Solving SharePoint FullTextSqlQuery Wrong Site Collection Error

The FullTextSqlQuery class is really nice for building readable query statements, all in familiar SQL syntax. While it’s a lot easier to use when querying data, the returned content is limited to that which has been indexed by SharePoint.

This is something to keep in mind, the indexing part. Consider the following code snippet, delivered as a generic static method:

[csharp]

RunQuery(“SELECT FileExtension, ContentClass, IsDocument, title, path, author from scope() “);

public static RunQuery(string queryText)
{
FullTextSqlQuery query = new FullTextSqlQuery(SPContext.Current.Site);
query.ResultTypes = ResultType.RelevantResults;
query.QueryText = queryText;
ResultTableCollection resultCollection = query.Execute();
DataTable resultDataTable = new DataTable();
ResultTable resultTable = resultCollection[ResultType.RelevantResults];
resultDataTable.Load(resultTable);
}
[/csharp]

While running such code, you may encounter a problem where the wrong site collections are returning data. It may crop up in the form of a particular site collection being always used, or a weird permutation of site collections. If this problem occurs, there are generally two causes of the problem.

1) Ensure you are referencing Microsoft.Office.Server.Search.Query.FullTextSqlQuery and not Microsoft.SharePoint.Search.Query.FullTextSqlQuery
2) Ensure in Central Administration / Site Settings / Search And Offline Availability /Indexing Site Content the content is being indexed.

Share

SharePoint Federated Identity Process – Part 4 – The Benefits and Limitations of SharePoint Identity Federation

You will find that the federated identity has a very flexible structure to it. With that in mind, Adam Buenz’s Software House is able to add customers when they have a trust relationship in place by the issuer and they create claims mapping. This is all very simple behind the scenes action due to the process of such mapping being a very simple process. However, it is also important to realize here that the actual software component order application didn’t change at all. When you create a federation there is only some minor changes to that overall structure that need to be taken care of.

With the claims of ARB Security Solutions the ability to read the name of the business and the name of the employees is there. There won’t be any mix ups when it comes to finding out who accessed the application from Adam Buenz’s Software House and who accessed it from ARB Security Solutions. As a result there is less upkeep involved with federated identity. The accounts don’t need to be copied and maintained even though there are many security realms associated with them.

However, there are some limitations in place to be aware of. First, the way in which the claims mapping works has to be evaluated. Anyone that is with ARB Security Solutions is able to track software component orders due to the way in which the requests are set up with the type role and the value of software component order tracker in place. What you should do though is limit exactly who in the business will have access. That is what we will take a closer look at. 

It is vital that you are able to set up trust relationships. In this scenario the two entities are using ADFS 2.0 for the issuer of their security tokens. A public key certificate needs to be in place. This will be in a file that the administrators from ARB Security Solutions will send to Adam Buenz’s Software House. It is as easy as attaching it to an email and sending.

The administrators for ARB Security Solutions will configure ADFS so that they requests from the Adam Buenz’s Software House issuer will be accepted. All that needs to be done for this to occur is to select TBD menu in the ADFS. The Adam Buenz’s Software House administration will install the certificate on the ADFS host. This allows the federation to work with both issuers.

Share

SharePoint Claims Based Authentication Architectures Explained Part 9 Specifying the Identity of a Given User

It is vital to be able to uniquely identity each user. This can prove to be very tricky at times because people don’t have that automatically as a part of them. A large portion of people are also very skeptical about anything that could affect their level of privacy. When you toss claims into the miss it can be something that takes time to determine how to do it right.

Keep in mind that not all applications out there really need to know specifically who a user is. All that is required is that something is used to keep the use of the application separated by user. You can even use a shopping cart to do this but even that is over the top for many applications out there today. For those that do have a per user requirement though that they track, you will definitely need to have some unique way of identifying every single user.

With traditional types of applications, there is a sign in name that is used to tell them from each other. When you have claims based applications in place though you will need to select what claims will be used to uniquely identify them. Then you will need to have the issuer set things up to give you the same values for them every single time that a user tries to access a given application.

It is a good idea to ask the issuer what claims they are set up to use for identifying users. When you use cross realm federation though you have to keep in mind that there is going to be more than one issuer involved. Each issuer does have it’s own URL that identifies it though. This can be used help with the process.

You will also find that all email addresses have some properties in them that are unique. This is why they are very good identifiers for claims. It is important that you realize you won’t have information about all of the users and claims out there for your application. When you go with cross realms you waiver that right of control in order to not have so much responsibility for your application.

Users are going to come and go using the token that they got from an issuer that you trust. With that token you will have information about who they are as well as what they have access to. Remember you don’t have to change your coding in order to support new users regardless of what realm they come from.

The issuer should be involved with the authorization decisions though. They shouldn’t be issuing tokens to any users that don’t have the credentials to access your application. Make sure everything is automated so that you don’t have to set up anything extra within your application. With a claims based application, you can give up lots of responsibility for the application. However, you do want to make sure you place that responsibility into the hands of a qualified issuer.

Share