SharePoint Conference Seattle, Day 4

So, the conference has already been finished for a few days. I still have some comments about Day 4 around.

IBP302 - Managing the Data in your database using the DataView Web Parts - No Code Needed!

This session got my attention because of the No Code Needed and because ’normally’ data is provided to sharepoint using the BDC. I’ve also used the DataView Web Part to show list data in a different format using XSLT. I knew you could do databases but not that you can edit data entries. Eventually this looks a lot like the DataGridView like you get with normal ASPX applications, only rendering is done using XSLT and you can have different sources (like SPLists). The functionality provided is very powerful and easy to create. For simple database activities this is very nice. A thing I don’t like that this is all done in SharePoint designer. This isn’t really handy for deploying to a customer location using a SharePoint Solution/Feature. There must be some good way to do this, but I haven’t looked into it. We’ll probably end up copy and pasting the ASPX files into a Custom Site Pages project that was shown the day before. This isn’t very nice but it still provides easy development within SharePoint Designer.

There are some small cases where the data editing fails because of data type transformation. This can be solved by changing the CommandSync attribute to false in the code of the data connection. This can all be found in the code view of SharePoint Designer. The command allows you to edit the SQL statement and do a convert() function in the SQL statement.

AG400 - Security under the hood in Microsoft Sharepoint Products and Technologies

This was the second session that I attended from Ted Pattision. The man always speaks very fast and this was again the case. Nevertheless, he provides loads of information and again this session was very useful.

The first thing that Ted does is create a new site using STSADM. If you use the UI you will get extra SharePoint groups. With STSADM you do not. Then he started up MS Access to retrieve information from a SharePoint List. The fun thing about MS Access is that it will not obey the hidden property of a list and simply show it. Now you can view the User list of SharePoint. This list is located on every site and holds the users that are allowed on the site. When you add groups a group is shown in the list. If you add a group and then access the sharepoint site from a user in that group, the user gets added to the hidden user list. This is for auditing, hence you would only know the group. SharePoint Permissions are inherited throughout the site, list and item level. Until you break the inheritance. This also shows a SHAREPOINT\System user that is always available. The SHAREPOINT\System group is used to mask the IIS identity that is really used. This helps security on the front-end. As a SharePoint user you will not know what IIS Identity is used. If you want to do things as that user in code, you should use the RunWithElevatedPrivileges.

The session then went on to show how form authentication works and what you should do to set it up. This also showed how Zones work and what they do. If you want to have Forms authentication and normal AD integration, then you need two zones. For the form based authentication you’ll need a database to store users and passwords. This can be done using the aspnet_regsql.exe program. This simply creates the database that is used when you use the normal ASP.net authentication provider out of the box. You only need two tables from the database, but it’s more easy to create them with the aspnet_regsql.exe program.

Then there was another session to this section, although all permissions are done on a site collection level and inherited. You cannot deny a user access. This can be done within central administration under Web Application Policy settings. Basically the policies defined there overrule the site collection settings.

ECMS207 - MOSS Meets DOD Certification

As you might know, sharepoint has done a DOD 1505.2 certification program. This session was about the (free) add-on package that enables a new record center that is DOD 1505.2 certified. A lot of features where added to do this, downside was that the OOTB record center isn’t available anymore.
Some things that I got from the presentation:

  • Records get a unique ID
  • Non-electronic documents can be stored. This basically provides a stub for a real document.
  • Categories are added so records can be placed in a category
  • The category provides the retention policy etc etc.
  • Search Improvements (search within you search query, different result page, no managed properties needed)
  • Records can be related so it is clear they belong together
  • Security can be based on record category

Conclusion/Final notes

Although this was the last day, some nice sessions where held and it was good seeing those being continued to the end. The event didn’t have a real last session or keynote at the end which wasn’t that nice. In general there was loads of information and I can’t wait to try stuff myself!

Also, it is nice to see that people are actually reading this. This can lead to funny situations at K2 Bar-drinking-events :P