"Why am I getting a security error?" "Why does my code work sometimes, but not others?" "I wonder if McDonalds is hiring." Writing custom code in SharePoint opens up unlimited possibilities but also throws many hurdles in your way that will slow you down if you don’t take them into account. So, before giving up and searching for careers in the fast food industry, equip yourself with the knowledge you need to succeed in writing custom code for SharePoint.
In this session you will learn:
Best practices for avoiding performance issues
Best practices for avoiding memory leaks
Best practices for elevating privileges
Avoid not disposing of SP Objects
2. About the speakers…
The Hillbilly
Mr. Ackley
– Catcher of all things that flow downhill
– Solutions Architect for Juniper Strategy, LLC.
• www.juniper-strategy.com
– Speaker, Blogger, (soon to be) Author
– Blog: www.sharepointhillbilly.com
– Twitter: @mrackley
– E-mail: mrackley@gmail.com
3. About the speakers…
The Yankee
Geoff Varosky
– MCP, MCTS
– Senior Solutions Developer for Grace-Hunt, LLC.
• www.grace-hunt.com
– Speaker, Blogger, (soon to be) Author
– Blog: www.sharepointyankee.com
– Twitter: @gvaro
– E-mail: gvarosky@grace-hunt.com
9. Introduction
2007 or 2010
64-bit (leaves room for upgrade)
>= 4G of RAM
Choice of Virtual Host
– HyperV, VMWare, VirtualBox
– Not much in the way of VirtualPC support
Create a base virtual image
– SQL, Base SP install, Service Packs, Dev Tools
– Visual Studio, SPD, etc.
10. Introduction
Development Environment
Follow the SDK (2010)
– 64 bit
– Desktop
• Windows 7
• Vista (SP1+)
• Http://msdn.microsoft.com/en-us/library/ee554869.aspx
– Server 2008
11. Introduction
Development Environment
Make sure your environment matches
deployment targets!
– In Visual Studio
• CPU
» x86? x64? AnyCPU?
– .NET Framework
– Service Packs
– Same architecture
12. Introduction
Development Environment
Don’t do everything as local admin!
– Follow proper account configuration from the SDK
Developing to Deploy
Use the least amount of privileges
– This will make admins happy
Web application deployment (/bin)
– CAS policies
13. Development
General Development Practices
Lists
EventReceivers
Web Parts
Unmanaged Code
Web Services
14. Development
General Development Practices
Dispose of Objects!
– SPDisposeCheck
Test with multiple accounts/privileges
Strongly named assemblies
Separate high and low privileged DLLs
Do not mix .NET Framework versions
64 bit code compatibility
15. Development
General Development Practices
Stay away from the database
– USE THE API!
Use resource & language files
– Do not hard code strings and labels
Caching when and where possible
– msdn.microsoft.com/library/bb687949.aspx
CAS Policies
Safe Controls
16. Development
General Development Practices
Use try{} catch{} finally{} blocks
Check for nulls in finally{} blocks with
disposable objects before disposing
Change defaults
Assembly Info
Name it properly
GraceHunt.SharePoint.WebParts.Stuff
17. Development
General Development Practices
Sign Controls
– Do not password protect the SNK
Elevating Privileges
– SPSecurity.RunWithElevatedPrivileges()
• Clean, Validated, Secure data
• Runs as System account
• Write operations?
» Preceeded by SPUtility|SPWeb.ValidateFormDigest
• Must use new SPSite or SPWeb – not
SPContext.Current
18. Development
Lists
Test queries before deployment!
U2U CAML Query Builder
– Remove the <Query></Query> tags!
http://www.spsprofessional.com/sqlcaml.aspx
LINQ
Batch queries when possible
19. Development
Lists
Do not use SPList.Items
– Use SPList.GetItems(query)
– Paginate (2000 items) – RowLimit
GetItemByID
– Use SPList.GetitemByID
– Not SPList.Items.GetItemByID
20. Development
Event Handlers
Do not instantiate SPWeb, SPSite, SPList, or
SPListItem
Use what the properties give you
– properties.OpenWeb()
– properties.ListItem
Bulk operations will not run event handlers
– Ex: New list created – FieldAdding will not run
21. Development
Event Handlers
Connections
– Make sure you code for external systems not
being available
LOG ERRORS
– Make it known why something went wrong
22. Development
Web Parts
Deploy to the Web Part Gallery
– Easy to add to a page from there
AllowClose = false
– Closing web parts = bad
– X DOES NOT EQUAL DELETE
Use Properties – avoid hard coded values
HTMLEncode input values
23. Development
Web Parts – In Code
EnsureChildControls
– Ensure that the controls have been loaded before
using them.
24. Development
Unmanaged Code
JavaScript
– Will this be used in more than one place?
– Central Script repository (easy access)
– Deployment to _layouts folder
• More of a “managed” approach, more secure
• Less flexible
25. Development
Unmanaged Code
Content Editor Web Parts
– Awesome, flexible web parts!
– Use a library with versioning to link the WP to
• Easier to manage
• Versioning of “code”
Publishing Sites
– Use content controls, not CEWPs!
26. Development
Unmanaged Code
Ghosted v. UnGhosted pages
– Uncustomized v. customized
– Unghosted pages can have issues with upgrades
• i.e. site definitions change with upgrades
– Branding
27. Development
SharePoint Web Services
Provide remote access to a range of object
model functionality
Run on all front-end web servers
Heavily dependent on XML and CAML
Reside in physical file system in the 12...
Directory and in a virtual file system in
/_vti_bin
28. Development
SharePoint Web Services – What They
Do
Provide programmatic access via .NET and
SharePoint Designer
Deliver relatively robust remote API
functionality
Expose SharePoint data repository to
disconnected clients
29. Development
SharePoint Web Services – What They
Do
Permit inter-farm communication (geographic
distribution)
Integrate well with WinForms, WPF, and
SilverLight
Client Object Model (SP 2010)
30. Development
SharePoint Web Services – What they
DON’T do
Do not provide access to entire object model
Do not permit manipulation of BLOB objects
(documents)
NTLM and Basic Authentication Only
No SSO integration
No extensibility (sealed classes)
Limited data aggregation (no joins)
31. Development
SharePoint Web Services – When to use
them
Remote accessibility
Integration with backend or legacy systems
Retrieval of items and content as XML
Perform large batch updates to lists
33. Development
SharePoint Web Services Basics
Add a Web Reference to any project type
Must specify existing SharePoint site in URL + “/_vti_bin/” +
ServiceName + “.asmx”
Set URL to dynamic
34. Development
SharePoint Web Services Basics
All column names are XML encoded and
prefixed with “ows_”
<rs:data ItemCount="1" xmlns:rs="urn:schemas-microsoft-com:rowset">
<z:row ows_Title="Elmer@Fudd.com"
ows_MetaInfo="4764;#"
ows__ModerationStatus="0"
ows__Level="1"
ows_ID="4764"
ows_owshiddenversion="5"
ows_UniqueId="4764;#{2272A40C-0DA5-4C0D-938D-BFF3AF9C8ACF}"
ows_FSObjType="4764;#0"
ows_Created="2009-12-12 12:55:10"
ows_FileRef="4764;#sps/Contact/test/Lists/Issues/4764_.000"
xmlns:z="#RowsetSchema" />
</rs:data>
35. Deployment
USE SOLUTION PACKAGES!
USE SOLUTION PACKAGES!
USE SOLUTION PACKAGES!
USE SOLUTION PACKAGES!
USE SOLUTION PACKAGES!
USE SOLUTION PACKAGES!
USE SOLUTION PACKAGES!
36. Deployment
User Code Solutions (2010)
When possible
Forces better programming practices
Keeps the farm safe
– Makes admins & managers happy
Admins can control
– Makes them feel special
38. Resources
SDKs
2010
– Server and Foundation
• http://msdn.microsoft.com/en-us/library/ee557253.aspx
2007
– WSS
• http://msdn.microsoft.com/en-
us/library/ms441339(office.12).aspx
– MOSS 2007
• http://msdn.microsoft.com/en-
us/library/ms550992(office.12).aspx
39. Resources
General Development
Roger Lamb’s Blog
– blogs.msdn.com/rogerla/
Patterns & Practices SharePoint Guidance
– msdn.microsoft.com/en-us/library/dd203468.aspx
Using Disposable Objects
– msdn.microsoft.com/en-
us/library/aa973248(v=office.12).aspx
40. Resources
General Development
Working with Large Lists
– go.microsoft.com/fwlink?LinkId=95450
SharePoint 2007 Best Practices Resource
Center
– technet.microsoft.com/en-
us/office/sharepointserver/bb736746.aspx