Windows Auth with local IIS developer workstation

I was just troubleshooting an issue with legacy code base on my client workstation.  It is IIS 7.5 (guess what OS i am running) with Asp.Net  4.X and v2.0/v3.5 ISAPI registered.

The Asp.Net legacy application is built using windows authentication for security purposes.  When I configured the local code base to publish to local IIS website with a custom name, the website kept on prompting me an error.  For the life of me, I could not figure out the issue.  Setting Application Pool back to “Network Service” from ApplicationPoolIdentity did not fix the issue.

After breaking my head for hours, I finally remembered this little Gem from the past with the help of Google of course.  Basically, for NTLM and Kerberos if the target IIS host is in the domain, it is very strict who is allowed to authenticate via SSPI (fancy acronym for security negotiating).  I will need to update my developer on-boarding script to make sure I either disable loop-back checking or white-list the local custom dev URLs.  Security to insanity!

Advertisements

Modifying user path w/o Admin rights

Just the other day I was asked by a colleague, ” if our corporate laptops are protected that we do not have admin privileges, how are you able to do any development work?  I cannot do anything”.

That’s a great question.  However, MS Windows OS has gone over a few transformations and a lot of applications are written in a way that promotes usage w/o elevation.  Yet, some basic things are still puzzling. For example, user path variable.  The system path should be protected as it is set by admin installation of programs etc, but changing path for a user to ensure that one application can be started quickly w/o knowing the full path should be simple. But, it is anything but simple.

Going to User Accounts is not an option as you will quickly get an error screen either due to elevation restriction or basic GPO set by IT.  But there is another way. You can utilize the rundll32.exe to invoke the GUI directly.


rundll32 sysdm.cpl,EditEnvironmentVariables

I’ll continue exploring more ways to manage my workstation w/o elevation as i spend more time living with new fun policy.

Office 365 Network

In case you are not aware, but the Office 365 Network on Yammer is moving to a new platform, here is the official announcement. Come checkout Office 365 Network Preview and get your profile set up and start monitoring that platform.  It looks pretty good.  Based on the Yammer pin board messages, the network is moving in September.

I am actually excited because at my company the Yammer SSO was very cumbersome and now this will be a thing of the past as the new platform, built on top of Lithium social platform, allows open search and collaboration via open identity providers i.e. Live Id or O365 Identity.

Now, I still think that the best platform for answering the technical support questions is the Microsoft Office Community forum site which, unfortunately, I am only able to monitor scarcely these days.  This new platform is more towards socializing with the developer team and other thought leaders for

Go and explore it now!

Check for Group existence in SharePoint Site

In SharePoint 2013 server side object model (SSOM), it appears that the Method overloads of the SPGroupCollection such as GetByName() or indexer all throw an exception when the group is not found.  However, you can still use reflection to get non throwing version of the methods. In my project I ended up creating an extension method that wraps the reflection based function call.

public static class SPGroupCollectionExtensions
{
  public static SPGroup GetByNameNoThrow(this SPGroupCollection group, string groupName)
  {
    var method = group.GetType().GetMethod("GetByNameNoThrow", BindingFlags.Instance | BindingFlags.NonPublic);
var parameters = new object[] {groupName};
    return (SPGroup)method.Invoke(group, parameters);
   }
}

User Profile Synchronization Service won’t start due to PowerShell profile

Recently, I had been asked by the colleague to help them troubleshoot the issue where User Profile Synchronization service would hang during the attempt start.

There were no error logs except that it would return to Stopped state. We found out that if the account that you login is the same account that you run the User Profile Synchornization Service and that account has a powershell profile, then it causes the issue. It appears that during the start process of the UPS Synch service, it runs the PowerShell runspace with the default shell as opposed to creating its custom shell, so default profiles in your documents folder would be loaded. Thus, the issue.

Best way to resolve is to ensure that even in your dev environment, you must make sure that you’re not running your interactive shell with the account that’s running SharePoint services processes.

View SharePoint Deployment Progress

In the past, I have blogged that when a developer deploys the a WSP package through PowerShell, it’s nice to see if the deployment job succeeds before moving on to the next step.

In the past, this is the command I have used:

Get-SPSolution -Identity SomeSolution.wsp | Select Last* | fl

And waited until all servers in the farm are reporting that deployment is successful.  However, at times the job is still running.  A more robust approach I use now is to look for JobExists property and ensure that it’s false.  Therefore updated command I use now:

Get-SPSolution -Identity SomeSolution.wsp | Select Last*, JobExists | fl

Deleting TFS Work Item

I was creating a number of user stories and associating the Tasks to users, and quickly realized that the TFS 2013 still does not have a way to delete a task.  Woooaahhh!!!

There is a way to do it via command line, via witadmin tool:

witadmin destroywi /Collection:<TFS Collection URL> /id:<id of the task>