Blogger

  • This email address is being protected from spambots. You need JavaScript enabled to view it.

    Recent items

Login

Luca Costante - Items filtered by date: January 2017

In the last period, This email address is being protected from spambots. You need JavaScript enabled to view it. and I are working hard with AirWarch environment (in special case AirWatch Browser) and our applications based on SharePoint 2013.

One of the most important (and dangerous) issue is related to the javascript Cross Domain (if you don't know what it's, I''m suggesting you to read this article).

We had a lot of applications that get data, manipulate it and forwarded to other applications from other applications. Unfortunately, all of these applications has their own URLs and a lot of them are in different domains.

We started to analyze the issue finding a workaround that is not impacting our infrastructure too much. Following, the description of the workaround:

  • we created new URLs for the applications in cross domain area in order to have URLs in the form of subdomain. This is an example
    • imagine to have 2 applications: A with URL http://tetris.contoso.com and application B with http://pacman.contoso.com. If from application A you try to call a WebService or another service via ajax (javascript), AirWach Browser will block it to avoid the issue of cross domain (for security reason)
  • our idea  (and the solution is):
    • create for application B an additional URL like http://pacman.tetris.contoso.com.
    • On IIS we added to the bindings of the web application the new URL
    • checked if the application is adding to the response the header "Access-Control-Allow-Origin". We did not have it, so to have it, we created the Global.asax object and into the Global.asax.cs class we added the following code

Show/Hidden csharp code

View source
 
 
 
protected void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin" , "*");
    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST");
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
        HttpContext.Current.Response.End();
    }
}
 
 
 

Magically, everything started to work fine. With this approach, we are now able to allow applications to communicate each other.

Published in SharePoint

Working with anonymous zone in SharePoint is every time very hard to work.

First of all you need to:

  • enable it into the web application with a specific zone
    • Navigate to SharePoint 2010 Central Administration -> Application management -> Manage web applications.
    • Choose the web application you would like to configure and click on Authentication Providers
    • Click on the zone that you would configure
    • On the Edit Authentication screen choose the Enable anonymous access option and click on save.
  • use the URL of the configured zone to enable the anonymous
    1. Our next step is to open your SharePoint site -> Site Actions -> Site Permissions
    2. Specify which parts of your web site you would like to enable anonymous access for and click on OK (Entire web site is suggested)
    3. Navigate to Galleries -> Master Pages and page layouts
    4. Click on the library tab
    5. Click on Library Permissions
    6. Click on Anonymous Access
    7. Specify the permission level of anonymous users. In our case we would like anonymous users to be able to view items.
    8. Navigate to Site Actions –> View All Site Content
    9. Click on Style Library and repeat the actions in steps 4 – 8.
  • Now is the time to test. Close the browser and re-open it (is suggested to use a Chrome of Firefox browser for these test to not allow Internet Explorer to send automatically the credentials if configured). If we see the ” Sign In” button on the top of the screen that means our configuration is correct and we can access the site anonymously.

It worked for us for a long time but a particular day, it stopped to work. The users started to receive 401 error (access denied).

We started the analysis and we:

  • checked the configuration in another web application and it worked
  • checked the file web.config and it was correctly filled
  • parsed GBs and GBs of logs to find out the issue

After long days we found out the issue: the reason was a user policy which denied access on the web application for one user account on all zones. After removing this policy from the zone providing the anonymous access eveything is working as expected.

I hope that this solution can help someone else :)

Published in SharePoint