A SharePoint Consultant's Blog : Think Parallel

Launch for new Interface of GCAA website : http://www.gcaa.gov.ae

thinkparallel — Sat, 23 Oct 2010 20:18:41 +0000

At last many sleepless nights and late sittings in office or office’s VPN, today we launched the new interface for General Civil Aviation Authority New Web Interface @ http://www.gcaa.gov.ae

All credits goes to the IT Team especially members as myself, Faraz Khan, Aijaz & Ameer ..

Roles as below:

Aijaz as Graphics Designs
Ameer helping in HTML & compatibility for all web browsers.

Core Development:

Muhammad Faraz Khan & Syed Raheel Ali.

InshAllah tomorrow morning will be the Official Launch.

Good luck guys. I am tired and really need to sleep

GCAA IT Team Awarded for the 3rd Best E-Content 2009

thinkparallel — Wed, 03 Mar 2010 22:29:32 +0000

GCAA IT Team Awarded for the 3rd Best E-Content

Category : GCAA, Date : Feb, 11 2010

11 February 2010

Abu Dhabi, UAE: The Information Technology (IT) section of the General Civil Aviation Authority of the UAE (GCAA) was felicitated in a ceremony to acknowledge the efforts of the IT team that leaded to the GCAA being awarded as the 3rd ‘Best e-Content Website in the Gulf Region’.

Saif Mohammed Al Suwaidi, the Director General of GCAA awarded all IT team members with certificates and token of Appreciation. The Award ceremony was held in the presence of Mr. Waleed Hashim, Director of Finance and Administration and Mrs. Ayesha Al Zaabi, Manager of Human Resources.

Al Suwaidi expressed his appreciation for the efforts of the IT team and encouraged them to aim even higher for the next year.

Mohammed Al Shehhi, IT Manager of the GCAA said: “We are extremely grateful, as a team, to have received this honour and recognition for the efforts the GCAA has initiated to enhance customer support through the internet. It is both a sense of National and Organisational pride to have won an award that promotes higher standards of service excellence across the GCC.”

He also thanked the Director General and Management of the Authority for their continuous support and encouragement, and assured improvement and full dedication on behalf of the IT Team.

Al Shehhi added: “The development of better IT support systems and advancements in the field of technology are key factors in positioning an organisation as leaders in quality and customer care. The creation of such an award ceremony encourages all government and service sectors across the GCC to enhance existing IT structures and services to surpass existing world class standards.”

GCAA Announces Launch of ‘Reporting Of Safety Incident’ (ROSI) Program

thinkparallel — Wed, 03 Mar 2010 22:27:26 +0000

GCAA Announces Launch of ‘Reporting Of Safety Incident’ (ROSI) Program

Category : GCAA, Date : Jan, 04 2010

Effective 1 January 2010, ROSI to Create a Centralized Reporting System Across UAE Aviation Authorities; GCAA introduced 24 hour/7 days a Week Duty Inspector on January 1st 2010.

03 January 2010

Dubai, UAE: The General Civil Aviation Authority (GCAA) of the UAE launched an air safety incident-reporting program, the Reporting of Safety Incident (ROSI) Program, on 1 January 2010 as part of its new mandate to centralise aviation safety incident reporting across the UAE.

“We recognise the need to constantly improve processes and systems for managing risks effectively; a centralized reporting will ensure effective communication and coordination necessary for higher records of successful incident management,” said Ismaeil Mohammed Al Balooshi, Director Aviation Safety at the GCAA.

With the unprecedented growth seen in the country’s aviation industry, the new program underlines the GCAA’s commitment to deliver both safety and quality processes of world-class standards.

—-

At the end there was a feedback and technical questions & answers session between audience and Eng. Syed Raheel Ali (GCAA E-Services Development Team Member), on behalf of GCAA IT; he also included the future technical enhancements and upcoming features & updates on ROSI Program.

The highlights of the presentation were, the importance of centralized incident reporting and the procedures to report through GCAA website.

Complete Read here : http://www.gcaa.ae/En/Pages/NewsDetails.aspx?NewsID=133

Obfuscation in .NET

thinkparallel — Mon, 06 Jul 2009 06:19:52 +0000

Obfuscation in .NET

Prevent Your Source Code from Being Open Source

With so many decompilers available in the software industry today, your application’s source code faces security threats from a variety of prying eyes. This alludes to the potential loss of your intellectual property. But what makes this possible? .NET reflection, ILDASM.exe, and .NET decompilers.

So, then, what’s the solution? This potential threat has facilitated the development of a technology called obfuscation.

What Is Obfuscation?

Without changing its functionality, obfuscation protects source code from being disassembled/decompiled. This is a technology that makes the .NET assemblies more difficult to decompile and impedes the reverse-engineering efforts, hence, protecting the source code from potential threats. Obfuscation works by shrouding the facts in your code. Encryption suffers from the drawback that it needs to keep the decryption key along with the encrypted data. Therefore, it is possible to decrypt your source code. On the other hand, obfuscation can increase the protection against decompilation to a great extent, while leaving the application’s functionality intact.

Why Obfuscate?

There are several reasons why we should obfuscate:

Obfuscation reduces the size of an executable
Obfuscation improves the application’s performance at run time
Obfuscation protects intellectual property

How Does It Work?

Obfuscation encrypts the source code and removes some unnecessary information from the assembly metadata when it deems that it is safe to do so, thus making the assembly more difficult to understand or read after it is decompiled. The assembly metadata and manifest are used by the dissemblers to decompile them and get the original source code. Note that even if an application is compiled to native code at the time of execution, the Microsoft .NET runtime environment still requires that the assembly metadata and IL code be embedded in an assembly before it starts its execution. There are a number of techniques that can be used to obfuscate. However, the disadvantage of obfuscation is that it can affect performance (but not to a great extent).

Obfuscation never changes your source code. Rather, the obfuscators obfuscate your assemblies using a specific encryption methodology and transform them into another assembly that is obfuscated, but the functionality of it remains unaltered.

How to Obfuscate?

Obfuscation in .NET can be achieved by scrambling the meaningful names in the assembly metadata with non-meaningful ones and trimming the non-essential metadata, but without affecting any functionality. The techniques used include, but are not limited to:

Changing the Assembly Metadata
String Encryption
Size Reduction

Is this the Best Solution?

Unfortunately, the available obfuscators are unable to completely protect your intellectual property. Even if obfuscators can be a good tool for preventing most decompilers from stealing your code, if you are determined and possess a good knowledge of data structures and algorithms, you can steal the code even from an obfuscated assembly. So, obfuscation can be a good solution, but there is no software that is absolutely safe.

The Future

Microsoft realized the importance of this technology and introduced the Dotfuscator tool for obfuscation with Visual Studio .NET. In addition, these .NET obfuscator tools are available:

http://www.junglecreatures.com

http://www.9rays.net/Products/Spices.Obfuscator/

Obfuscation is a very powerful technology and will continue to be a part of the application build and deployment process in the years to come.

Working extensively in Microsoft technologies for more than 7 years, Syed Raheel Ali is a Senior Technical Team Leader / SharePoint Consultant for a company in a Dubai, UAE. His programming skills include C, C++, Java, C#, VB, VC++, ASP.NET, XML, and UML. He has worked with .NET and C# for more than five years. Reach raheel at mailto:rahil.alee@gmail.com.

Deployment for 2007 Microsoft Office SharePoint Server

thinkparallel — Fri, 26 Jun 2009 17:38:30 +0000

SharePoint and ASP.NET Integration

thinkparallel — Fri, 26 Jun 2009 17:31:18 +0000

Whenever we create a new WSS web application in SharePoint, behind the scene a new IIS Web site gets created. Now to make it SharePoint specific, WSS does the following

WSS makes few entries into the IIS Metabase. (IIS Metabase stores conifiguration information about it IIS Web Sites and Virtual Directories)
Creates virtual directories which maps to 12 hive (installation directory\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\)
- _controltemplates – where user controls are kept.
- _layouts – has application pages in it.
- _vti_bin – dlls and web services repository
- _wpresources – resource file repository for Web Parts
Adds WSS-specific web.config to the root directory of the IIS Web site.
Adds wildcard application map to route all incoming to aspnet_isapi.dll. (Right click your iis web site, select home directory, click on Configuration – there we could find the wildcard application map entry.

Finally WSS extends the routing architecture of IIS and ASP.NET to properly route all incoming requests through WSS runtime.

IIS maps an incoming request to a physical file within root directory of an IIS Web Site or virtual directory. (Virtual directory – an entity defining a child URL space nested within the URL space of its parent IIS Web Site. IIS provides the flexibility of defining the root directory for a virtual directory at any location)

IIS supports Internet Server Application Programming Interface (ISAPI) programming model, it allows us to configure an IIS Web Site or virtual directory so that incoming requests trigger the execution of the custom code on the Web Server.

ISAPI programming models consists of ISAPI extension and ISAPI filters.

ISAPI extension is a dll that serves as an endpoint for all the incoming requests.

More on ISAPI filters

http://msdn.microsoft.com/en-us/library/ms524610.aspx

For better understanding of low level look at ASP.NET architecture

http://www.west-wind.com/presentations/howaspnetworks/howaspnetworks.asp

In short, ASP.NET framework is implemented as an ISAPI extension named aspnet_isapi.dll. Whenever IIS sees an incoming request targeting a file with extension like .aspx,.ascx,.asmx, based on the application map defined, it forwards the request to aspnet_isapi.dll, which effectively passes control over to ASP.NET framework.

ASP.NET framework compiles an .aspx page to .dll. It parses the .aspx file to generate a C# file that inherits from Page class. Once the ASP.NET page parser builds the source c# file for an .aspx page, it than compile it into a dll. This occurs only the first time when the page is requested; afterwards the same dll is used for all the subsequent requests that target the same page.

Now comes into picture HTTP request pipeline exposed by ASP.NET framework. It provides the developer with a degree of control comparable with ISAPI programming model. Http Request Pipeline contains HttpHandler, HttpApplication nad HttpModule components.

Once a request comes into the AppDomain managed by the ASP.NET runtime, ASP.NET uses the HttpWorkerRequest class to store the request information. Following that, the runtime wraps the request’s information in a class named HttpContext. The HttpContext class includes all the information you’d ever want to know about a request, including references to the current request’s HttpRequest and HttpResponse objects. The runtime produces an instance of HttpApplication (if one is not already available) and then fires a number of application-wide events (such as BeginRequest and AuthenticateRequest). These events are also pumped through any HttpModules attached to the pipeline. Finally, ASP.NET figures out what kind of handler is required to handle the request, creates one, and asks the handler to process the request. After the handler deals with the request, ASP.NET fires a number of post-processing events (like EndRequest) through the HttpApplication object and the HttpModules.

HttpApplication – During the lifetime of a Web application, the HttpApplication objects serve as places to hold application-wide data and handle application-side events.

HttpModules – While the Application object is suitable for handling application-wide events and data on a small scale, sometimes application-wide tasks need a little heavier machinery. HttpModules serve that purpose.ASP.NET includes a number of predefined HttpModules. For example, session state, authentication, and authorization are handled via HttpModules.

HttpHandlers -The last stop a request makes in the pipeline is an HttpHandler. Any class implementing the interface IHttpHandler qualifies as a handler. When a request finally reaches the end of the pipeline, ASP.NET consults the configuration file to see if the particular file extension is mapped to an HttpHandler. If it is, the ASP.NET loads the handler and calls the handler’s IHttpHandler.ProcessRequest method to execute the request.

ASP.NET includes several HTTPHandlers already, including System.Web.UI.Page and System.Web.Services.WebService

http://www.brainbell.com/tutorials/ASP/The_ASP.NET_Pipeline.html

WSS uses the above ASP.NET technique to extend the HTTP Request Pipeline.

Configures each web application with custom HttpApplication object using SPHttpApplication class. This class is within Microsoft.SharePoint.dll. It creates a custom global.asax file at the root of Web Application that inherits from SPHttpApplication.

<%@ Assembly Name=”Microsoft.SharePoint”%><%@ Application Language=”C#” Inherits=”Microsoft.SharePoint.ApplicationRuntime.SPHttpApplication” %>

It also makes use of custom HttpHandler and HttpModule as well.

We could find their entries in web.config of the web applciation

SPHttpHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c“ />

// other handlers

SPRequestModule, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c“ />

// other http modules

And finally it makes use of SPVirtualPathProvider, which abstracts the details of where page files are stored away from the ASP.NET runtime, using which the pages are served from content database. Once the content are retrieved by Virtual path provider it is passed to asp.net runtime for parsing. SPRequestModule component contains code to register SPVirutalPathProvider class with ASP.NET framework. SPVirutalPathProvider class works toghether with SPPageParserFilter to supply processing instructions to ASP.NET page parser whether to compile the aspx page to dll or process it in no compile mode.

Launching an application from a link in SharePoint

thinkparallel — Thu, 07 May 2009 07:10:16 +0000

When you are viewing lists of items in SharePoint, the context menu is fantastic as it allows you to edit documents directly from certain native applications. For example with a Word document you are able to select ‘Edit In Microsoft Word’ from the context menu, which when clicked fires up Microsoft Word and enables you to edit the document. However when you start creating your own custom webparts from SharePoint list items, you lose this ability. Today I had the challenge of providing a link to a document that was stored in a SharePoint list, but I needed to be able to fire the document up directly from the link.

After quite a bit of trawling through the web I found this great article which really got me going in the right direction:

http://wiki.threewill.com/display/is/2007/10/.

Basically you need to call a javascript method called dispex() which will open the application for you (instead of opening the document as read only).

So within my code I already had my Hyperlink control (lnkDocumentDownload) which was populated by an SPListItem. This also has the URL of the document set in lnkDocumentDownload.NavigateUrl. This needs to be set for this to work, and of course for applications that don’t have integration with SharePoint, they will just use this link to go to the document.

What I needed to additionally add to enable the launching of the application was:

lnkDocumentDownload.Attributes.Add(“onfocus”, “OnLink(this)”);
lnkDocumentDownload.Attributes.Add( “onclick”, @”DispEx(this,event,’TRUE’,'FALSE’,'FALSE’,'SharePoint.OpenDocuments.3′,’0′,’SharePoint.OpenDocuments’,”,”,”,’2′,’0′,’0′,’0x7fffffffffffffff’)”);

Once I added this in, whenever I clicked the link in my control, it would behave in the same way as clicking on ‘Edit in Microsoft Word’.

I also found some ‘kind of’ (not really) helpful documentation on the javascript methods on the Microsoft website here: http://msdn.microsoft.com/en-us/library/cc264013.aspx

Saving files in ItemUpdated for a SharePoint List

thinkparallel — Thu, 07 May 2009 07:06:28 +0000

I had an issue today trying to call File.SaveBinary() method of an SPListItem in the ItemUpdated method. Everytime I treid to call it it seemed to throw an error. In the end there was an easy fix for this – make sure AllowUnsafeUpdates is set to true. Once this is set, the binary can be saved no problem. The other method you should call before you save the binary is the this.DisableEventFiring(); method to ensure that the event does not go into an endless loop.

this.DisableEventFiring();

SPListItem item = properties.ListItem;

item.Web.AllowUnsafeUpdates = true;

item.File.SaveBinary(updatedFile);

item.Web.AllowUnsafeUpdates = false;

this.EnableEventFiring();

Invalid Security Validation in SharePoint code

thinkparallel — Thu, 07 May 2009 07:04:08 +0000

Twice in the past week I have had the issue in my MOSS code where it is throwing an exception: “The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again”

As it turns out the problem isn’t so had to fix. Basically you need to set FormDigestSettings to disabled. This can be done in your code as follows:

SPWebApplication webApp = site.WebApplication;
bool formDigestSettingsEnabled = webApp.FormDigestSettings.Enabled;
webApp.FormDigestSettings.Enabled = false;
//Do all your code in here where it is throwing the error..
webApp.FormDigestSettings.Enabled = formDigestSettingsEnabled;

This can also be fixed by turning off the security validation for an application in Central Admin (however I probably wouldn’t recommend this):

Central Admin -> Application Management -> General Settings -> Turn security validation off

Impersonation in MOSS 2007

thinkparallel — Thu, 07 May 2009 06:48:29 +0000

I recently had an issue where I attached a SharePoint event handler to a list item, and when the list item was approved it fired off a group email. Problem was that if the user who approved the item did not have super powered privileges on the system, the event handler would fail due to a permissions error.

To run the SPSecurity.RunWithElevatedPrivileges method

This also meant that I could create a method in this class which is called in the SPSecurity.CodeToRunElevated constructor. Also it is worth noting that if you are still getting security validation errors, you need to wrap update() methods with the AllowSafeUpdates method (also shown in code below).

sealed class ScheduleMail
{
private Guid _siteGuid;
private string _webUrl;

public ScheduleMail(Guid siteGuid, string

webUrl)
   {
      _siteGuid = siteGuid;
      _webUrl = webUrl;
   }

public void SendScheduledMail()
   {
      SPSite mySite = new SPSite(_siteGuid);
      SPWeb myWeb = mySite.OpenWeb(_webUrl);

// Do the rest of the code requiring privileges … //Created dispatcher job in here

//Get around security

      myWeb.AllowUnsafeUpdates = true;
      dispatcherJob.Update();
      myWeb.AllowUnsafeUpdates = false;
   }
}

In the end the final code I implemented was along these lines

override void ItemUpdated(SPItemEventProperties properties)
{
   base.ItemUpdating(properties);
   ScheduleMail mailToSend = new ScheduleMail(properties.SiteId, properties.RelativeWebUrl);
   SPSecurity.CodeToRunElevated codeRequiringElevated = new SPSecurity.CodeToRunElevated(mailToSend.SendScheduledMail);
   SPSecurity.RunWithElevatedPrivileges(codeRequiringElevated);
}