Advancing Productivity and Operational Efficiency through Cloud Services and Apps


Best Practices

Houston Tech Fest 2009 – Best Practices on Developing and Customizing Web Parts

I’ve posted the PowerPoint deck of the presentation Apollo and I gave yesterday at the Houston Tech Fest: click here to download a copy.

It was a great event and I look forward to participating again next year. Thanks to all who attended our presentation.

digg_url = “”;digg_title = “Houston Tech Fest 2009 – Best Practices on Developing and Customizing Web Parts”;digg_bgcolor = “#FFFFFF”;digg_skin = “compact”;digg_url = undefined;digg_title = undefined;digg_bgcolor = undefined;digg_skin = undefined;

Back to Basics: Using Folder Structures in SharePoint Libraries

This is a topic that keeps on surfacing, and I don’t expect it to go away any time soon: When should we (if at all) use folder structures in SharePoint Libraries? As much as I hate to admit it, there is no simple answer. But personally, I don’t often see many compelling reasons to use folders in SharePoint.

Folders are essentially just another solution, or tool, to address a specific need; organizing files, or data, in some sort of logical structure, so that users can easily and/or quickly find the files or information that they are looking for. But using folders for this purpose with SharePoint would be much like using a modem to connect to the internet, while you had an Ethernet or WIFI connection readily available. Or storing your contacts on a rolodex, while having an electric organizer, PDA, or cell phone.

But if folders are so antiquated and inefficient, why does SharePoint gives us the option to use them? I can think of a couple of reasons, and have ran into some of them personally. I’ll elaborate on these a bit later, first I’d like to go over some of their limitations; some examples of why we should not use folders.

For starters folders are hierarchical in nature, and force us into a single structure per implementation; this alone has many implications. Consider the following scenario:

You’ve been given the task of organizing and maintaining manuals for specific systems within your organization (phone, fax, printers, copiers, voicemail, video conferencing, etc.) . Your organization is composed of several regions, each with specific divisions and offices in different locations. Not all offices share the same products or services (some do.) All of the offices share a common network. You’ve been given three simple requirements:

  1. Group A needs to browse the files by location (ex. Region > Division > Office)
  2. Group B needs to browse the files by product type (ex. Printers, Fax Machines, Copiers)
  3. Group C needs to browse the files by vendor (ex. HP, Kodak, Lanier, Polycom)

You’d be in quite a predicament…. You could create a folder structure such as the following:

  • Manuals
    • North America
    • South America
    • Asia
      • Division 1
      • Division 2
        • Office 1
        • Office 2
          • Phones
          • Fax Machines
          • Printers
          • Copiers

Which would satisfy the requirement of group A. But groups B and C would not likely be satisfied, and to make matters worse, you’d likely have to maintain duplicates of the same manuals (which you could possibly mitigate by utilizing shortcuts.)  But all in all not a very elegant solution, some might say it is quite the opposite.

Alternatively you could create a folder structure like this:

  • Manuals
    • Phones
    • Fax Machines
    • Printers
    • Copiers
      • HP
      • Kodak
      • Lanier

This would likely meet the requirements of group B and maybe even group C. It would also do away with duplicates. But what about group A.

There are many variations to this scenario, and the requirements may not always be given up front. A specific folder structure may work well for a period of time, and suddenly change; management may decide they want to view files in a different way.

But why would you try to use folders in the first place, when you could rely on views? Views would meet any one and all of these requirements. The information captured in the folder names should be stored as metadata with the specific files. You could then create a view that groups by; Region, Division, and Office; another that groups by Product Type; and yet another that groups by Vendor. Given the right AD groups and putting a little extra work towards setting up audiences, and you could create a page that automatically shows a different web part with the correct view for each group.

Some other reasons not to use folders:

  1. If you are basing your folder structure on your organizational hierarchy; keep in mind that these hierarchies can and often do change. Something much easier to manage using site columns, and views.
  2. If you do have to change the value of a Region, Division, or Office; which you’ve happened to use in your folder structure. Any links, bookmarks, or shortcuts to these files would probably break as the folder names form part of the Url.
  3. Folders increase the length of the Urls, which can cause errors after reaching a certain limit.
  4. Get your users thinking outside the box. Giving your users a couple of views that have properly named helps them think of other ways to look at the data. Even when your views closely resemble a folder structure. For instance giving them a view named “Products by Region”, lets them know that they could just as easily have a “Products by Office”, “Products by Type”, or “Products by Vendor”. And that they themselves could create similar views for the data they are responsible for in SharePoint.

So why does SharePoint offer folders in the first place, if you can just as easily and more efficiently organize your data with views? The following are a few scenarios where I’ve seen folders come in handy:

  1. Folders make it easier to apply different set of permissions to logical groups of files within a single library. However, keep in mind that this can and often should be accomplished by using different libraries. If you are worried about consistency across the libraries; consider using content types, or a library template.
  2. Copying files from libraries in bulk (using explorer view) and keeping some sort of logical structure. In my experience I don’t often see many scenarios that require users to copy files in bulk. While certain users may have the need to do this every once in a while, consider the repercussions, and remember that you should be configuring your library for the norm and not the exception. If copying or moving files in bulk happens to be the norm if your scenario; consider creating a new sub site for the group as a whole and splitting the files up into multiple libraries within that sub site.
digg_url = “”;digg_title = “Back to Basics: Using Folder Structures in SharePoint Libraries”;digg_bgcolor = “#FFFFFF”;digg_skin = “compact”;digg_url = undefined;digg_title = undefined;digg_bgcolor = undefined;digg_skin = undefined;

HTTP Error 403 – Forbidden with Custom or Updated Features and Application Pages

This is a fairly common and non-descriptive error that continues to surface more and more as the SharePoint developer community continues to grow. Surprisingly, I’ve found very little information in the web regarding what I believe to the most common cause and solution (hence this blog post).

Many things can trigger this error, and as you might expect by the description the error is security/permissions related. I’ve seen it most often, when browsing the Site Features and Site Collection Feature pages… but it has been known to take down a whole site; although mostly (and luckily) in dev environments.

So why do I keep referring back to development? And more importantly, what is this “most common” cause/solution? Its mostly tied to “drag and drop”; when you drag and drop files, permissions usually go with them (albeit there are a few exceptions.) With development rarely taking place directly in the 12 hive features, or layouts folder; its shouldn’t be surprising to see developers (and administrators alike) deploying and often testing changes to features by dragging and dropping files from their Desktop, My Documents, or project folders. Naturally this approach doesn’t follow best practices, but I wont deny having made the mistake while testing a quick change to a feature or elements xml file in a development environment. All updates to production environments should be done via WSPs.

So how do you solve the problem? Finding the culprit shouldn’t be too difficult, think of any items that have been recently deployed/updated. Cant think of any, search for any recently updated files of folders. If you do think of or find any; check the permissions and make any required modifications; also consider redeploying them via a WSP.

RunWithElevatedPrivileges – Exception, Not the Norm

Let me start by saying that while executing code via RunWithElevatedPrivileges may help you overcome certain “access denied” exceptions in your code, using it should be the exception not the norm. This is not meant to be a “how to” posting on RunWithElevatedPrivileges, there are plenty of articles out there that already cover just that. Instead I’d like to focus on a subject that I consider to be just as important; when is the right (and wrong) time to use this command.

I recently wrote an article for the MSDN on “Securing Application Pages for Windows SharePoint Services 3.0”. In it, I provided several code samples on how to do just what its title implies; some of which included calls to RunWithElevatedPrivileges. A respected colleague was quick to point out a concern; that some of the information contained in the article (specifically references to RunWithElevatedPrivileges) might result in certain individuals using the command without giving it sufficient thought.

The very reason I wrote the article, stems from how often I’ve seen this command used, and the security risks it presents. I’d hate for the article to be seen as a case or excuse for calling this command, when in large part is the very thing it tries to protect developers from.

SharePoint provides a very extensive and well thought out API, at least from a security standpoint ;). It uses impersonation, meaning that the code you write will execute under the context of the user viewing the page where your code resides. If you write a web part or application page that reads or writes information from a SharePoint List, Library, or Site that does not grant the user such rights; your web part or application page will throw an error… as it should. Your first instinct should not be to rewrite your code so that this logic executes via the RunWithElevatedPrivileges command. Doing so might be considered a hack.

That’s not to say using RunWithElevatedPrivileges is a “hack” every time, there are certain unique cases where you don’t have much of a choice. But first consider checking if the user has the necessary permissions via the DoesUserHavePermission method of either the SPSite, SPWeb, SPList, or even SPListItem your accessing with your code, and avoid doing anything further on that item if the method returns false for the required permission level. Alternatively (although often cause for debate) consider handling the access denied exception. Ultimately, don’t hurry too much writing your code, the quickest way is not always the best way.

Happy Coding. Oh.. and thanks for the pointer Matt.

Just Released – MSDN: Securing Application Pages in Windows SharePoint Services 3.0. By me :)

An article I recently wrote has just been published on MSDN. It covers the basic principles of securing application pages, and why they are often at risk; as well as providing code samples on how to properly secure your application pages, including:

  • How and when to validate page requests
  • How to verify Base Permissions
  • How to verify Role Definitions
  • How to verify Group Memberships

Check it out at: Securing Application Pages in Windows SharePoint Services 3.0 (

Submitting Items to Lists from Custom Application Pages

This posting is in response to a comment I had on a previous posting; “Using the InputFormSection and InputFormControl to build Custom Application Pages that look like OOTB Pages”. One of the readers posted a comment asking how to go about using the submit button to post to a list. Needless to say, I didn’t feel that answering his question by replying to his comment would be the best response. So I’ve decided to post my response here, where its a little bit easier to elaborate on the subject.

Application pages can in fact be used to create list items, but there are a number of things to consider. The first and probably most important thing, is that application pages can be accessed from any site in your SharePoint farm. If the list the form is meant to write to is accessible globally this may not be much of a problem, but I’d have to question how that list was created and where it is stored. Application pages are part of what I consider to be a fairly modular development framework in SharePoint, and the scenario mentioned doesn’t sound very modular at all; a page that is deployed or accessible from every site, but the list it writes to is only deployed to one. What if the site containing the list is deleted? Or certain fields changed? The site administrator would likely be able to do either, but he/she wouldn’t be able to update the Application Page, which would likely break.

So how do I recommend using Application Pages to write to lists? There are many ways, most (if not all) of which would involve Features. The following is a sample approach:

1. Develop a site or site collection Feature that creates a list. Since we will be writing to this list from a Custom Application Page, I recommend that the list be hidden. This recommendation stems from the fact that we don’t want anybody accidentally deleting or modifying the list, which may impact the Application Page. Of course this would probably mean creating another page to view and/or edit list items; this could be a Content Page or Application Page.

2. Develop the Application Page that writes to the list created by the feature, including logic in it that checks if the feature is activated. If the logic determines that the feature is not activated, the page should display a message stating that the feature needs to be activated for the page to work.

3. Use Custom Actions and Custom Action Groups to create a link to the Application Page(s) from the “Site Settings”, or “Site Actions” menu.

I don’t mean to imply that an Application Page shouldn’t be used to save items to a single globally accessible list. But it requires even more consideration and planning than the scenario mentioned above. Actually, I’ve had to develop such pages; in one example the list resides in Central Administration and is created as part of a Feature scoped at the Farm level.

In another scenario, the list may not be hidden, or even created by the feature. The list may be manually created (to capture very specific criteria) by a site or farm administrator, in which case another Application Page may be used to capture the location of the list, and save it in the property bag of the site or site collection. The Application Page that writes to the list, fist looks at the property bag to determine its location, if the property has not been set, the page simply returns a friendly error.

Like the above mentioned scenarios, I’m sure there are hundreds more. The point is all of them require some thought. Unless strictly used to display information that you know is always available, an Application Page is rarely a solution as a whole. Take time to carefully plan and design your Application Pages, examine your solution from multiple angles making sure it doesn’t easily break. Remember, if you fail to plan you are planning to fail.

digg_url = “”;digg_title = “Submitting Items to Lists from Custom Application Pages”;digg_bgcolor = “#FFFFFF”;digg_skin = “compact”;digg_url = undefined;digg_title = undefined;digg_bgcolor = undefined;digg_skin = undefined;

SharePoint – Architecting for Success

Last week, I gave a presentation on “Architecting for Success” at the SharePoint Technology Conference in San Francisco. It was a subset of full day workshop titled “Success with SharePoint – From Start to Finish”. For those of you interested, I’m making the presentation available for download here. (

Integrating Project Server with your SharePoint Farm

This topic has been coming up quite a bit for me recently, specifically the integration of Project Server with an existing SharePoint 2007 farm. I happen to have a strong opinion about it; whenever possible keep Project Server in a separate farm from that of your Portal, Intranet, and Extranet sites. Clearly, I cant make this recommendation for every scenario… but I do believe it’ll apply the vast majority of the time. If for whatever reason you can’t have more than one farm (it may very well be out of your hands), I will include some tips or best practices to help keep your farm in harmony.

Why separate farms? While Project Server relies heavily on SharePoint for the vast majority of its features (quite the understatement); Project Server environments are generally used very different from how Portals, Intranets, Extranets, and ECM environments are used. Having them on different environments allows for easier maintenance of one without impacting the other; this is particularly important with upgrades.

So how does integrating Project Server with the farm hosting your other environments affect it? For starters, if you are planning on upgrading either your standard SharePoint or Project Server sites; you cant really upgrade either without upgrading the farm… and since all are sharing the same farm, your not really left with much of a choice, unless you split them out while performing the upgrade… and now you’ll have 2 projects on your hand.

Also keep in mind that the user base will be completely different, as will be the stakeholders, and any project sponsors; as such, any SharePoint related initiatives of one group will have to be coordinated with the others. You’ll also likely have separate SLAs and governance for each environment.

If you only have one farm available, there are a couple of things you can do to help:

1. Keep the Project Server (PWA and Workspace Sites) in their own separate web applications. This setup will lend itself for an easier migration to a separate farm if an upgrade or separation is ever required, and allows for better segregation of both administrative and maintenance tasks.

2. Having a dedicated WFE (Web Front End) for your Project Server sites will help improve performance.

Blog at

Up ↑

%d bloggers like this: