Microsoft SharePoint Online Code Analysis Framework (MSOCAF)

March 18, 2011

At Microsoft SharePoint Online, as a part of the validation and verification process, a tool is used: MSOCAF.

“MSOCAF analysis executes a set of rules against the custom solutions, prior to submission for deployment approval into the pre-production and production environments. The MSOCAF application is built using an extensible framework so that the SharePoint Online engineering team can add new rules and/or plug-ins in the future. Code analysis within MSOCAF focuses on areas like memory management, security vulnerabilities, exception management, object model usage, quality gates for unsupported features and reporting. The framework leverages existing tools like FxCop, CAT.Net, and SPDisposeCheck to analyze custom solutions. “

Now you can use it yourself too!



Visual Studio 2010 SP1 available (including TFS 2010)

March 18, 2011

The Visual Studio team have released the first service pack for VS 2010 and TFS 2010.

VS 2010
Visual Studio 2010 Service Pack 1

TFS 2010
Team Foundation Server 2010 Service Pack 1

Why it this SP1 so relevant for SharePoint 2010? We now have .Net Framework 3.5 Unit testing. I’ll let you figure this one out 😉
( here is a hint.

SharePoint 2010 February 2011 CU

March 18, 2011

The SharePoint 2010 Feburary 2011 CU is available.

KB2475880: The full server package for Microsoft SharePoint Foundation 2010
Download link

KB2475878: The full server package for SharePoint Server 2010 and contains also the MSF2010 fixes so you need only this one package.
Download link

Important for all Server Applications listed above:
After applying the preceding updates, run the SharePoint Products and Technologies Configuration Wizard or “psconfig –cmd upgrade –inplace b2b -wait” in command line. This needs to be done on all servers in the farm with SharePoint installed. You can run psconfig in parallel on all SharePoint machines.

We have with our February CU also a SharePoint Designer 2010 hotfix package available.

KB2496947: Description of the SharePoint Designer 2010 hotfix package (spd-x-none.msp): February 22, 2011
Download link
Please be sure that you take the right binary version because we have 32bit and 64bit available.

Also available for MOSS 2007 and WSS v3.0:


March 8, 2011

Small update to the blog. Liked this dilbert:

December 2010 CU available for SharePoint 2010 Foundation and Server

January 5, 2011

Head over here for more details:

Check the know issues, the server package has 2!

Working for Microsoft

December 7, 2010

As of the first of December 2010, I am working for Microsoft Services NL. My new job is Senior SharePoint Consultant. Still going to do SharePoint Architect work of course.

You can still reach me here, or via twitter: @vanhooijdonk.

Writing your own Trusted Identity provider for SP2010 (3)

November 16, 2010

This is part three of a Multi Blog post on “writing your own Trusted Identity provider / Claim Provider for SP2010“. In the first post I covered:

In the second post I covered:

In this post will:

  • Create a Trust between your Tusted Identity Provider (STS) and SharePoint 2010
  • Create or Configure your SP2010 WebApplication to use the Tusted Identity Provider

To create a Trust between your new STS and SharePoint you need to run a few powershell steps:
First we have some variables to set:

$invocation = (Get-Variable MyInvocation -Scope 0).Value
$rootPath = Split-Path $invocation.MyCommand.Path

$spClaimTypesCsv = Join-Path $rootPath "claim-types.csv"

# identity provider certificate
$idpSigningCertificatePath = Join-Path $rootPath "idp-certificate.crt"
# identity provider ca certificate
$idpSigningCertificateAuthority = Join-Path $rootPath "idp-certificate-ca.crt"

# identity provider url and name
$idpPassivEndpoint = ""
$idpName = "Verbondsleden"
$idpDisplayName = "Verbondsleden"

# sharepoint webapplication we are going to use to log in to with this identity provider
$spRealm = ""
# name of the SPClaimProvider in SharePoint we registered earlier
$claimProvider = "VerbondsledenClaimsProvider"
# login/username Claim Type
$userIdentityClaimType = ""

Next we start with the creation of a trust:

"Creating signing certificate for {0} from {1}" -f $idpName, $idpSigningCertificatePath
$idpSigningCertificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($idpSigningCertificatePath)
echo $idpSigningCertificate

"Trusting the IdP certificate directly {0}" -f $idpSigningCertificatePath
$rootCert = Get-PfxCertificate $idpSigningCertificatePath
Remove-SPTrustedRootAuthority $idpName

#Register the new identity provider
New-SPTrustedRootAuthority $idpName -Certificate $rootCert

This adds a Trust, and you can view this in the Central Administration :

Now we create a SPTrustedIdentityTokenIssuer:

# remove if it already exists
$sts = Get-SPTrustedIdentityTokenIssuer | where {$_.Name -eq $idpName }
if(-not ($sts -eq $null)) {
	"SPTrustedIdentityTokenIssuer {0} already exists, attempting to remove" -f $idpName
    Remove-SPTrustedIdentityTokenIssuer -Identity $idpName

# the ClaimTypes the Identity Provider provides, this is not needed because we have a SPClaimProvider
[array] $claimTypeMappings = @()
$spClaimType = Import-Csv $spClaimTypesCsv
foreach ($claimType in $spClaimType) {
	"Adding claim type {0} ({1})" -f $claimType.ClaimType, $claimType.Description
	$claimTypeMapping = New-SPClaimTypeMapping $claimType.ClaimType -IncomingClaimTypeDisplayName $claimType.Name -SameAsIncoming
    if(-not (($claimTypeMapping -eq $null) -or ($claimTypeMapping.InputClaimType -eq $null))) {
        $claimTypeMappings += $claimTypeMapping

"Creating SPTrustedIdentityTokenIssuer {0}" -f $idpName
$sts = New-SPTrustedIdentityTokenIssuer -Name $idpName -Description $idpDisplayName -Realm $spRealm -ImportTrustCertificate $idpSigningCertificate -ClaimsMappings $claimTypeMappings -SignInUrl $idpPassivEndpoint -IdentifierClaim $userIdentityClaimType
echo $sts

if($claimProvider -eq "") {
	"Default claim provider selected for {0}" -f $idpName
} else {
	"Setting claim provider for {0} to {1}" -f $idpName, $claimProvider
	Set-SPTrustedIdentityTokenIssuer -Identity $idpName -ClaimProvider $claimProvider

And now we can trust our own STS in our Claims Based WebApplication:

Off course there is an App/Wizard for this also: SPFedUtil.

So there you have it, when you browse your Claims Based WebApplicaiton you will now get this screen:

Choose your STS, login with proper credentials, and you will be redirected to your SharePoint WebApplication:

Small Bonus tip: add an identity claim to a Site collection Group

$usr = New-SPClaimsPrincipal -TrustedIdentityTokenIssuer "Verbondsleden" -Identity ""
New-SPUser $usr.ToEncodedString() -web
Set-SPUser -Identity $usr.ToEncodedString() -web $url -group "Groupname"

# done

Small Bonus tip 2: add a AD Group to a Site collection group with Claims based authentication:

$grp1 = (New-Object System.Security.Principal.NTAccount("TEST", "domain users")).Translate([System.Security.Principal.SecurityIdentifier]).Value
$memberclaims = New-SPClaimsPrincipal -Identity $grp1 -IdentityType WindowsSecurityGroupSid
New-SPUser  $memberclaims.ToEncodedString() -web
Set-SPUser -Identity $memberclaims.ToEncodedString() -web $url -group "Groupname"

# done

Enterprise Search query giving FaultException when using an ORDER BY

November 12, 2010

Ran into this on a project when using the “FullTextSqlQuery” object to query against the Enterprise Search Service of SharePoint 2010.
Had a query that included an Order By clause on my own Managed property other than the normal RANK.

string query = "SELECT Title, ItemContentType, Projectnaam, Projectnummer, Projectomschrijving, Projectstatus, Projectlocatie, DeelprojectVan, Thema,Opdrachtgever,Projectlogo, Path, Rank, Write FROM SCOPE() ";
query += "WHERE  ( (\"SCOPE\" = '";
query+= allSites;
query+= "') and ";
query += "((ItemContentType='Project Homepage') OR (ItemContentType='Bouw Homepage')) ";
query += ") ";
query += "ORDER BY Projectnaam";

I kept getting an exception: “System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]”

The problem was my Managed Property could not be used as an order by property.

Solution is easy to fix by PowerShell or the Central Admin:
Go to your Search Service application, click on through to the Managed Property you want to ORDER BY and check this box ON:

The text actually says you need to disable the checkbox for order by to work, but it kind of works the other way around.
In powershell:


$searchapp = Get-SPEnterpriseSearchServiceApplication "$searchAppName"
$prop = Get-SPEnterpriseSearchMetadataManagedProperty -SearchApplication $searchapp $fieldName
$prop.MaxCharactersInPropertyStoreIndex = 0x40

October 2010 CU for SharePoint 2010 and Foundation

October 27, 2010

Again Stefan Grossner is on top off things, there is another Cumulative Update for SharePoint 2010 and SharePoint foundation:

  • KB 2394323 – SharePoint Foundation 2010
  • KB 2394320 – SharePoint Server 2010

Wise advise by Stefan Grossner: For the 2010 Server Product it is sufficient to install the SharePoint Server 2010 package as it includes the SharePoint Foundation package.

And as a bonus:

KB2345451: SQL 2008 R2 CU 4 released (18 oct 2010)

SharePoint 2010 Foundation september 2010 hotfix

October 18, 2010

Just found that there is a hotfix for these topics:

  • The scheduled password-change process fails when you try to use the automatic password change feature for a SharePoint farm service account. This issue occurs when the service account is not a member of the local Administrators group in Windows.
  • A customized external binary large object (BLOB) storage provider (EBS Provider) crashes the worker process (W3wp.exe) when you perform one of the following actions:
    You upload a file through the Windows Explorer view or through the Microsoft FrontPage remote procedure call (RPC).
    You upload files by using the Multi-File upload control.
    You create a publishing site.

Link to hotfix: 2398734