Monday, October 24, 2011

Configuring SharePoint 2010 Foundation for Internet-facing publishing


I am starting a set of posts regarding the ability of SharePoint 2010 foundation to be used to build Internet-facing web sites. In this one we are just going to perform configuration and creation operations so as we can obtain a SharePoint Foundation site collection that can be used to publish content on the Internet and therefore, available for anonymous users.

Business benefits - The "why" part of the post

In SharePoint 2007 the Internet-facing publishing was rather based on the use of the publishing part of SharePoint, its CMS.

However, the team sites that were a part of the collaboration area of SharePoint 2007 are now with the new wiki pages of SharePoint 2010 a way to help people to publish formal content. The team sites are now described in the SharePoint 2010 documentation as a solution to encourage one-to-many communication and also a solution to offer a structured exchange of information.

Therefore the team sites of SharePoint Foundation are now mature enough to be used as a base to build Internet-facing web sites and are a new and more cost effective opportunity offered by SharePoint 2010 to publish content on the Internet. The free SharePoint Foundation team sites can be now seen as a severe competitor to the licensed SharePoint CMS!

For further information, see the Microsoft documentation:

Comparison of Enterprise Wikis with Team Sites

Plan Internet presence sites (SharePoint 2010 Foundation)

And this Ted Pattison's video:

Sites as Collections of Pages
(See how Sites in SharePoint 2010 just become a collection of pages. Unlike before pages now play a key role in the structure of a site... )

I have just found elements of comparison when considering SharePoint Server 2010 Publishing Sites vs. SharePoint Foundation 2010 Sites:

SharePoint Server 2010 Publishing Sites vs. SharePoint Foundation 2010 Sites

After requirements gathering is complete, first decide whether to base the website on Microsoft SharePoint Foundation 2010, or on a server running Microsoft SharePoint Server 2010 with the Publishing Features enabled. Publishing sites are built on SharePoint Foundation, and there are many advantages to building engaging Internet-facing websites with publishing sites. Some of the benefits of creating a brand with SharePoint Server publishing sites and SharePoint Foundation sites include the following:

Enables content authors to create webpages with a more robust rich-text editing experience than SharePoint Foundation sites offer.

Includes master pages that target publishing sites and that use specific code assemblies that take advantage of publishing Features.

Easier control of web navigation from the web UI, and more options are available to the designer.

Uses the Web UI to easily change a master page and to apply master pages to all subsites below the current site.

Uses page layouts to create templates at the page level. Uses text layouts to accomplish a form of simple page layout. Text layouts are not configurable.

Use the $SPUrl token to target HTML assets with URLs that are relative to either the site collection ($SPUrl;~sitecollection/) or site root ($SPUrl:~site/)

source: Real World Branding with SharePoint 2010 Publishing Sites


I will avoid using development operations in this first post in order it can be useful to system administrators. Of course it is also targetted for developers so as they can configure their development machine, but they won't have to launch Visual Studio here.

1 - Extending an existing SharePoint Foundation Web Application

Assume you have created a SharePoint Foundation web application using NTLM authentication (that is the default mode).
Go to the SharePoint 2010 Central Administration of your SharePoint Farm, click the "Manage web applications" link then on the displayed list of the available web application select the one you want to open to anonymous users.

The buttons of the SharePoint 2010 ribbon are now  usable, so click on Extend.
The Extend pop-up appears.

Type the name of the new web application
Type 80 for port
Define a host header
Select Allow Anonymous because we are planning anonymous access
For the zone, choose Internet, because we plan to extend the existing web application for an Internet access.

So as you will obtain the following screen shots



Then,  click the "OK" button to create the web application.
Nothing has changed in the web application list, but if you navigate to the Alternate Access Mappings page of the central administration (in the System Settings section), then click on the "Edit Public Zone URLs" link and select the extended web application you will notice taht the zone was properly created.



You can also check in IIS7 that the IIS web site for the Internet zone is now available

2 - Testing the anonymous acces

As we have defined previously a custom host header for our Internet site we have to modify the host file of our development machine in order to be able to acces the site as an anonymous user.
So open the hosts file of your machine located at :


and add the following entry:

Now open a browser and browse to this url. You access your SharePoint team site as an anonymous user and simulate an Internet acces.

if you cannot access to the site with an anonymous access, browse to the page, you will be prompted for authentication, use the site coll administrator to authenticate in NTLM mode, switch anonymous access to Entire site, click OK (in the screen shot, url is wrong, sorry).


If you select Lists and libraries, anonymous users will be able to view items only for those lists and libraries that have enabled permissions for anonymous users.

However how interesting this option is, it will force administrator to break inheritance for each lists for those they want to grant access for anonymous users. You will also notice that for those lists, the SharePoint Forms pages are also accessible to anonymous users. For example, if you grant access to anonymous users for the site pages library of a Foundation team site, anonymous users might be able to get to

Typically you don't want this, so how do you prevent anonymous users from accessing these pages?   
In SharePoint Server, where the publishing features are available we would activate the lockdown feature especially provided by Microsoft for avoiding this problem.  

By the way, It is amazing to think to activate within SharePoint Foundation the lockdown feature which was formerly reserved to the SharePoint CMS .
Yes and no.
Now the team sites must be seen as a collection of pages. They get closer to the SharePoint CMS a lot.
On this subject you should watch the Ted Pattison's video (See how Sites in SharePoint 2010 just become a collection of pages. Unlike before pages now play a key role in the structure of a site.).

Updated 2011 october 26th

3 - An alternative to the lockdown Feature

Unfortunately, this feature is not available for SharePoint foundation. So I made an adaptation for WSS 3.0 and SharePoint Foudation 2010 that you can download as a SharePoint solution (.wsp) on Codeplex:

Custom lockdown feature for wss 3.0 and SharePoint 2010 Foundation

If you want to use it, download the .wsp and deploy it. It will be globally deployed anyway because the feature handler .dll will be placed in the GAC.
Then you should not need to install the feature because it will be automatically installed at deployment time, but if the automatic  installation had failled, you could install it by excuting this within a command prompt:

stsadm -o installfeature -name viewformpageslockdowncustom

then activate the feature for your site collection with this other instruction:

stsadm -o activatefeature -name viewformpageslockdowncustom -url

But, beacause we already have anonymous access enabled, we need to go disable it, then enable it again. Go to the _layouts/setanon.aspx page, switch anonymous access off, click OK, then go back and set it to entire site, then click OK.

Anonymous users should now get an authentication prompt when they try to navigate to a form page. For example,



4 - Setting custom error page for error 401 (forbidden) within Sharepoint 2010

(The following section is dedicated to Sharepoint 2010 since you will not find the following xml tags in the web.config of wss 3.0.)

Now we are going to do an amazing thing. We are going to change the web.config file of the web application corresponding to the Internet access so as anonymous user won't be prompted anymore for authentication if they try to acces to an unauthorized url but be redirected on a custom 401 error page within the site.

So first go to your site with at least contributor permissions by using NTLM access and create a custom 401 error page in the site pages library of your site. Assume we call it unauthorized so as its url will be Type a meessage of access denied and save the page.

Then, open the web.config file of the Internet zone web application and locate the handlers end tag within the system.webSever and paste the following httpErrors sequence.

        <httpErrors errorMode="Custom" existingResponse="Auto">
            <remove statusCode="401" />
            <error statusCode="401" prefixLanguageFilePath="" path="/sitepages/unauthorized.aspx" responseMode="ExecuteURL" />

 After restarting your application pool by reloading a page of your site with anonymous acces, you will notice an amazing thing: each time an anonymous user will try to access to a non authorized ressource, instead of being prompted for an NTLM authentification, he will be redirected to the custom 401 error page of your site and he will still have your site navigation links available and be able to keep browsing.

And the most amazing is you will have the same result while clicking the sign in link.
So of course don't do that if you plan to use an Internet access for contributing on your site or for administrating it...

And don't forget that this will have an impact on the whole web application since we have modified the web.config, so it won't be possible to obtain a different behaviour for another site collection within this web application.

 The next screen shot show my 401 unauthorized custom error page after having clicked the Sign in link.

It is all that we can do for now by just performing configuration operations.
Of course, don't forget to modify the navigation within the SharePoint 2010 UI to hide all the links that could lead to an access denied for anonymous users. In short, you should let only the links pointing on a subsite, a Site Page or a specific document.

In the next post, we are going to use Visual Studio to start customizing our site...

5 - Aknowledgements

Thanks to :

Nick whose article helped me for custom errors, I have just noticed that he also lives and works in Montreal...

Tyler Butler of the ECM team blog who was by his publications of a big help in the realization of my projects for the internet and who made me discover the existence of the lockdown feature...

Ted Pattison for his video which opens many new horizons regarding the use of SharePoint 2010. I will publish more about it someday...



Saturday, October 22, 2011

Creating a custom document library for SharePoint 2010


It seems that it is not that obvious to find clear documentation to create a custom document library for SharePoint 2010.
Most of the Microsoft documentation is now based on using Visual Studio 2010 and are more focused on the lists than on the document libraries.

By the way document libraries in SharePoint 2010 seems to has become lists, but the lack of documentation regarding the creation of custom lists remains anyway, so after having perform some successful trials I have decided to publish a step by step guide.

Functional benefits

I won't spend much time in this post explaining the functional benefits of creating a custom document library because I plan to publish soon a new post explaining the difference between a custom list and a list instance and the functional benefits and drawbacks of each. But think carefully before creating a custom document library.
I have created one in a previous project for MOSS 2007 and had serious problems when migrating to SharePoint 2010.
In most of the cases, a list instance is enough so if it is possible, avoid creating a custom list or document library. In a general way, avoid as much as possible to create custom CAML definitions for sites, lists and so on... 

Required steps for creating a custom SharePoint 2010 document library

1 - Duplicate the native DocumentLibrary feature
2 - Change the attributes of the Feature tag of the Feature.xml file
3 - Change the attributes of the ListTemplate tag of the DocumentLibrary.xml file
4 - Rename the DocLib folder located in the DocumentLibrary folder
5 - Install the feature
6 - Activate the feature for a specific site
7 -Test

Detailed operations

1 - Duplicating the native DocumentLibrary feature

Locate the folder of th DocumentLibrary feature located in: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\FEATURES
Copy and paste the folder and rename it. Assume we rename it MyCompany.MyCustomDocumentLibrary.



2 - Changing the attributes of the Feature tag of the Feature.xml file and adding some more attributes

Open the Feature.xml file with Visual Studio or a text editor, and change these attributes:

Change the ID of the feature. I usually change the last figures by the new type of the list. Assume the new type is 10001 (it is not recommended to use a new type smaller than 10000), the new ID of the feature of my custom document library will be 00BFEA71-E717-4E80-AA17-D0C71B310001.

The title will appear in the UI of SharePoint 2010 in the "Manage Site Features" page (because the attribute Scope is set to Web).

The description will also appear in the UI of SharePoint 2010 in the "Manage Site Features" page (Because the attribute Scope is set to Web).

Change the value of the attribute to FALSE in order to see the feature in the "Manage Features" page of your SharePoint 2010 so as you can activate it manually and allow a site administrator to activate it.

Add the following attributes

This will avoid having an error at deployment time if you deploy this feature in a SharePoint solution (.wsp file) by retracting, removing the old version of your solution and re-deploying a new one.

I have created a folder for MyCompany located in the SharePoint 2010 IMAGES folder located at:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\IMAGES
(I use a part of the SharePoint summit logo because I was speaker at this summit last year in Quebec and plan to be speaker on 2012 at Toronto and Quebec.)

Here is the new xml after the changes has been performed:

<?xml version="1.0" encoding="utf-8"?>
Feature Id="00BFEA71-E717-4E80-AA17-D0C71B310001"
                  Title="MyCompany MyCustom Document Library"
                  Description="Allow a custom document library to be created within this site"
                  AlwaysForceInstall ="TRUE"
                  ImageUrl ="MyCompany/sharePointSummitLogo.jpg"
<ElementManifest Location="ListTemplates\DocumentLibrary.xml" />


3 - Changing the attributes of the ListTemplate tag of the DocumentLibrary.xml file

This is the important key. This name and the name of the folder where the schema.xml file of the custom library is located MUST be the SAME !
I use customdoclib1

As written before the new type will be 10001. The type can for example be used in a feature that will place a custom button in a document library ribbon so as when you activate the feature for the new button, only the document libraries with the 10001 type will have the new button. Changing the type is one of the good reasons to choose to create a custom document library rather to create a list instance. But it can also cause many problems later for example when migrating to a new version of SharePoint so be careful.
The base type will not be changed, BaseType 1 means the list is a document library...

This name will appear in your SharePoint site in the create page when you want to create a custom document library within your site.

The description will appear in your SharePoint site below the display name in the create page when you want to create a custom document library within your site.

Here is the new xml after the changes has been performed:

<?xml version="1.0" encoding="utf-8"?>
Elements xmlns="">
           DisplayName="My Company Document Library"
           Description="Create a document library with xyz functionalities"

4 - Renaming the DocLib folder located in the DocumentLibrary folder

As written before, the important key is now to rename the folder where the document library schema.xml file is located so as it has the same name than the name attribute of the custom document library template.

So we rename the folder to customdoclib1



5 - Installing the feature

Now, all we have to do is install the feature so open a command prompt and be sure to have the administrator permissions on the machine. If the stsadm.exe path is referenced in the system variables of the machine you just have to type the following:

stsadm -o installfeature -name MyCompany.MyCustomDocumentLibrary

In order to obtain this screen



6 - Activating the feature for a specific site

So now, open a site and you should see your feature in the "Manage Site Features" page as shown in the next screen shot.



Notice that the description filled in the feature.xml file is displayed on the page.
Click the Activate button to enable the custom library creation within this site.


7 -Testing

Now if you navigate to the SharePoint 2010 Create pop up using the "Site Actions" menu and clicking "More Options..." then selecting Library in the pop up you will notice that the references to the custom library are actually displayed by the pop up.

Notice that the name and description typed previously in the documentlibrary.xml file are properly displayed.

So type a name for your new custom document library for SharePoint 2010 and check it is correctly provisioned within your site.


Well done !!!