,apax.
ASPNET_ISAPI.dll
Page Handler
ASMX Handler
.NET Framework
Memory management is automatic.
First request comes : ASP.NET creates application domain and dies only after certain
amount of idle time. web.config is the configuration.
.NET framework does a generic configuration
Machine web.config
Root web.config
Your web.config : Not all can be overriden.
==================================================
By default top level web site is an application
sub sub directory can be created as an application i.e to have separate application pool and security settings.
CLR : 1 /1.1 /2.0 /
.NET: 1 /1.1 /2.0 /3.0/ 3.5
with 3.0 /3.5 you also install 2.0 + certain extra lib = windows workflow foundation
Asp.net for sharepoint is dependent on 2.0
==================================================
Service unavailable: Permissions are not available to access the resource.
CONFIG folder:
BASIC: machine.config
web.config
root web.config
sub dir web.config
Default setting authorization : allow all.
web.config
Authentication mode = windows – let IIS take care of it.
Alternative is authentication = forms – then ASP.NET problem and then we have to validate,
some settings can only be there in the root web.config
one example is : authentication only at root
Authorization can be at root or at sub directory. can be anywhere.
First request: takes time
App domain
Request for aspx page – hands to page handler factory
Reads the aspx page and spits out files which are source code in c# or vb.net lang
and this src code is compile in dll and these dll are loaded in process and these are executed.
Within the lifetime of application domain – only ONCE.
So if we restart server, or idle time , or change web.config.
App domain keeps an eye on the web.config / aspx/ c# etc. – if a change is made immediately the appdomain dies
and is recreated.
How does the src code file get generated?.
<asp:Label : Controls creats a new Label
When does it get generated?
Temporary ASP.NET Files: (process identity do not have permission)
All src code compiling before impersonation.
Custom control needs to be added safe control to share point's safe control list.
Safe Parser:Share point replaces page.parser with safeparser
Sharepoint is written 100% asp.net technology.sharepoint sit on top of IIS. Sharepoint uses wildcard handler.
techzen.wordpress.com 