ASPHostCentral.com Sharepoint 2010 Hosting BLOG

BLOG about the newest Sharepoint 2010 Hosting Product

Sharepoint 2010 Hosting :: Deploying WCF Service to Sharepoint 2010

clock July 19, 2010 08:19 by author Administrator

The new packaging and deployment stuff for SharePoint 2010 is certainly a lot better than VSeWSS but there are a few things missing, such as the ability to add a WCF service as a project item. One of these days I’ll build a template to do it but for now here’s a quick step by step guide.

Add SVC file to Layouts folder


To make a Windows Communication Framework service available we need to host it somewhere. Since SharePoint runs on IIS, we need to create a .svc file with details of the service implementation. Of course before we create the file we need somewhere to put it and for the purposes of this demonstration we’ll use a custom subfolder within the %sproot%\TEMPLATE\Layouts folder. We can set up this folder automatically using our Visual Studio project

1. From the Project menu select Add SharePoint “Layouts” Mapped Folder. You’ll notice that a new folder is added to the solution
2. We can now go ahead and add our MyWCFService.svc file. In the Layouts\<MyProjectName> folder. Add a new XML File named
MyWCFService.svc
3.
Replace the contents of the file with the following code

1 <%@ Assembly Name="$SharePoint.Project.AssemblyFullName$"%> 
2 <% @ServiceHost Service="MyProject.MyService" %>



Token Replacement in Visual Studio

Visual Studio 2010 allows the use of replaceable tokens when creating SharePoint solution packages. Our .svc file makes use of the token $SharePoint.Project.AssemblyFullName$ that will be replaced when the package is built, by the 4 part assembly name for the associated assembly. However, tokens are not automatically replaced in files with an .svc extension. Thankfully this is a simple problem to resolve.

1. Navigate to
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v10.0\SharePointTools
2. O
pen the Microsoft.VisualStudio.SharePoint.targets file. You’ll find that this is an Xml format file that defines various configuration settings for building SharePoint projects
3. Find the TokenReplacementFileExtensions element and append svc to the list of file extensions as shown


<%@ Assembly Name="$SharePoint.Project.AssemblyFullName$"%>
<% @ServiceHost Service="MyProject.MyService" %>


Adding WCF service configuration to SharePoint

As well as an .svc file, IIS also needs to reads the configuration of the WCF service from the web.config file. For the purposes of this quick how-to we’ll make the necessary changes manually

1. Open the web.config file for our application (this will be found at C:\inetpub\wwwroot\wss\VirtualDirectories\80\web.config if the application is the first application running on port 80).
2. In the system.serviceModel element add the following configuration details

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<bindings>
    <basicHttpBinding>
        <binding name="MyDemoBinding">
            <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Ntlm" />
            </security>
        </binding>
    </basicHttpBinding>
</bindings>
<behaviors>
    <serviceBehaviors>
        <behavior name="MyDemoBehavior">
            <serviceMetadata httpGetEnabled="true" />
            <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
    </serviceBehaviors>
</behaviors>
<services>
    <service behaviorConfiguration="MyDemoBehavior" name="MyProject.MyService">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyDemoBinding" contract="MyProject.IMyService">
        <identity>
            <dns value="localhost" />
        </identity>
    </endpoint>
    <host>
        <baseAddresses>
            <add baseAddress=”http://localhost/_layouts/MyProjectName” />
        </baseAddresses>
    </host>
    </service>
</services>


Note: In an ideal world we’d add some code to our SharePoint solution that would automatically add the appropriate configuration details to the web.confg file but that's a story for another dayWe’re now ready to deploy the service to SharePoint.



Sharepoint Foundation 2010 Hosting :: Working with Claim-based Authentication in Sharepoint 2010

clock July 8, 2010 08:20 by author Administrator

Introduction

There is a lot of hype about claims based authentication, and unfortunately a lot of confusing jargon.   Our goal in this post is to explain what claims based authentication means in plain English. This includes what it enables, and what it doesn’t enable. We are going to try our hardest not to use any technical terminology beyond the bare minimum.

ASPHostCentral.com, as the premier Sharepoint Foundation 2010 Hosting provider, proudly provides this article to any Sharepoint users and certainly we hope it can help you digest the new feature in Sharepoint 2010 Services. For those of you who are looking to host Sharepoint 2010, you can always start with ASPHostCentral.com as the cost is as low as $9.99/month only!


What is authentication?

Authentication is the process of determining if someone is who they claim to be. It answers the question “Who is this guy really?”

In the Microsoft world, authentication is usually performed by Active Directory.  Foe example: I claim to be Tristan, and I prove this to Active Directory by providing my password. Other systems don’t trust me, they trust Active Directory. Active Directory gives systems a bit of data that says “yeah, I personally vouch for this guy. It really is Tristan.”

Now, if everyone used the same Active Directory installation in the same environment, then that’s all we would need. Claims based authentication is not needed in a simple environment like that

But in the real world, things are different. We face three big challenges:
- Privacy regulations and other pieces of legislation are impacting what kind of information we are allowed to capture and store about users, so in some cases we can’t just demand that people give us all of their personal details
- Businesses want to interoperate with other businesses, and government organisations want to provide more integrated services to citizens. However, different systems use different authentication systems (not everyone uses Active Directory, and even when they do, they have different instances.), and businesses want to integrate in a secure, legally compliant manner


What does claims based authentication do?

Claims based authentication is designed to address the two challenges mentioned above

Claims based authentication addresses privacy and other compliance concerns by requesting less specific, less personal information about people, and by trusting other parties or systems to do the “proof of identity” check

Imagine you have a “sell alcohol to public” ecommerce website, and you are in a country where there are only two laws, called Fantasyland. One of these laws says “alcohol may not be sold to people under 18”, and the other law says “people have a right to privacy and web sites aren’t allowed to track individual people”. (If the law was this simple in real life we wouldn’t need lawyers!)

We’ve got two competing concerns here. Firstly we need to ensure that a user is of legal age, while at the same time we’re not allowed to know who that user is! (Again, I blame the lawyers of Fantasyland).

It turns out that in Fantasyland, the Government has set up a web service that users log on to, which authenticates them based on their citizenId and citizenPassword. It then is able to tell other systems that a user is above 18 or not, without revealing who that user is

So we implement our “sell alcohol to public” website by building a claims-aware system. Instead of building the standard “username and password” login mechanisms, we simply ask the Government’s web service to tell us if the user browsing our site is over 18. The claim that our system uses is a “userIsOver18” claim, and the claim value is either yes or no. We simply don’t build any authentication system at all beyond a simple “if (userIsOver18) then..“ statement

By doing this, we address privacy concerns – we don’t know or keep personally identifiable information – while at the same time ensuring that we don’t sell alcohol to someone under 18

Claims based authentication addresses integration of different systems by allowing communications using open standards, and by providing a platform for developing more specialised ‘identity connectors’ between systems


What won’t it do for me?

Claims based authentication won’t address the lifecycle management of identity information. You’ll need a broader solution to that, but your solution may integrate with claims based authentication systems. How do you deal with new staff? How do you handle staff who are on long service leave? How do you handle fake accounts? Microsoft would like you to use their Identity Lifecycle Management application for this kind of thing

We are going to be a little controversial here, and point out what we believe the biggest limitation of claims based authentication. We believe that what enterprise customers really need is claims based authorization.  Claims based authentication may let our system know that a user is a contractor from a partner company, but it alone won’t let me specify a rule that says “all of my company’s financial spreadsheets must not be seen by contractors”. Not only does claims based authentication not provide this capability, but neither do the role-based access controls provided by SharePoint. In fact SharePoint’s role-based access control model itself is too limited to address this. It still needs substantial improvements

The way industry is addressing this is by producing “entitlement management” systems, for specifying access control rules. Microsoft’s current solution, in my opinion, is strongly deficient in this regard. Yes, you can specify per item permissions for each individual financial spreadsheet. But this imposes such a high maintenance overhead that it is unworkable in practice. In my opinion companies like Oracle are well ahead of Microsoft in this field, but by no means does anyone have a complete turn-key solution


How is it implemented?

The claims-based authentication implementation has a number of components. In simplified terms here’s how the pieces of technology fit together

- From a developer’s point of view, the platform that Microsoft is providing is called the Windows Identity Foundation. This used to be called the Geneva framework. It provides a programming library suitable for building claims-aware applications. This library is also used by SharePoint 2010
- Active Directory Federation Services implements services to create, accept, and transform tokens that contain claims
- Cardspace provides a user interface for users to select which “identity card” they wish to use for a particular system