Knowledgebase - Microsoft SharePoint Blog

SharePoint 2010 Sneak Peak

Just watched the first of three videos on Microsoft's SharePoint 2010 preview site and I'm quite excited!!!

Here are some of the exciting new features to look forward to:

  • Multi-document Check-in and Check-out
  • Incorporation of the Office RIBBON into SharePoint sites, libaries and lists directly within the browser
  • Completely redesigned SharePoint Designer
  • BDC has been expanded and renamed BCS (Business Connectivity Services) and allows BOTH READ and WRITE to external data sources with simplifed config via SPD
  • Offline synchronisation of sites, libraries, lists AND external data sources with SharePoint Workspace (formerly called Groove).  This tool looks much like Colligo's fantastic 'Contributor' tool.  I particularly like the ability to update external data source.
  • Integration of BCS data into Office 2010 (eg: can populate letter recipient and address details from BCS connection directly within Word)
Memory Mapped Files

Writing code nowadays can be considered as a "cheerful experience", we have a complete set of tools and development environments that make us more productive, helping us in the delivery of high-quality software. 15 years ago it was a hard task to find IDEs with Intellisense support, we used to store our application settings in .INI files and we didn't even have any virtualization environment in order to perform tests before sending out our solution to the customers, that's why it's a new adventure each time we got engaged on a new development project and coding hasn't ever been as enjoyable as it is today. A few years ago I read a book written by Jeffrey Richter called "Advanced Windows" and I learned heaps from this book, as a matter of fact, last year I bought his latest book called "Windows via C/C++" which is a classic and a must have in every Windows developer toolbox, same thing occurs with Charles Petzold's book, however I learned a lot about Windows internal mechanisms by reading Richter's, for instance, how can processes exchange information between them? What's the difference between a Mutex and a Semaphore for threads synchronization? just to mention a few. Windows is a product that has evolved and grown throughout the years, despite of new APIs and functionality that have been included into it we will always need access to the PC's memory, for example we can mention Inter-Process Communication (IPC) and virtual memory access, this post is about it pretty much, how can I get access to the virtual memory so I can address and use a given amount of bytes? I think you know already what I'm talking about. Memory Mapped Files can be defined as "a segment of virtual memory which has been assigned a direct byte-for-byte correlation with some portion of a file or file-like resource. This resource is typically a file that is physically present on-disk, but can also be a device, shared memory object or other resource that the operating system can reference through a file descriptor". They have three main purposes which are:

  • Load and execute .exe files and DLLs
  • Access files on-disk very quickly without using buffers. Windows handles this for us
  • Allow many processes to share information in memory

The following diagram depicts some implementations for memory mapped files

Once the file is mapped in memory, a view based on that file needs to be created, I mean, a region or space within the file which allows a process to read and write onto it, when creating the view we specify bytes to be mapped, file offset and desired access, this process is shown in the image below

One of the new features bundled in .NET Framework 4.0 besides DLR (Dynamic Language Runtime), parallel processing and support for memory mapped files. The code that accompanies this post demonstrates how to do it using the new MemoryMappedFile class plus my own implementation with .NET 3.5, C# and a little of Interop. Source code can be found here

Further reading about this topic can be found at Virtual Memory and Paging



Structured Exception Handling (SEH), it's one of the top used features by developers, it's not required any more to be dealing with On Error labels or any other less elegant mechanism to handle error conditions, however .NET Framework is an existing layer between our application and the operating system, even when the Exception class describes an error condition it doesn't provide the error code and message associated to the operating system, that's why it's frustrating sometimes to interpret some "less-descriptive" exceptions and hence recovering any Windows error information can be of great help. Throughout the years Windows API has evolved and grown in size and error messages as well, many of these messages can be found in the SDK and WDK, so I had this idea about extending the Exception class by implementing an extension method. Extension methods enable us to "add" methods to existing types without creating a new derived type, recompiling, or otherwise modifying the original type. They are a special kind of static method, but they are called as if they were instance methods on the extended type. The most common extension methods are the LINQ standard query operators that add query functionality to the existing IEnumerable and IEnumerable<T>.

To retrieve the description for a given error code we use the FormatMessage function, as it's shown below

The extension method used is the following

So if we catch any exception, besides obtaining the exception object itself we get the error and message code from the operating system

If we implement everything we've previously mentioned, see the difference between the exception message and the message provided by the operating system. The sample application can be downloaded from here

Hope this helps,



I usually read a lot about technology stuff from Microsoft and other vendors as well. One of my favourite sites to gather information about ongoing projects and things to come is Microsoft Research so today after having lunch I started to browse for some projects and I found Pex which in my humble opinion seems to be really interesting, why? Because it's a new tool that helps in understanding the behavior of .NET code, debugging issues, and in creating a test suite that covers all corner cases - fully automatically. Through a context menu in the code editor, the user can invoke Pex to analyze an entire class or a single method. For any method, Pex computes and displays interesting input-output pairs. Pex systematically hunts for bugs - exceptions or assertion failures. As Pex discovers boundary conditions in code, Pex generates new tests that target these conditions. The result is a small test suite with high code coverage. Pex enables Parameterized Unit Testing, an extension of traditional unit testing that reduces test maintenance costs. Pex has been used in Microsoft to test core .NET components. Pex is developed at Microsoft Research and is integrated into Microsoft Visual Studio, so if you're like me that loves to deliver high quality code then Pex is a must in your toolbox.



Yesterday afternoon I was coming home on the train, when suddenly I had this idea of writing something about policy injection, function pointers and my preference of using .NET instead of Java. Firstly, allow me to get started with policy injection, it's a definition commonly used in developer talks but, what does it mean? Or what is it about? In a few words we can define it as "one technique becoming increasingly popular by the adoption of Aspect Oriented Programming (AOP), which provides an array of mechanisms to change the behavior of business objects and other classes by applying policies thus making it easier to implement crosscutting concerns such as logging, validation, exception handling, caching and more".

The terminology of AOP uses the word "concern" to mean a task or feature of an application. Core concerns are the features usually unique to a class or object, for example, a class to connect to a database or serialize an object to disk. Tasks common to more than one class or object are crosscutting concerns. Poor management of these can result in duplicated and hard-to-manage code, and unreliable applications.

Policy injection was introduced by the Microsoft patterns & practices group into the release (version 3.0) of their Enterprise Library which integrates with the other application blocks in the library. The latest version can be downloaded here

However, I would like to share with you the idea or principle behind "Policy injection", if you're like me that prefer designing and writing all the components for an application by yourself, this can be a useful post to you then.

In my humble opinion, we have at least two possible ways to "inject" either by using generics or through callbacks (delegates), let's proceed to describe them:

1-.Using Generics: Generics was introduced in .NET 2.0 and it gives us the ability to write "generic" code plus enforcing type-safety, I mean, no more casting to object to achieve multiple reuse. Let's suppose we have the following class

It implements the ISample interface which contains a single method PerformAction that throws an exception if the time's current second is even (we do this to simulate that something goes wrong during the execution of this method), please note that we don't have any exception handling in that method. Now, let's suppose that I have heaps of classes implementing the same interface without any exception handling mechanism too, what could I possibly do in that case? If we take into consideration the definitions for concern and crosscutting concern we can then say: I have different concerns (even when the implemented interface is the same) but at the same time I have crosscutting concerns, I mean, all of my classes implement this interface without a proper exception handling mechanism.

Having said that, let's have a look at the following code fragment

It's a generic class and its usage is restricted to ISample objects plus requires the creation of a new instance, in its Ctor, through Reflection we collect information of the class used with the generic class, I mean, the object we'll be applying our "policy" to. The generic class contains only a method called Execute which invokes the PerformAction method of our class implementing ISample hence exception handling is added which it didn't exist in our original implementation.

The implementation on the client or application would be like this

Please note that I didn't have to modify the original code but I'm using another mechanism instead, in this case "Policy injection" through a generic class that acts as a proxy which allows me to achieve what I want plus isolating concerns from each other but considering crosscutting concerns.

2-.Using Callbacks: Callbacks, function pointers or delegates refer to the same mechanism for passing executable code as an argument to another code. In old C/C++ school we can do it like this

However in .NET we do it like this

So the way we can achieve "policy injection" through callbacks differs a little from the one previously explained, which is cleaner, easier to maintain and suggested from my point of view, because we use a proxy that communicates with the class we're applying the policy to; if we're using callback it would be something like this

The greater difference between the two approaches, it's that policy code is on the client side and not in the proxy class, so code is repeated and future maintainability is at risk. We can achieve what we want but it's not the best approach to follow, however this method it's pretty useful in situations such as, impersonating a given user to execute a piece of code.

Changing topics and almost wrapping up, one of the reasons I prefer .NET instead of Java it's because of Callbacks support which have been with us for a long time ago and they're a pretty useful as we can see, for instance, the qsort function (quicksort implementation in CRT) which expects to receive as last parameter a Callback to a comparison function. In Java we don't have this functionality out-of-the-box but we need to "simulate it" by implementing interfaces (Callback pattern) and I start wondering, what the heck? I can do this in C/C++ using native code and in any other .NET language without implementing any "pattern" so I can focus on the requirement, for reasons like this and many other reasons I prefer .NET instead of Java because it just makes me more productive.



My Network Places has been removed in Vista, but you can still create shortcuts to SharePoint libraries and/or document libraries...

#Open Windows Explorer (Windows Key + E)
#Right click on any blank space in the right pane (the side which shows you drive(s))
#Select Add a Network Location

One of the noticeable benefits of SharePoint is the saving in development/QA investment by leveraging platform's rich out-of-box features and functionalities. However, as a common setback of out-of-box offerings, functionalities tend to be locked down and customisation made difficult if not possible.

To address a client requirement popped up recently, mouseover highlighting and highlighting stopover after single/multiple mouse clicks were implemented into a Default List View(AllItems.aspx), essentially a customisation effort to an out-of-box SharePoint component.

The result of a proper implementation would look like this

There are a number of ways to bring to live the functionality, each with its pros and cons.

  • Create a XSLT DataView for a SharePoint List and use Conditional Formatting to add a highlighting script(combination of CSS and XSL);
  • Create custom Web Part for a SharePoint List and register it as either a server or a client-based event (OnMouseHover and OnClick)
  • Use Content Editor Web Part to write a highlighting script using calculated columns in a SharePoint List;
  • Inserting into AllItem.aspx via SharePoint Designer JavaScript that implements MouseHover and onClick;

The first three options do the work but would require extra effort and skill in both development and testing. For example, Option 1 requires advanced skill in SharePoint Designer 2007 and XSLT while option 2 needs extra effort in development and QA. The third option can cause slow performance due to the introduction of some additional fields to the List.

The last option on the list requires less effort provided the right place to insert the script and to reference View GUIDs are known. Here is the solution, step by step

  • Create a Custom SharePoint List;
  • Open AllItems.aspx in SharePoint Designer 2007 (SPD) using the "Open Site" or "Open.." dialogs within the application.
  • When you see this message, "This page cannot be edited in SharePoint Designer. You can edit the content in the browser, or edit the corresponding page layout in SharePoint Designer", click on the Edit Page Layout button to edit the page layout;
  • In the Code View Window, locate <asp:Content ContentPlaceHolderId="PlaceHolderMain" runat="server"> tag, copy and paste the following JavaScript code segment to just below the tag:
  • In the script code replace <<List GUID>> and <<List View Web Part GUID>> placeholder with the actual value of your SharePoint List GUID and List View Web Part GUID. To get the GUIDs,
    • Go to your List Settings Page --> Views section;
    • Click AllItems link;
    • Grab GUIDs from the URL address as shown below,
  • Save the page.
  • Preview the change in SPD - right-click on the AllItem.aspx page, choose Preview in Browser from the dropdown menu.

The Service Pack 2 for SharePoint 2007 (that is, WSS 3 and MOSS 2007) has been released to the general public. You can get the Windows SharePoint Services one here and the Microsoft Office SharePoint Server one here.

There are lots of changes (Change Log WSS - Change Log MOSS) so please ensure you test this in a development environment first before rolling out to production.

There's a write-up of the biggest changes here - - The thing I'm most happy about is the fact that they are releasing the bugfix list as a spreadsheet again. Nice, very nice. Whack it in a SharePoint site, index it and you have a "That was fixed in Service Pack n" lookup feature for clients who are still on RTM (and who are in an unsupported state).

Here is an excellent blog post about using SharePoint web services. It talks about the different web services that SharePoint provides out of the box (for both Windows SharePoint Services and MOSS 2007). Since these operations are web services they can be called with Java or .NET. The article has some small coding examples.  It is a good introduction to web services and the interoperability between SharePoint and .Net

Was at a client's place today and saw this for the first time in ages - IIS would not start, error ID's 6398, 6482 and 7076 in the event log, emails not being sent, etc.
"Wait just a doggone minute, here - I am certain this was fixed in WSS SP1" - but even though the client was running a more recent version of WSS & MOSS than SP1, the issue still existed - and the errors and symptoms were exactly the same.

It turns out that there is another hotfix now available for this - but it's not a part of SharePoint code, so it's a separate one that needs to be applied if you are seeing any of these issues (in other words, it's unlikely to be a part of WSS / MOSS SP2 due out in a couple of months).

Hotfix can be requested here - - Articles discussing the fact that the issue still exists can be found here and here... It only seems to occur in IIS 6, and is more likely to occur when you have more app pools running under the same account as the Timer service.

Now where's the Change Request form...

Good luck (smile)

In September 2007 I implemented a 4-layer Kerberos solution at a client's site. Back then, there was only a couple of people who'd done it and there was not much information around on it (and it nearly killed me... well, it wasn't that bad, but it was pretty stressful). Since then, lots of people have started to implement Kerberos authentication-based sites and it's become a bit more mainstream. Certainly I look around and there's lots of people with info on their site.

One of the things I noticed while troubleshooting was that when you browsed sites the ticket that was generated never appended the port number when attempting to authenticate. Well apparently this was a "feature" of IE6 when used on XP or 2003 server which has finally been fixed (I imagine there's no hotfix in IE7, just the registry key). You can download the patch for 2003 server or XP from this KB Article.

Just a warning: If you have SPN's set up to not use the port number and this patch is applied to a client, YOUR SITES WILL STOP USING KERBEROS TO AUTHENTICATE. For example:

  • You have a site
  • You have an SPN set up for the service account on this site eg setspn -a http/ serviceAccount
  • Everything works fine and dandy because IE 6 builds a poor Kerberos request without the port number.
  • You apply the patch & reg key. Suddenly, everyone starts getting the "3 prompts and you're out" authentication request, because now the port number forms part of the request.
  • Whoopsie! The fix is to register another 2 SPN's for the site that uses a port number, against the Web App pool account (2 spn's - one DNS prefix and one FQDN - in our example, one for http/mybeautiful:8000 and one for http/

Anyway, hope this helps!


Now's the time to plan your upgrade of SharePoint to Service Pack 1 if you have not already done so. I know I know, there are a lot of people stuck in a change freeze this time of year, so if this is you, then plan to do it as soon as the change freeze ends because on the 13th of JANUARY 2009 your SharePoint 2007 system will no longer be supported by Microsoft.

More information can be found here - Lifecycle Supported Service Packs - info came from Stefan Goßner's blog.

Also SharePoint 2007 SP 2 is currently in Beta and will be coming soon to a Microsoft site near you (official word is between February and April - I'm betting February) (smile) - once it hits, the 12-month EOL clock starts for SP1.


Had a very unusual issue recently on a hardened SharePoint environment (read: set up according to Microsoft Best Practices).

I was trying to install a feature, and I was getting a response back... Access Denied. Nothing really unusual in that... I must have forgotten to set myself up as a farm admin again... except in this case I was already a farm administrator. So... what could be causing that problem?

It turns out that Microsoft decided that in order to install a feature, being a Farm Administrator is simply not enough - you have to be a SysAdmin on the SQL Database as well. Huh? Where'd the "Least Privilege, best-practice" thinking go when they set up that trap?

So I log into the SQL database and add myself in as a SysAdmin, and tada! I'm able to successfully deploy the feature. I honestly would have thought that the application would have verified your credentials, then once confirming you are a farm administrator, run the feature installation under the SharePoint admin account (which has all the required DB Access). But Nooooooo, not this time!

If anyone knows why this might be the case, I'm interested to hear from you. To me, it makes no sense and works against least privilege configuration.


It took me a little while to understand what this plug-in was trying to do and how it was adding value, and then it dawned on me - it's like a "Blog this" button on your browser! I love the ability to just click on a browser button and have a Windows Live Writer window open up pre-populated with the page name and a link. It's awesome! That's how I created this blog article...

So this SharePoint feature installs on the server and gets called from a link in your links list. It then retrieves information about the last page you visited in that window (from your referer browser property) and pre-populates some fields in the list. You can then "tag" the link with topics, like "SharePoint" or "Shopping" or "Christmas" or "Maxed Out Credit Card"... or whatever other topics you think are relevant.

It's quick, it's easy, and it's a great way of having a range of link lists that are then searchable by others. Like blogging about an article you just saw that may be useful in the future, but you are not sure when... or a list of personal bookmarks.

I'm always on the lookout for ways to get information into WSS / MOSS without effort - the more information you have, the easier it is to make informed decisions. This looks to be a great one! Grab it here - - and have a look at how it's used here -