Load scripts in SharePoint within custom Javascript or Workflow

Following is the code which can be used to load JavaScript in sequence.

This code for example loads the reputation.js from SharePoint’s layouts folder & jQuery from site assets.

(function () {
    ExecuteOrDelayUntilScriptLoaded(function () {
        //sp.runtime.js has been loaded
        ExecuteOrDelayUntilScriptLoaded(function () {
            //sp.js has been loaded
            SP.SOD.registerSod('reputation.js', SP.Utilities.Utility.getLayoutsPageUrl('reputation.js'));
            SP.SOD.registerSod('jquery-3.2.1', '../SiteAssets/Scripts/jquery-3.2.1.min.js');
            SP.SOD.loadMultiple(['reputation.js', 'jquery-3.2.1'], function () {
                //reputation.js & jquery-3.2.1.min.js have been loaded.
                var context = SP.ClientContext.get_current();
                var web = context.get_web();
                //Check if jQuery has been loaded
                if (typeof jQuery != 'undefined') {
                    console.log("Jquery is loaded");
                }
                else {
                    console.log("Jquery is not loaded!");
                }
            });
        }, "sp.js");
    }, "sp.runtime.js");
})();

Source: https://sharepoint.stackexchange.com/questions/92082/uncaught-typeerror-cannot-read-property-get-current-of-undefined

Set permissions for a SharePoint list item using 2013 Workflow

SharePoint 2013 Logo

Following are the steps to be implemented in a 2013 workflow to set permissions for a SharePoint list item.
This particular method set the permissions for all users in a group with a particular role permission using REST Calls

1. Build Header Dictionary and set to a variable

Name: Accept
Type: String
Value: application/json;odata=verbose

Name: Content-Type
Type: String
Value: application/json;odata=verbose

1. Set “Group ID URL” to a variable

[%Workflow Context:Current Site URL%]_api/Web/SiteGroups/GetByName('Group Name')?$Select=id

2. Set “Role ID URL” to a variable

[%Workflow Context:Current Site URL%]_api/Web/RoleDefinitions/GetByName('Role Name')?$Select=id

3. Set “Break Role Inheritance URL” to a variable

[%Workflow Context:Current Site URL%]_api/Web/Lists/GetByTitle('Library Name')/items([%Current Item:ID%])/BreakRoleInheritance(copyRoleAssignments=false, clearSubacopes=true)

4. Create Response Variables for “Group ID Response”, “Role ID Response”, “Response Headers” & “Response Code” with data type as Dictionary

5. Make GET REST call using Call Action to “Group ID URL” and assign output to above created variables in step 4

6. Use Get Action ‘d/Id’ from above “Group ID Response” variable and set it to a new variable “GroupID”

7. Make GET REST call using Call Action to “Role ID URL” and assign output to above created variables in step 4

8. Use Get Action ‘d/Id’ from above “Role ID Response” variable and set it to a new variable “RoleID”

9. Make POST REST call using Call Action to “Break Role Inheritance URL” and optionally assign output to above created variables in step 4

10. Set “Set Role URL” to a variable

[%Workflow Context:Current Site URL%]_api/Web/Lists/GetByTitle('Library Name')/items([%Current Item:ID%])/RoleAssignments/AddRoleAssignment(principalId=[%Variable:GroupID%],roleDefId=[%Variable:RoleID%])

Add Role:

 AddRoleAssignment(principalId=[%Variable:GroupID%],roleDefId=[%Variable:RoleID%])

Remove Role:

RemoveRoleAssignment(principalId=[%Variable:GroupID%],roleDefId=[%Variable:RoleID%])

11. Make POST REST call using Call Action to “Set Role URL” and optionally assign output to above created variables in step 4

Reference URL: https://msdn.microsoft.com/en-us/library/office/dn531432.aspx

Get SharePoint Item’s Author Details using REST

SharePoint 2013 Logo

When we fetch document details from the SharePoint, sometimes we may need to get the Author details as well. By default when we do ODATA REST query, we will get only Authorid with a number as a result.

To get Author’s additional details we may need to expand the selected item as show below.

https://server/sites/sitecollection/_api/web/Lists/GetByTitle('Documents')/Items?$select=Author/Title,Author/Name,Author/EMail,Author/MobilePhone,Author/SipAddress,Author/Department,Author/JobTitle,Author/FirstName,Author/LastName,Author/WorkPhone,Author/UserName,Author/Office,Author/ID,Author/Modified,Author/Created,*&$expand=Author

Following list show all the valid Author fields

  1. Title
  2. Name
  3. EMail
  4. MobilePhone
  5. SipAddress
  6. Department
  7. JobTitle
  8. FirstName
  9. LastName
  10. WorkPhone
  11. UserName
  12. Office
  13. ID
  14. Modified
  15. Created

Source: https://social.technet.microsoft.com/wiki/contents/articles/31210.sharepoint-2013-get-user-details-from-person-or-group-field-using-rest-api.aspx

Sync desktop files to O365 SharePoint Library

One of the consulting request I got was that an user should be able to sync files from a legacy system to O365 SharePoint Library. The issue was that the legacy system was old and all it could do was place a file in a particular folder.

The solution we could offer was the following.

  1. Configure a Windows mapped drive to point to a SharePoint library
  2. Configure the legacy system to place file into folder

This worked, but having a mapped drive was received as a security threat by the client’s security team.

But now thanks to the newly launched feature of syncing the SharePoint library files with OneDrive, this is easier.
Best part is, it supports both Windows & Mac.
Read more about it here

Sync SharePoint Library with OneDrive Client

Image Source: Office Blog

Features not available in SharePoint 2013 Workflow

Following are the features which are not available in SharePoint 2013 Workflow.

  • Actions
    • Stop Workflow
    • Capture a Version of the Document Set
    • Send Document Set to Repository
    • Set Content Approval Status for the Document Set
    • Start Document Set Approval Process
    • Declare Record
    • Set Content Approval Status
    • Undeclare Record
    • Add List Item
    • Inherit List Item Parent Permissions
    • Remove List Item Permissions
    • Replace List Item Permissions
    • Lookup Manager of a User
    • Assign a Form to a Group
    • Assign a To-Do Item
    • Collect Data from a User
    • Start Approval Process
    • Start Custom Task Process
    • Start Feedback Process
    • Copy List Item (SharePoint Designer 2013 supports only the document-copying action.)
  • Conditions
    • If current item field equals value
    • Check list item permission levels
    • Check list item permissions
  • Steps
    • Impersonation Step
  • Data sources
    • User Profile lookup
  • Other features
    • Visio integration
    • Association Column
    • Content Type Association for reusable workflow
    • ‘Require Manage List/Web Permission’ feature for list/site workflow
    • Globally reusable workflow type
    • Workflow visualization option

 

Source: https://msdn.microsoft.com/en-us/library/jj728659.aspx

File Icons in SharePoint Search Results using Display Template

In SharePoint 2013 search results, the icon for a file type like .msg, .txt shows up as .html icon.
In SharePoint 2010 this was overcome by mapping the icon file type in DocIcon.xml at WFE Servers.

But now since access to WFE servers are restricted in on-prem environment and no access in O-365 environment, the only solution available is to do the following.

  1. Edit the existing display template (I use custom display template with results shown in table and following is based on that) or create a new template for existing for the following located at (SiteCollection/All Files/_catalogs/masterpage/Display Templates/Search) accessible by using SharePoint Designer.
    1. xxxSearchTableResults.html
    2. xxxSearchTableItem.html
  2. Add the following codes and it should show correct icons.

Search Results Display Template:

<div style="width:15px;display:table-cell;text-align:left;font-weight:bold;padding: 5px 0px 4px 10px;">                                       
</div>

Search Item Display Template:

<div style="min-width:16px;max-width:16px;display: table-cell;white-space:nowrap;overflow:hidden;-ms-text-overflow:ellipsis;-o-text-overflow:ellipsis;text-overflow:ellipsis;">                                       
<!--#_
 var extObj = new Object();
extObj["FileExtension"] = ctx.CurrentItem.FileExtension;
 var iconUrl = SP.Utilities.HttpUtility.htmlEncode(Srch.U.ensureAllowedProtocol(Srch.U.getIconUrlByFileExtension(extObj, null)));
if(ctx.CurrentItem.IsContainer)
iconUrl = "/_layouts/15/images/icdocset.gif";
if(ctx.CurrentItem.FileExtension === "msg")
iconUrl = "/_layouts/15/images/icmsg.gif";
//console.log(ctx.CurrentItem.FileExtension);
 _#-->
<img id="_#= $htmlEncode(id + Srch.U.Ids.icon) =#_" onload="this.style.display='inline'" src='_#= iconUrl =#_' />
 </div>

Notes:
ctx.CurrentItem.FileExtension always return the file extension name which seems to match with the file name in the /_layouts/15/images/ folder.

For example msg = icmsg.gif or icmsg.png

Once done, the search results will show-up as following

Search-Icon

SharePoint Online Authentication

Office 365 Large Logo

SharePoint Online Authentication

The following is the interaction between

  1. Client Computer
  2. Office 365
  3. Azure Active Directory (Azure AD)
  4. On premise Active Directory Federation Service (AD FS) (if available)

Notes:

  1. The customer can use either On Premise AD FS or any identity provider or they can use Azure AD
  2. The root Federation Authentication (rtFA) cookie is used across all of SharePoint Online. When a user visits a new top level site or another company’s page, the rtFA cookie is used to authenticate them silently without a prompt. When a user signs out of SharePoint Online, all SharePoint Online cookies are deleted.

Authentication Process

  1. User does anonymous request to secured O365 SharePoint Webpage (SharePoint.com)
  2. The SharePoint then requests the default identity provider or Azure AD to authenticate the user
  3. Azure AD then requests the user to provide credentials i.e email and password
  4. Azure AD then decides based on the email id, which identity provider to use, either itself or on prem AD FS
  5. User types in the credentials and sends back to AD FS using the client computer
  6. The on-prem AD FS or Azure AD then validates the credentials
  7. If on-prem AD FS is the provider, then it provides an auth token back to Azure AD post validating the user
  8. If Azure AD is the provider, then it generates the auth token
  9. In both the cases, Azure AD generates an auth token, stores it in client computer and redirects user back to SharePoint online
  10. O365 SharePoint server then validates this auth token with Azure AD
  11. O365 SharePoint then creates root Federation Authentication (rtFA) cookie and Fedauth cookie to client computer
  12. This rtFA cookie is used by the computer for subsequent requests

 

For more information visit https://support.office.com/en-us/article/SharePoint-Online-authentication-77965e8d-48ad-47bd-a656-57f17d6d1cc7?ui=en-US&rs=en-US&ad=US

SharePoint 2013 Authentication – SAML Based

Sharepoint 2013

SharePoint 2013 – SAML Based Authentication

The following is the interaction between

  1. Client Computer
  2. SharePoint Server
  3. Active Directory Federation Service (AD FS)
  4. Active Directory Domain Service (AD DS)

Notes:

  1. AD FS & SAML Claims are not required if AD DS is the provider in which the forest and domains trust each other
  2. AD FS must trust the AD DS for which the AD FS is issuing the SAML security tokens
  3. Here the trust might be implicit as the AD FS is the member of AD DS domain and hence trusts the domain controllers
  4. AD FS must also trust the SharePoint locations
  5. Hence AD FS is configured with SharePoint’s web application URLs as relying parties
  6. SharePoint server also must trust the AD FS’s SAML token.
  7. This trust is obtained via a signed certificate which the AD FS has and it signs the tokens with this certificate
  8. The SharePoint server is also configured with the public portion of the above mentioned signed certificate which AD FS uses and SharePoint trust those signed tokens using this public portion

The SAML Based Authentication Process

  1. User does anonymous request to secured SharePoint Webpage
  2. SharePoint redirects the user to AD FS’s login page for user to enter credentials
  3. User types in the credentials and sends back to AD FS using the client computer
  4. The AD FS server then validates the credentials with AD DS
  5. Once user is validated, the AD FS then creates a SAML token, signs and send it back to client computer
  6. The client computer now sends a new request to SharePoint server now with SAML token provided by AD FS
  7. SharePoint then creates a claims based security token using Security Token Service and this claims is based on the claims which it found in SAML token which the AD FS has sent to client computer
  8. Then SharePoint stores this security token with Distributed Cache Service on the farm
  9. SharePoint server then generates and send the federated auth cookie back to client computer
  10. The fed auth cookie has encryped key or index to security token
  11. This fed auth cookie is used by the computer for subsequent requests

The following Video will explain the Forms based authentication in SharePoint 2013. This video is part of the Authentication overview for SharePoint 2013 article located at https://technet.microsoft.com/en-us/library/jj219571.aspx

For more information on SharePoint Claims check out more articles at http://social.technet.microsoft.com/wiki/contents/articles/14214.sharepoint-2013-claims-based-authentication.aspx