Monday, August 18, 2014

Checking for User Permissions and Getting UnauthorizedAccessException

In a recent project I have been writing code to check if an arbitrary user can create new documents in certain document libraries. In order to do the check, I used the good old DoesUserHavePermissions method, which is present in SPWeb, SPList and SPListItem objects (securable objects).

SYMPTOMS

When using DoesUserHavePermissions() method on a securable object, you get UnauthorizedAccessException.

CAUSES

There are multiple causes for this behavior.

FIrst, the current user context is such that the current user has no rights to enumerate permissions on the SPWeb/SPList/SPListItem object. If so, the exception will be raised.

So, your first inclination is to use RunWithElevatedPrivileges to check the permissions. However, it also throws the same exception. The cause is a token check that the DoesUserHavePermissions method includes in its code (as explained by Phil Harding). The user token is compared against the current user. Somehow, the user token for elevated object is not the same as the current user in the context and the exception is being thrown.

SOLUTION

I managed to solve this issue by explicitly opening the securable object with a System Account token, instead of using RunWithElevatedPrivileges.

SPSite site = // get your normal reference for the SPSite/SPWeb/SPLIstItem object;
SPSite elevSite = new SPSite(site.ID, SPContext.Current.Site.SystemAccount.UserToken);
bool hasPermissions = elevSite.DoesUserHavePermissions(arbitraryUser, arbitraryPermission);






Sunday, June 29, 2014

Access Denied with RunWithElevatedPrivileges

A strange situation happened to me few days ago, when checking a portion of SharePoint 2013 server-side code on a custom form. Basically, it uses RunWithElevatedPrivileges to check that the current user has access to a certain site and certain libraries, before uploading the file to a content organizer enabled library.

The Symptoms

The code that runs with elevated privileges on a POST event triggered "Access Denied" errors when trying to access SPWeb and SPList objects. The objects were declared under the elevated privilege code block but the ULS logs still show the "access denied" errors.

The Cause

According to MSDN blog the code running with elevated permissions has to validate the form digest before entering the elevated permissions code block. If not, it might give "Access Denied" errors.

The Solution

Just add SPUtility.ValidateFormDigest(); before the elevated permissions block and the "Access Denied" errors dissappear.

Tuesday, June 10, 2014

Business Value of Social Computing (II)

Note: This is a second post in the series. You can check the first post to refresh the concepts.

In the first post I have defined what social is and what components it has. In this post I will explain why social is used in the companies. As always, a certain technology is not used because it's brightest and shiniest thing out there (a strategy which works well with techno-addicts). It is used in companies because it helps to achieve a desired goal that has nothing to do with the technology.

So, the first component of "why social" is to find what we want to achieve with social. The answer to this question has to be technology-free and has to map with the business objectives of the company.

Social | Wood Human figures

But what happens when you have no clue about what social can be used in your company? Well, then you check what the majority of the companies is using it for and then extrapolate for your own needs. So, let's see how social pioneers (the early adopters) use social.

In a 2013 social business study by Sloan Management and Deloitte, there are four main business objectives in the companies that are achieved with deploying and using social computing:

#1 To better understand the market

The most frequent use of social is to gain better insight into the market shifts. How can social help us there? Well, the answer is that social fosters quicker information exchange that gets timely answers to the market analysts. There is no quicker way, except for watercooler chat.

#2 To identify internal talent

The second most frequent use of social in the enterprise is to identify the subject matter experts around a certain topic. As social technologies allow for quick and easy content creation, tagging and gamification features in social can increase the visibility of the people who post valuable content. In a certain way, the social uncovers the "informal organization chart" of the company, centered on the knowledge and not the hierarchy.

#3 To improve visibility into operations

Social is also used to add greater transparency and visibility into the daily grinding and routine in the company. It is more direct and personal than a weekly statistics review sent to all the company by email. The social platform is also a great outlet to publish metrics that add insight into the company operations.

#4 To improve strategy development

Collaborative strategy development is enabled with social. Strategy can be discussed in more open, honest and productive way using social than organizing formal meetings. Sometimes, the valuable insight into the strategy is provided by the subject matter expert that is unlikely to be present in a more formal discussion.

And you? What do you use social for? I'd like to hear from your experiences.

Post photo: by jdhancock

Tuesday, April 29, 2014

Speaking at the European SharePoint Conference in a Week

The European SharePoint Conference is less than three weeks away and I’m delighted to be part of such an exceptional line up. The conference will take place in Barcelona, Spain from the 5-8th May 2014 and is Europe’s largest SharePoint event bringing you great sessions and the latest innovations from Las Vegas.

clip_image002

Browse through the superb conference programme including 110 sessions, keynotes, and tutorials, including topics covering the latest news from SPC14 including what's new with

  • SharePoint 2013 SP1
  • Office Graph/Oslo
  • new Office 365 REST APIs
  • Access AppsCloud Business Apps

I will be conducting a session called “Social Business Value Demystified: Real-World Experiences” aimed at Business Decisions Markers and End Users.

In this session I will outline why social technologies are useful for the business and how to align them with the business value. I will focus not on the technology but the reason why we use it. The rationale for this session topic is sharing what we have learned from the customers that use our best-of-the-breed social network for SharePoint on premises: Beezy.

Get a free whitepaper about the 4 Enablers of a Social Intranet.

The European SharePoint Conference will be run over four days and with over 1000 SharePoint attendee’s already signed up don’t miss this fantastic opportunity to mingle with the European SharePoint Community.

If you want to deepen your SharePoint expertise, to understand the trend of the SharePoint market, and to learn how to leverage Microsoft Office 365 for your business, including the revolutionary Enterprise Social wave, the European SharePoint Conference is the best place to be in 2014!

Prices start from €1150! There is also special group discounts for bookings of 3 or more people.

Book Now and I’ll see you in Barcelona in May

Friday, April 11, 2014

I Have Been Renewed as MVP for Second Year

On the April Fools Day, I have received the confirmation that my MVP Award has been renewed. I wish to thank to everyone who made it possible: the conference and community event organizers, the sponsors, Microsoft community leads and, of course, the attendees that come to the community to learn, mix and network. Thank you very much!

mvp_logo

This year has begun with me speaking at SharePoint Saturday Stockholm in January. Then, the most expected SharePoint event of the year: Microsoft SharePoint Conference 2014 in Las Vegas. Right now on my radar there are three more events: SharePoint Saturday Belgium later this April, the European SharePoint Conference Barcelona in May and SharePoint Summit Toronto in late May.

The community work never stops.

Saturday, March 29, 2014

Business Value of Social Computing (I)

Hello there! I'd like to start a new serie of posts where I want to hightlight and demystify the benefits of introducing and extending enterprise social networks (ESN) in companies. There is a lot of material online about the social networks, with diverging and even contradictory findings. I would like to present a summary of the most important points that link social networks and business. I will not talk about a specific technology such as Beezy or Yammer or SharePoint, but about the underlying business value.

In this first post I will focus on defining the subject at hand.

What is Social?

The first thing to define is the "social" we all talk about. If we look up the origin of the word, it comes from Latin "sociālis" and it means "of or belonging to a companion or companionship or association". It further refers us to Latin word "socius" which means "a companion, fellow, partner, associate, ally". As you can see, the word "social" always means something that is shared among our companions, it is always something that belongs to more than one person.

The term "social networking" is also defined in the dictionary as "the interaction between a group of people who share a common interest". This is the definition that is more important to us. It highlights that we engage in social networking to interact with other people that share a common goal or interest.

Up to now, social and social networking doesn't mean that we use technology at all. We exercise social networking when we chat with our friends over a beer. But, when we introduce social networking in the corporate world, we find that the clear-cut definition we had until now transforms into several enterprise social networking definitions.

In order to establish a baseline with the keywords that will help us later on, let's define "enterprise social networking" as a combination of three factors orbiting around the concept of communities.

Communities, People, Activities and Content

image

  • Community
    • A community is the group of people that share a specific interest. The whole idea of social network is intimately related to the concept of emerging communities. Communities can arise around a certain interest common to the members (communities of interest or practice) or around a common feature that the members share (departamental, gender and geographical-based communities). However, the concept of community is that it always revolve around something common to more than one person.
  • People
    • The members of a community and the participants in the social network. The people contribute their individual diversity to enrich a community with their activities and content.
  • Activities
    • People post statuses, ask questions, look for answers and rank the information and people in the community. All these discrete actions are called activities.
  • Content
    • The information contributed by the people with their activities inside the community. A community without content is possible, but it is not a healthy community.

Now we should have a clear meaning of the factors that interact in a enterprise social network environment: the communities, the people, the activities and the content. With this in mind, we can review what social is used for in the corporate environment.

Friday, February 28, 2014

SharePoint Conference 2014 and Scalable App Architecture Talk

Tomorrow I will be flying to Las Vegas, for my third SharePoint Conference there (you can see my impressions from 2009 and 2012). This time, I'm honoured to be a speaker.

imageBeezy-logo-M

By the way, I can't believe that it has been 5 years since my first SharePoint Conference in Vegas. Time really flies.

Beezy at SPC14

My colleagues from Beezy will also be present at the conference, showcasing our best-of-the-breed enterprise social network for SharePoint. Please visit them at the booth #1140. You'll find out what Beezy is and how it can help you embrace social computing at work.

The idea for my talk came out of Beezy development. We had to design Beezy for high scalability, as it was going to be used in companies with tens of thousands of users. I have envisioned a talk that summarizes the key tenets and practices for scalable applications, especially at the back-end (API end). It's a topic that hasn't really entered the mainstream programming in SharePoint, but with the app model that exposes your app to potentially millions of users, it should be gaining wider audience.

7 Tenets for Highly Scalable Apps for SharePoint 2013

My session is about highly scalable apps for SharePoint 2013 and how to architect the solutions for scalability. There are several techniques that can be used to achieve scalability, such as aggressive and distributed caching, queuing, using non-relational storage, using non-blocking async calls and so on. I will try to give a glimpse of those techniques and to enable you as a developer to use those new tools in your toolbelt.

Are you attending SPC14? Join the conversation at Yammer about my session! Ask questions and post comments to help me make the session live up to your expectations.

Ongoing Sample App Code

I have also started an ongoing scalable app demo (https://bitbucket.org/ekapic/scalable-app) that I intend to evolve to a complete example app built with the core messages of my session. Right now I have the source code that I'll use in my demos, but I will keep adding the app code in the next months. You can find the ongoing demo app code hosted at BitBucket. Feel free to fork it as you wish.

See you all in Vegas!