"Why am I getting a security error?" "Why does my code work sometimes, but not others?" "I wonder if McDonalds is hiring." Writing custom code in SharePoint opens up unlimited possibilities but also throws many hurdles in your way that will slow you down if you don’t take them into account. So, before giving up and searching for careers in the fast food industry, equip yourself with the knowledge you need to succeed in writing custom code for SharePoint. In this session you will learn: Best practices for avoiding performance issues Best practices for avoiding memory leaks Best practices for elevating privileges Avoid not disposing of SP Objects

1. SharePoint Customization
Overcoming Hurdles and Avoiding Pain
Geoff Varosky
Mark Rackley

2. About the speakers…
 The Hillbilly
 Mr. Ackley
– Catcher of all things that flow downhill
– Solutions Architect for Juniper Strategy, LLC.
• www.juniper-strategy.com
– Speaker, Blogger, (soon to be) Author
– Blog: www.sharepointhillbilly.com
– Twitter: @mrackley
– E-mail: mrackley@gmail.com

3. About the speakers…
 The Yankee
 Geoff Varosky
– MCP, MCTS
– Senior Solutions Developer for Grace-Hunt, LLC.
• www.grace-hunt.com
– Speaker, Blogger, (soon to be) Author
– Blog: www.sharepointyankee.com
– Twitter: @gvaro
– E-mail: gvarosky@grace-hunt.com

4. Agenda
 Introduction
 Development
 Deployment
 Resources
 Q&A

5. Introduction
 Types of Development
 Development Tools
 Development Environment
 Developing to Deploy

6. Introduction
 Types of Development
 Unmanaged Code
 Managed Code
 Customization

7. Introduction
 Development Tools
 STSDEV (2007)
– stsdev.codeplex.com
 WSPBuilder (2007 & 2010)
– wspbuilder.codeplex.com
 CKS:DEV (2010)
– cksdev.codeplex.com
 SharePoint Designer

8. Introduction
 Development Environment
 Physical?
 Virtual?
 Desktop?
 Dusty old PC under the desk?

9. Introduction
 2007 or 2010
 64-bit (leaves room for upgrade)
 >= 4G of RAM
 Choice of Virtual Host
– HyperV, VMWare, VirtualBox
– Not much in the way of VirtualPC support
 Create a base virtual image
– SQL, Base SP install, Service Packs, Dev Tools
– Visual Studio, SPD, etc.

10. Introduction
 Development Environment
 Follow the SDK (2010)
– 64 bit
– Desktop
• Windows 7
• Vista (SP1+)
• Http://msdn.microsoft.com/en-us/library/ee554869.aspx
– Server 2008

11. Introduction
 Development Environment
 Make sure your environment matches
deployment targets!
– In Visual Studio
• CPU
» x86? x64? AnyCPU?
– .NET Framework
– Service Packs
– Same architecture

12. Introduction
 Development Environment
 Don’t do everything as local admin!
– Follow proper account configuration from the SDK
 Developing to Deploy
 Use the least amount of privileges
– This will make admins happy
 Web application deployment (/bin)
– CAS policies

13. Development
 General Development Practices
 Lists
 EventReceivers
 Web Parts
 Unmanaged Code
 Web Services

14. Development
 General Development Practices
 Dispose of Objects!
– SPDisposeCheck
 Test with multiple accounts/privileges
 Strongly named assemblies
 Separate high and low privileged DLLs
 Do not mix .NET Framework versions
 64 bit code compatibility

15. Development
 General Development Practices
 Stay away from the database
– USE THE API!
 Use resource & language files
– Do not hard code strings and labels
 Caching when and where possible
– msdn.microsoft.com/library/bb687949.aspx
 CAS Policies
 Safe Controls

16. Development
 General Development Practices
 Use try{} catch{} finally{} blocks
 Check for nulls in finally{} blocks with
disposable objects before disposing
 Change defaults
 Assembly Info
 Name it properly
 GraceHunt.SharePoint.WebParts.Stuff

17. Development
 General Development Practices
 Sign Controls
– Do not password protect the SNK
 Elevating Privileges
– SPSecurity.RunWithElevatedPrivileges()
• Clean, Validated, Secure data
• Runs as System account
• Write operations?
» Preceeded by SPUtility|SPWeb.ValidateFormDigest
• Must use new SPSite or SPWeb – not
SPContext.Current

18. Development
 Lists
 Test queries before deployment!
 U2U CAML Query Builder
– Remove the <Query></Query> tags!
 http://www.spsprofessional.com/sqlcaml.aspx
 LINQ
 Batch queries when possible

19. Development
 Lists
 Do not use SPList.Items
– Use SPList.GetItems(query)
– Paginate (2000 items) – RowLimit
 GetItemByID
– Use SPList.GetitemByID
– Not SPList.Items.GetItemByID

20. Development
 Event Handlers
 Do not instantiate SPWeb, SPSite, SPList, or
SPListItem
 Use what the properties give you
– properties.OpenWeb()
– properties.ListItem
 Bulk operations will not run event handlers
– Ex: New list created – FieldAdding will not run

21. Development
 Event Handlers
 Connections
– Make sure you code for external systems not
being available
 LOG ERRORS
– Make it known why something went wrong

22. Development
 Web Parts
 Deploy to the Web Part Gallery
– Easy to add to a page from there
 AllowClose = false
– Closing web parts = bad
– X DOES NOT EQUAL DELETE
 Use Properties – avoid hard coded values
 HTMLEncode input values

23. Development
 Web Parts – In Code
 EnsureChildControls
– Ensure that the controls have been loaded before
using them.

24. Development
 Unmanaged Code
 JavaScript
– Will this be used in more than one place?
– Central Script repository (easy access)
– Deployment to _layouts folder
• More of a “managed” approach, more secure
• Less flexible

25. Development
 Unmanaged Code
 Content Editor Web Parts
– Awesome, flexible web parts!
– Use a library with versioning to link the WP to
• Easier to manage
• Versioning of “code”
 Publishing Sites
– Use content controls, not CEWPs!

26. Development
 Unmanaged Code
 Ghosted v. UnGhosted pages
– Uncustomized v. customized
– Unghosted pages can have issues with upgrades
• i.e. site definitions change with upgrades
– Branding

27. Development
 SharePoint Web Services
 Provide remote access to a range of object
model functionality
 Run on all front-end web servers
 Heavily dependent on XML and CAML
 Reside in physical file system in the 12...
Directory and in a virtual file system in
/_vti_bin

28. Development
 SharePoint Web Services – What They
Do
 Provide programmatic access via .NET and
SharePoint Designer
 Deliver relatively robust remote API
functionality
 Expose SharePoint data repository to
disconnected clients

29. Development
 SharePoint Web Services – What They
Do
 Permit inter-farm communication (geographic
distribution)
 Integrate well with WinForms, WPF, and
SilverLight
 Client Object Model (SP 2010)

30. Development
 SharePoint Web Services – What they
DON’T do
 Do not provide access to entire object model
 Do not permit manipulation of BLOB objects
(documents)
 NTLM and Basic Authentication Only
 No SSO integration
 No extensibility (sealed classes)
 Limited data aggregation (no joins)

31. Development
 SharePoint Web Services – When to use
them
 Remote accessibility
 Integration with backend or legacy systems
 Retrieval of items and content as XML
 Perform large batch updates to lists

32. Development
 SPServices– jQuery library utilized
SharePoint Web Services
 http://spservices.codeplex.com/

33. Development
 SharePoint Web Services Basics
 Add a Web Reference to any project type
 Must specify existing SharePoint site in URL + “/_vti_bin/” +
ServiceName + “.asmx”
 Set URL to dynamic

34. Development
 SharePoint Web Services Basics
 All column names are XML encoded and
prefixed with “ows_”
<rs:data ItemCount="1" xmlns:rs="urn:schemas-microsoft-com:rowset">
<z:row ows_Title="Elmer@Fudd.com"
ows_MetaInfo="4764;#"
ows__ModerationStatus="0"
ows__Level="1"
ows_ID="4764"
ows_owshiddenversion="5"
ows_UniqueId="4764;#{2272A40C-0DA5-4C0D-938D-BFF3AF9C8ACF}"
ows_FSObjType="4764;#0"
ows_Created="2009-12-12 12:55:10"
ows_FileRef="4764;#sps/Contact/test/Lists/Issues/4764_.000"
xmlns:z="#RowsetSchema" />
</rs:data>

35. Deployment
 USE SOLUTION PACKAGES!
 USE SOLUTION PACKAGES!
 USE SOLUTION PACKAGES!
 USE SOLUTION PACKAGES!
 USE SOLUTION PACKAGES!
 USE SOLUTION PACKAGES!
 USE SOLUTION PACKAGES!

36. Deployment
 User Code Solutions (2010)
 When possible
 Forces better programming practices
 Keeps the farm safe
– Makes admins & managers happy
 Admins can control
– Makes them feel special

37. Resources
 Development Tools
 Codeplex.com
– Search SharePoint & Development
 SharePointDevWiki.com
– www.sharepointdevwiki.com/display/public/Share
Point+Development+Tools
 SPDisposeCheck
– code.msdn.microsoft.com/SPDisposeCheck

38. Resources
 SDKs
 2010
– Server and Foundation
• http://msdn.microsoft.com/en-us/library/ee557253.aspx
 2007
– WSS
• http://msdn.microsoft.com/en-
us/library/ms441339(office.12).aspx
– MOSS 2007
• http://msdn.microsoft.com/en-
us/library/ms550992(office.12).aspx

39. Resources
 General Development
 Roger Lamb’s Blog
– blogs.msdn.com/rogerla/
 Patterns & Practices SharePoint Guidance
– msdn.microsoft.com/en-us/library/dd203468.aspx
 Using Disposable Objects
– msdn.microsoft.com/en-
us/library/aa973248(v=office.12).aspx

40. Resources
 General Development
 Working with Large Lists
– go.microsoft.com/fwlink?LinkId=95450
 SharePoint 2007 Best Practices Resource
Center
– technet.microsoft.com/en-
us/office/sharepointserver/bb736746.aspx

41. Q&A
Please be sure to fill out your
session evaluation!