New SharePoint Training Classes in the Course Catalog

I am pleased to announce the addition of four new SharePoint classes to our training catalog. You can read more about them here.

Here is our current catalog:

SharePoint 2007 Development Basics Boot Camp

Intermediate SharePoint 2007 Development Boot Camp

SharePoint 2007 Developer Brain Bomb

Web Content Management with Microsoft Office SharePoint Server 2007

Business Process Automation with Microsoft Office SharePoint Server 2007

We will be posting new dates for fall and winter SharePoint training classes in Atlanta very soon.

Basic MOSS Publishing Site Definition

One reason I’ve been so busy lately is the creation of another course for AppDev. This one is all about Web Content Management and I developed it with my friend Matt Ranlett. It should be out in the next couple of months and I’ll post an outline soon and add it to my own courses page.

In the videos, I spend a lot of time covering the features that make up the MOSS publishing feature set and create a solid site definition that you can use as a basis for your own publishing sites. While I very much admire (and have personally benefited from) the work that Scot Hillier has contributed to the community, I think this slightly more complex site definition is a better place for most people to start. It includes the ViewFormPagesLockDown feature I discussed previously, but more importantly, (among other differences) it also initializes the versioning, approval, and navigation properties of the various features within the site definition and includes more comments.

As an aside, Andrew Connell wrote an interesting post a few months ago about the need for site definitions called ‘You don’t need to create site definitions‘. One thing he and a few of his commenters allude to is that publishing site definitions are a little different, but none of them really go into it. The important difference is that the publishing and navigation features have feature receivers that accept properties. You cannot specify property values when using feature receivers.

This is important in the BasicWCM site definition because it takes advantage of this key ability a site definition brings to the table. For example:

<!– Publishing –>

<!– The configuration below specifies a configuration

identical to SimplePublishing=true

To change other options, leave SimplePublishing set to false

and change the Value attribute as needed.

The Properties without values are read by the Publishing feature


To specify a value, add the Value attribute–>




Value="Pages/Welcome.aspx" />


Key="AvailablePageLayouts" />

Key="AvailableWebTemplates" />


Key="PagesListUrl" />


















You can access the CodePlex project here. You can also download everything from my downloads library.

Happy SharePointing…


Author: Doug Ware

I see London, I see France… (Properly Securing Your Public Sites Part 2)

In my previous post, I talked about the ViewFormPagesLockDown feature. This removes the ViewFormsPages and UseRemoteAPIs permissions for guests across an entire site collection. This is a great thing if that’s what you intend to do, but occasionally you might want to do the same thing for a subset of your site. You could use code similar to that shown in the previous post using a single list instead of a site collection or you can do it using the user interface (an option not available for whole site collection scenario).

In SharePoint, a Permission Level is a named set of permissions. You can see the permission levels, by selecting Settings|Permission Levels on the Site Permissions page as shown below.

The MOSS publishing infrastructure features create a permission set named Restricted Read that allows users to view individual items, but denies them the ViewFormsPages permission. You can easily create your own permission to do the same thing. When you create the permission level, simply check View Items and SharePoint will take care of the rest.

Unfortunately, there is one big gotcha with this (using the browser – remember, you can set it with code) where anonymous access is concerned. To learn what it is, and one way to fix it, see this post.

I configured the Photos list on this blog using the View Items permission level.

You should see all the figures, but be unable to browse the photos list. If you click the link, you will see an Access Denied error.

I see London, I see France… (Properly Securing Your Public Sites Part 1)

Edit: Looks like Rich Finn was inspired to write the same post just a couple of days ago. He picked an even scarier search phrase that returned over 20k hits!

I see your site’s underpants!

Do you have a public facing SharePoint site that allows anonymous access? If you do, are you sure your anonymous users can’t step behind the curtains and browse your lists and libraries?

Just for fun, open your favorite search engine and search for "Items in this list contain HTML or text content which can be inserted into web pages".

Here is a screenshot of the results using Live search.

This screen shot proves two things.

  1. There are a lot of sites out there using the MOSS publishing infrastructure.
  2. The people who built the sites didn’t configure them properly.

(Fortunately I know it wasn’t any of us, right?) J

If your site is a collaboration site, you might not care if people can see the list form pages. In fact, you can see my form pages and I am happy because they show information that I want my visitors to see. On the other hand, if you have a publishing site that contains extensive and expensive branding, you probably don’t want your users to see the supporting list forms and you almost certainly don’t want the list forms showing up in people’s search results!

I am not sure why there are so many sites out there that have this specific problem. I know that sites based on the Minimal Publishing site definition exhibit the problem, but I can see that many of these sites are based on something else because they include the files deployed by the PublishingLayouts feature and this feature is not part of the minimal publishing site definition.

To fix this problem, all you have to do is activate a feature named ViewFormPagesLockDown. If your site is based on the built-in Publishing Portal or Collaboration Portal site definitions, it should already be active. If not, you’ll need to use the command line to activate ViewFormPagesLockDown.

Do so as follows:

stsadm –o activatefeature –name ViewFormPagesLockDown –url http://YourSiteHere.

This requires you to have MOSS because ViewFormPagesLockDown does not ship with WSS. However, you can easily write code to accomplish the same thing on any version of SharePoint based on WSS 3.0.

SPRoleDefinition roleDefinition = site.RootWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
roleDefinition.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages);
roleDefinition.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;


Use a CustomAction to Fight Blog Spam

I’ve been really busy lately, and a minor thorn in my side has been some especially obnoxious blog spammers. To keep my readers from seeing them spam and to deny them the ability to benefit from their evil ways, I turned on approvals in my content list. One of the spammers decided to fight back by sending the same content over every few minutes. One of the downsides of using approval is that it also makes getting rid of items in bulk more difficult, so this really, really irritated me and I had to write a little feature to restore my own sanity.

The feature consists of a custom action and an application page. You can download the VS2005 solution and web solution package here.

Here’s how you use it.

If Has Got Spam

(sorry, I’ve been playing with LOLCODE again)


Activate the Feature

(If you don’t know how to install a web solution package, the Visual Studio project will do it for you when you build)

Refresh the Comments List and Use the new Menu

Click OK to Delete the Evil Spam

Be careful to approve the comments that are not evil spam before you do this. I know I deleted a couple good comments accidentally.

How it Works


The custom action itself is simple. It targets only comment lists and shows up only if you have permission to approve items.







Title="Delete Pending Comments"

Description="Combat spam by deleting all the unapproved comments."




When you use it, it sends you to the new application page. You can see it’s full code in the download, but the main function is shown below.

void BtnDeletePendingComments_Click(object sender, EventArgs e)


SPList list = SPContext.Current.List;

for (int i = list.Items.Count – 1; i >= 0; i–)


SPListItem comment = list.Items[i];

if (comment.ModerationInformation.Status == SPModerationStatusType.Pending)








Enjoy! I’ll put this up on CodePlex next week.

–Doug Ware

Author: Doug Ware

July Atlanta .NET User Group Meeting and a Special Event


Monday, July 28, 2008 at 6:00 PM

LOCATION: Atlanta Microsoft Office

6:00    Networking and Refreshments
6:30    Tutorial or Q&A Session
7:15    Announcements
7:30    Technical Presentation

Special Event on July 16, 2008!!!

In addition to the meeting on July 28th, come to .NET University on ASP.NET on Wednesday, July 16. We’ll be starting with some fundamentals about ASP.NET and moving quickly into more advanced things like AJAX and the MVC framework, as well as working with IIS7 and Live services. It’s more than a how the stuff works – it’s why you’d want to use it and where and when it makes sense to do so.

This course is appropriate for folks who have been doing some basic ASP.NET work for a while and want to get a better understanding of the infrastructure, as well as people who are curious about MVC and Live Services.

The event includes free breakfast and lunch, and some giveaways at the end. is the link to register.

Our Regular Meeting…

New Features in SQL Server 2008 for Application Developers

Speaker: Whiney Weaver and Sergey Barskiy

As most of us have heard, SQL Server 2008 is due to be released in third quarter of this year. This marks another milestone in Microsoft’s flagship database product. As with every release, Microsoft’s engineers are introducing many new features that are designed to make application developers’ lives easier, make them more productive and efficient. There are many more features that are oriented toward database administrators, which are meant to improve SQL Server in many areas, including performance, security and other aspects of the product. This talk will concentrate on features that a software developer is interested in. We will attempt to organize these features and show how new technology can be used to accomplish everyday tasks. We will highlight functionality that can make developers more productive and improve overall application performance at the same time.

About the speakers: Whitney Weaver is a senior consultant with Magenic Technologies, a technical consulting firm which has achieved Microsoft Gold Partner Certification in Integrated E-Business, Microsoft Business Solutions, and Business Intelligence. He focuses on data technologies within the Microsoft product line. Over the past 11 years he has implemented SQL Server solutions for a number of industries including Energy Management, Financial Services, Health Insurance, Manufacturing, and State Government. Whitney regularly speaks at user groups and other developer events.

Sergey Barskiy is a senior consultant with Magenic Technologies. Prior to joining Magenic he has worked for Horizon Software for over 10 years, starting as a quality assurance engineer and working his way to a VP. He has been developing applications using Microsoft based technologies for over 10 years. He has bachelor’s degree in Computer Science, graduating Magna Cum Laude. He holds MCP, MCAD, MCSD certifications for .NET and MCDBA. He was a speaker at the last Atlanta Code Camp; his talk was on CSLA. He worked with SQL Server for over 6 years. He has been working in IT industry in the US for over 12 years. He has been programming since high school back in his native Ukraine.

Meeting Location and Directions
Microsoft Corporation
1125 Sanctuary Pkwy.
Suite 300
Atlanta, GA 30004

Directions to Microsoft