SharePoint 2010 Best Practices

Microsoft has published a set of articles covering the Best Practices for those into planning, designing and architecting SharePoint 2010 solutions. These articles prepared by a group involving Microsoft Certified master(MCM's) and those from Microsoft SharePoint team, gives you insight on deploying, design and operating an enterprise level SharePoint environment. Click here to view the articles.


If you wish to see newly published articles for SharePoint Server 2010 by Microsoft TechNet, click here to view the list. 

Words Of Wisdom By Warren Buffet

I came to read an article by honcho of Berkshire Hathaway. I would say its a must read for everyone including entrepreneurs, looking out on how to be financially secure especially in times of a turbulent world economy.

(Click to view in original size)

Exploring IIS7

While working on URLRewriteModule to route all HTTP requests to HTTPS. The very first solution that came to my mind was to develop an 'HttpModule' to handle all the redirection stuff. For this I wrote an custom HttpModule in C#.

//Inside HttpModule
public void OnBeginRequest(Object sender, EventArgs e)
{
   HttpApplication HttpApp = (HttpApplication)sender;
   string HttpUrl = HttpApp.Request.Url.ToString();
   if (!IsSecureRequest(HttpApp.Request)))
   {
     HttpUrl = HttpUrl.Replace("http:", "https:");
     HttpApp.Response.Redirect(HttpUrl.ToString(), true); 
     HttpApp.Response.End();
   }
}

private static bool IsSecureRequest(HttpRequest request)
{
   bool HTTPSServerVar;
   bool RequestIsSecure;

   HTTPSServerVar = String.Compare(request.ServerVariables["HTTPS"], "on", true) == 0;
   RequestIsSecure = request.IsSecureConnection;

   return (HTTPSServerVar | RequestIsSecure);
}

//Web.Config changes

<system.webServer>
<modules>
<add name="urlrewriter" type="HTTP_TO_HTTPS.redir" />
</modules>
</system.webServer>

After testing the solution I was about to deploy it to staging server. So as to avoid pitfalls I rang up our solution architect to get inputs on, performance and security related stuff on my custom HttpModule. His feedback almost made me to scrap my custom HttpModule, the reason being Microsoft had come up with a URLRewrite module for IIS which could be downloaded and installed on an IIS machine. Moreover this module delivers the same functionality which I was trying to implement using custom HttpModule. While the best thing with Microsoft URLRewrite module is that, you could achieve HTTP to HTTPS redirection just by adding rule entries to your applications web.config file. Here's how to get this done.

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
  <conditions>
    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  </conditions>
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>

Exploring IIS 6/7 Request Pipeline:

Out of curiosity I decided to dig into the internals on how IIS6/7 hands HTTPS requests. Sometime back I heard that IIS is handling HTTP requests at the kernel level. After going through MSDN I was amazed to find that, with IIS 7 the way HTTPS requests were handled where completely revamped when compared with IIS 6. Let me first show you how SSL requests were handled in IIS 6.

 IIS 6 - HTTPS Request\Response pipeline:

1. Encrypted request received from client by the OS. (Kernel Mode)

2. A kernel mode driver HTTP.SYS accepts the encrypted request. (Kernel Mode)

3. HTTP.SYS passes over the encrypted request to HTTPFilter to decrypt. (User Mode)

4. HTTPFilter passes the decrypted request back to HTTP.SYS. (Kernel Mode)

5. HTTP.SYS forwards the decrypted request to IIS->W3WP.exe (User Mode)

6. HTTP.SYS receives the processed response comes back from IIS->W3WP.exe (Kernel Mode)

7. HTTP.SYS passes on the response to HTTPFilter for encrypting (User Mode)

8. HTTP.SYS receives the encrypted response from HTTPFilter (Kernel Mode)

9. HTTP.SYS sends out the encrypted response back to client (Kernel Mode)

In the above HTTPS request processing you could see that, a context switch is happening between the kernel mode(HTTP.sys) and user mode(HTTPFilter  i.e.   HTTP SSL windows service) for decrypting and encrypting requests. Which is  very expensive and could lead to poor performance under high loads. So as get this resolved, IIS 7 had taken a new approach while handling SSL requests.

 IIS 7 - SSL Request\Response Pipeline:

1. Encrypted request received from client by the OS. (Kernel Mode)

2. A kernel mode driver HTTP.SYS accepts the encrypted request. (Kernel Mode)

3. HTTP.SYS decrypts the request using SChannel. (Kernel Mode)

4. HTTP.SYS forwards the decrypted request to IIS->W3WP.exe (User Mode)

5. HTTP.SYS receives the processed response comes back from IIS->W3WP.exe (Kernel Mode)

6. HTTP.SYS encrypts the response using SChannel. (Kernel Mode)

7. HTTP.SYS sends out the encrypted response back to client (Kernel Mode)

Here you could see that the context switching for request\response encryption is now taken care of in the Kernel Mode itself using SChannel (Secure Channel). This makes IIS 7 more robust when it comes to serving pages under heavy load.

.NET Decompilers

I was a hardcore fan of .NET Reflector; but the moment Red-Gate acquired and commercialized .NET Reflector, I had to look for alternatives, but couldn't find anything similar at that time. Meanwhile Red-Gate trying to save their face recently announced in their forum, those using Reflector 6 wont be forced to upgrade to the latest version of the .NET Reflector, this means developers sticking with the freeware version wont have access to the bug fixes as well as to new features introduced with the future versions of .NET Reflector.

In the mean time, .NET open source community(SharpDevelop) had kick started a new project as an alternative to .NET Reflector under the title ILSpy. The best thing with ILSpy is that, first of all its open source and the source code is available for you to download and study or to contribute. The short coming I came to notice with ILSpy was that, unlike .NET Reflector it lacks those rich plugins which were available with .NET Reflector. I believe these short comings is going to be filled up by the community, in the upcoming versions of ILSpy. Here's a video demonstrating the features available in ILSpy.

(To watch this video in Youtube, right-click the video and select 'Watch on Youtube')

There's a good news for Re-sharper 6 users. Jet brains is shipping an integrated .NET decompiler, which provides similar kind of functionality by .NET Reflector Pro, also there's a good news for non-resharper users. Jet brains is giving out a standalone version of their decompiler as freeware, you can downloaded the freeware version of the decompiler from here.

I think the acquisition of .NET Reflector by Red-Gate in fact had opened the doors for  the open source community to come up with ILSpy, which I believe is going to evolve as a robust product at a faster pace than .NET Reflector, the prime reason being its open source. I request you to provide your valuable feedback and suggestions on ILSpy in their forum. 

See How SharePoint Makes Teams Work Smarter

Microsoft had come up with an exclusive site for decision makers and information workers to experience, how SharePoint solutions could transform their offices into  smarter work places. The site is well backed with videos like 'How-to', 'True Stories' and also with an SharePoint adoption kit which imbibes the message of making life easier with SharePoint 2010. You can visit the site by clicking over here. 

SharePoint Virtual FileSystem

Having worked with ASP.NET Web applications, I was quite familiar with the ASP.NET request pipeline architecture. But after stepping into SharePoint development I came to notice that, in SharePoint the aspx page names displayed in the URL weren't physically present in the SharePoint Root ("%Program Files%\Common Files\Microsoft Shared\Web Server Extensions\14") directory. I tried searching the entire disk for the filename, but nothing showed up in the search results. Seeing this, I got curious on how this works, because this is the first time I am seeing an ASP.NET page served from nowhere, which I felt kind of mysterious.

After a brief search my mysterious situation went up in flames, because those asp.net(.aspx) pages which I was curiously searching for were actually stored in the SharePoint Content database and not on the filesystem. For me this was something new which was previously unheard of in ASP.NET development.

So by now my curiosity got to new heights like, how come an aspx page be served from a database, how does this thing work? This time the search results took me to msdn page, which reveals about a new class called VirtualPathProvider which was introduced with ASP.NET 2.0. The class provides the Virtual FileSystem functionality for asp.net web applications, I believe this class was developed primarily for meeting the SharePoint team requirement of abstracting aspx pages to datasource like SQL Server. If you wish to know more about VirtualPathProvider visit this link.

SharePoint 2010 Books

When I started with SharePoint 2010 the very first problem I faced was identifying good books on developing applications for SharePoint 2010. Being completely new to SharePoint development, I was looking for books which could guide me step by step all the way from, Installation to intermediate development tasks and thereafter to advanced topics. I was pretty much sure that there wont be a single book covering all the way from novice to expert level.  So I had to turn to Amazon for books on SharePoint 2010, after a brief search I zeroed in on some after going through customer reviews and sample chapters of these books available at Google Books.

Beginning SharePoint 2010 Development: I would recommend this one for those who are completely new to SharePoint 2010 development. The book starts with basics like 'SharePoint developer tools' and takes you to high level topics like 'BCS' and 'MS Office integration'. The plus side of this book is that, it details tasks in step by step manner, which is highly appreciated for someone new to SharePoint 2010. While the downside is that, it didn't cover the installation and configuration part at all which I was highly expecting for a book targeted for beginners. By the way, while trying out the samples I had to troubleshoot most of those to get it running, for this I had to spend considerable time searching the net for solutions. I would say the troubleshooting sessions actually helped me to learn something new, which I think was a blessing in disguise.

The book covers topics only at a shallow level, so never expect to jump start  straight into SharePoint 2010 development after going through this book. If you wish to view the Table Of Contents, click here.

Inside SharePoint 2010: I would say this is the ultimate one, if you wish to have a in-depth understanding of SharePoint 2010. The book is actually packed with core stuff with no page to skim through as I did with while reading 'Beginning SharePoint 2010 Development'. With this book, you fill find yourself spending more time to grasp whats covered in each page. This book is best for those, who HAVE prior experience with SharePoint development. The reason why I wouldn't recommend for beginners is that, you wouldn't find a step by step walk through for any specific sample covered in this book. If you are planning opt for SharePoint 2010 developer certification, its better to go through this book, as chances are you would find definitely something new which no other book had covered there by giving you an edge over others.

Its better to prepare notes while reading this book, as you would find lot many crucial points and common pitfalls, which you could use as a reference at a later date.