SharePoint 2013 workflow get user profile properties using social REST API & Call Web service

The powerful feature of SharePoint 2013 workflow is to call a web service which returns the data in JSON format.

Requirement is to fetch the User Title, Account ID, Department & other details from User Profile by using SharePoint 2013 Workflow Call Web Service action.

Prerequisites:

  1. App permission at social tenant Read
  2. Enable Workflow can use app permission feature on site
  3. Tenant rights to trust an app to a site
  4. Add user to local administrator group & farm administrator on SharePoint (Dev environment)
  5. Set “Authorization” to empty value on RequestHeader for Web Service call to SP.Social.PeopleManager

… To be continued

SharePoint URLs to rescue!

Below are the few URLs which might be useful for your SharePoint applications

Application page for registering SharePoint apps
/_layouts/15/appregnew.aspx

App inventory page to lookup based on the App ID
/_layouts/15/appinv.aspx

Site settings page
/_layouts/settings.aspx

View all site content page (Site content)
/_layouts/viewlsts.aspx

Manage site collection features – CASE SENSITIVE
/_layouts/ManageFeatures.aspx?Scope=Site

Manage site features
/_layouts/ManageFeatures.aspx

Sandboxed Solution Gallery:
/_catalogs/solutions/Forms/AllItems.aspx

Workflow history hidden list:
/lists/Workflow History

Filter toolbar for Lists and libraries
?Filter=1

Site usage page
/_layouts/usage.aspx

Site content and structure page
/_layouts/sitemanger.aspx

Get the version of the SharePoint server (Patch level)
/_vti_pvt/Service.cnf

Web Part Maintenance Page
?Contents=1

Show Page in Dialog View
?isdlg=1

Save Site as a template
/_layouts/savetmpl.aspx

Sign in as a different user
/_layouts/closeConnection.aspx?loginasanotheruser=true

Enable SharePoint designer
/_layouts/SharePointDesignerSettings.aspx

Welcome Page (Default page settings)
/_layouts/AreaWelcomePage.aspx

Change Site Master Page
/_layouts/ChangeSiteMasterPage.aspx

Page Layouts and Site Templates
/_Layouts/AreaTemplateSettings.aspx

Master Pages library
/_catalogs/masterpage/Forms/AllItems.aspx

User Information List
_catalogs/users/simple.aspx

Quick Deploy List
Quick%20Deploy%20Items/AllItems.aspx

Open Page in Edit Mode
?ToolPaneView=2

Taxonomy Hidden List (MMS)
Lists/TaxonomyHiddenList/AllItems.aspx

User Information List:
_catalogs/users/simple.aspx

Force displaying the user profile in the site
collection:
/_layouts/userdisp.aspx?id={UserID}&Force=True

Ref link – http://blogs.msdn.com/b/how24/archive/2013/05/23/famous-sharepoint-urls-amp-locations.aspx

SharePoint 2013 Custom Claims Provider, ADFS, Identity Trust STS – SPTrustedIdentityTokenIssuer

Enabling Federation in a SharePoint Application with AD FS 3.0 as the STS

Below are the listed activities that needs to be done on SharePoint server to register a new IdentityProvider. [Assuming that realm & other ADFS stuff is handled already]

List all the SPTrustedIdentityTokenIssuer

Get-SPTrustedIdentityTokenIssuer

Create a New Trusted Identity Token Issuer [New-SPTrustedIdentityTokenIssuer]

$realm = "urn:realmname:adfs"
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:\software\certs\DevADFSTokensigningcert.cer")
$map = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
$map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upi" -IncomingClaimTypeDisplayName "UPI" -SameAsIncoming
$map3 = New-SPClaimTypeMapping -IncomingClaimType "http://www.tempuri.org/claim/lotusgroup" -IncomingClaimTypeDisplayName "LotusGroup" -SameAsIncoming
$map4 = New-SPClaimTypeMapping -IncomingClaimType "http://www.tempuri.org/claim/ouiunit" -IncomingClaimTypeDisplayName "OUI Unit" -SameAsIncoming
$ap = New-SPTrustedIdentityTokenIssuer -Name "adfsdev" -Description "adfsdev" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map, $map2, $map3, $map4 -SignInUrl "https://contoso.org/adfs/ls" -IdentifierClaim "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"

The above scripts creates a new security token service [STS].

To add multiple provider realms for cases where you have different authentication.

$ap1 = Get-SPTrustedIdentityTokenIssuer -Identity "adfsdev"
$uri = new-object System.Uri("https://web2.contoso.org")
$ap1.ProviderRealms.Add($uri, "urn:realmname2:adfs2")
$ap1.Update()

Enable web application to use the newly created authentication claims provider

$setcba = Get-SPWebApplication "http://contosot:1001"
$setcba.UseClaimsAuthentication = 1;
$setcba.Update()

Go to Central Admin > Manage Web Applications > Select a web application > Click on Authentication Providers

AuthProvidrs

Click on Intranet > Un-check windows authentication > Select a trusted identity provider

Now, SharePoint web application is protected with ADFS.

With this claims provider, by default People Picker control does not resolve the names. To overcome this issue, we need to install Custom Claims Provider.

Clear steps to install custom claims provider is listed here – https://ldapcp.codeplex.com/

How to install LDAPCP

Install and deploy the solution (that will automatically activate the “LDAPCP” farm-scoped feature):

Add-SPSolution -LiteralPath "PATH TO WSP FILE"
Install-SPSolution -Identity "LDAPCP.wsp" -GACDeployment

At this point claim provider is inactive and it must be associated to an SPTrustedIdentityTokenIssuer to work:

$trust = Get-SPTrustedIdentityTokenIssuer "SPTRUST NAME"
$trust.ClaimProviderName = "LDAPCP"
$trust.Update()

How to update LDAPCP

Run Update-SPSolution cmdlet to start a timer job that that will deploy the update. You can monitor the progression in farm solutions page in central administration.

Update-SPSolution -GACDeployment -Identity "LDAPCP.wsp" -LiteralPath "C:\Data\Dev\LDAPCP.wsp"

How to remove LDAPCP

For an unknown reason, randomly SharePoint 2013 doesn’t uninstall correctly the solution because it removes assembly from the GAC before calling the feature receiver… When this happens, the claims provider is not removed and that causes issues when you re-install it.
To uninstall safely, deactivate the farm feature before retracting the solution:

Disable-SPFeature -identity "LDAPCP"
Uninstall-SPSolution -Identity "LDAPCP.wsp"
Remove-SPSolution -Identity "LDAPCP.wsp"

You might need to remove the claim provider too.

Get the lists of ClaimProviders

Get-SPClaimProvider

This lists the list of ClaimProviders including your custom claim provider.

To remove the custom claim provider

Remove-SPClaimProvider –Identity "Custom-ClaimPicker"

Note: You might get a error stating it’s in use. You would need to run the below scripts to update web applications not to use claim provider.

$setcba = Get-SPWebApplication "http://contoso:1002"
$setcba.UseClaimsAuthentication = 0;
$setcba.Update()

Now custom claim provider is successfully removed.

SharePoint 2013 Workflow error – HTTP 500 Object reference not set to an instance of an object [Resolved]

SharePoint 2013 server has been configured to use workflows with another workflow manager server & everything was working fine.

One fine day, SharePoint 2013 Workflows stopped working & below is the error.

RequestorId: 49ad67b4-dff9-ba82-301c-82dc1b03609a. Details: System.ApplicationException: HTTP 500 Object reference not set to an instance of an object. {"SPRequestGuid":["27b0385c-9513-4945-a1d2-284fe61a17b4"],"request-id":["27b0385c-9513-4945-a1d2-284fe61a17b4"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"SPRequestDuration":["103"],"SPIisLatency":["0"],"MicrosoftSharePointTeamServices":["15.0.0.4569"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1; RequireReadOnly"],"Date":["Tue, 21 Jul 2015 19:17:24 GMT"],"Server":["Microsoft-IIS\/8.0"],"X-Powered-By":["ASP.NET"]} at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)

I have tried lot many things like, User profile full synchronization, new user profile application etc.

Finally was able to resolve by re-activating the below workflow features on Site Coll & site level.

  • Workflows
  • Workflows can use app permissions

Few other errors & resolutions.

Error:
Failed to Sql Query data XEvent collector on SQLServer. The error is Object reference not set to an instance of an object

Resolutions:
Make sure the Farm account has ServerAdmin permissions or more on SQL server.

Error:
Column 'Path' does not exist. It may have been deleted by another user.

Cause:
Every workflow that has run before is associated with a hidden field/column in SharePoint. The workflow status page of each item references this field using its StaticName. This StaticName is the name that is referenced in the ‘ColumnName’ quoted above. When you remove a workflow from a list, you also remove this column.

Resolution:
1. Open your list -> List Settings -> Workflows -> Remove Workflows
2. Remove the workflow and any previous versions if you have not already done so.
3. Republish your workflow from SPD.

Error:
Application error when access /sites/SABER/_vti_bin/client.svc, Error=Object reference not set to an instance of an object.

Cause:
It happen when you are trying start workflow with an user that not have an user profile associated in UPM, or don't have "Work Email" in profile. I recommend you start a full sync with your AD, and try again starting your WF.

Resolution:
1. Add users to the User profile whoever will take part in the workflow.
2. Allow workflow to use app permissions in a SharePoint Server 2013 site

SharePoint 2013 – Sign in As a Different User [URL navigation]

You might have noticed, SharePoint 2013 site doesn’t has Sign in as a different user feature.

SignInAsdiff

In the most scenarios you might need to sign in as a different user, this could be more while you are working on a SharePoint site development.

You can sign in as a different user by opening the url in the below format

http://siteurl/_layouts/closeConnection.aspx?loginasanotheruser=true

SharePoint 2013 Provider Hosted App Timer job

Requirement is to have a timer job & a custom SharePoint 2013 application. Here you can not use Full Trust SharePoint solution as it has to be flexible enough to forklift to SharePoint Online & Azure Cloud.

So the chosen solution is to develop a Provider Hosted Application with a timer job.

The timer job on a provider hosted application (Remote IIS server) is achieved by having a scheduler task created to run a console application on IIS server.

The console application has the code to update SharePoint data on a schedule basis.

Below are the main steps involved

1. Create a new windows desktop console application.

NewConsoleAPp

2. Add Microsoft.SharePoint.Client.dll, Microsoft.SharePoint.Client.Runtime.dll & TokenHelper.cs files to the console application

NewConsoleReferences

3. Add Certificate, client id & issuer id details on App.config file.

ConsoleCertDetails

4. The console application code should be executed with AppContext instead of user context. (Below is the helper method created to return AppContext.)

ConsoleCode

5. Once you build the console application, you will get .exe file & that has to be scheduled to trigger by Windows Task Scheduler.

NewTask

The same code base can be used to create a new web job on Azure Cloud to make it work on cloud & SharePoint online.

GridMVC for SharePoint 2013 Provider Hosted MVC application with advanced grid features

GridMVC by default provides ajax based column filtering, search & sort. With a custom filter grid, it would give an option to add a dropdown for a column to filter similar to SharePoint OOTB grid filter feature.

All these features you can have with a SharePoint 2013 provider hosted MVC application.

You can install grid mvc with a nugget package manager to your MVC provider hosted application.

install-package Grid.Mvc

Sample code to render GridMVC on a page.

@using GridMvc.Html
@Html.Grid(Model).Columns(columns =>
{
columns.Add(foo => foo.Title).Titled("Custom column title").SetWidth(110);
columns.Add(foo => foo.Description).Sortable(true);
}).WithPaging(20)

Online demo

Reference – GridMVC

Elmah application log in provider hosted application for a better debug & error info

ELMAH (Error Logging Modules and Handlers) is an application-wide error logging facility that is completely pluggable. It can be dynamically added to a running ASP.NET web application, or even all ASP.NET web applications on a machine, without any need for re-compilation or re-deployment.

It’s a big savior for a SharePoint provider hosted application which gives more information on any kind of provider hosted app error, including trust issues.

ElmahLog

You can install elmah log for your web application on visual studio with the help of nuget package manager.

PM> Install-Package elmah

After installing, enable remote access as shown below.

elmahwebconfig

Reference – Elmah use guide

SharePoint 2013 Provider Hosted App (High Trust) – 401 Unauthorized Error

I have been facing this problem for a quite instances & every time it was a different issue. [I know you agree ;)]

401error

Below are the instances when I have faced the issue & it has got resolved.

1. Client ID / Issuer ID

This is a most common issue & you need to make sure these values are correct.

Issuer ID – You can get the issuer ID by executing the below script on SharePoint Management Shell on SharePoint server.

Get-SPTrustedIdentityTokenIssuer

Client ID – You can cross verify the Client ID used in web.config file with the client id registered on SharePoint site.

Go to Site Settings > Site Collection App Permissions [You will find registered client id on this page]

2. User Profile on SharePoint User Profile Service Application

Make sure user profile of the user who is launching the application is available on User Profile Service Application. Also, setup the user profile sync to avoid these issues with other users.

3. High Trust S2S setup

You need to make sure High Trust S2S setup is correct & working fine. [Ignore this if some other provider hosted applications are working]

You can follow the blog post to configure High Trust for provider hosted environment