Force Left Nav To at least 200 Pixels wide
Force Body To at least 500 Pixels high
SharePoint MindsharpBlogs > Paul Schaeflein
Experiences from the field

 Last 10 Posts

Nov 06
Published: November 06, 2010 15:11 PM by  Paul Schaeflein

I’m sure I am dating myself with this post (for the three of you who haven’t seen the beard), but I just read a fascinating blog post from Steve Gillmor.

Steve was an early podcaster and blogger. I know this, because I was there when podcasting began. Dave Winer talked about the infrastructure and Adam Curry provided entertainment and Dan Klass provided the comedy and Doug Kaye brought it to the mainstream IT department with his IT Conversations. Once of these first IT Conversations included Steve, who had a gang that discussed “vendor sports.” I always enjoyed these podcasts, especially trying to decipher what the heck Steve was talking about.

Anyway, while discussing Ray’s work and recent departure from Microsoft, Steve references SharePoint. My take on the paragraph – there is nothing more unique and important to Microsoft than SharePoint. I wholeheartedly agree, as do many customers. I can tell by the size of the project backlog that I have, along with many of the other SharePoint consultants I talk with. This is certainly an exciting time in the SharePoint community.

(In all fairness, I have to point out that the term “SharePad” was first used in a blog post by SharePoint luminary Mike Fitzmaurice a long time ago!

Oct 11
Published: October 11, 2010 13:10 PM by  Paul Schaeflein

In my TechEd NA session on claims, I demonstrated a web part that simply rendered all the claims of the current user. I intended to replicate the code in a WCF service. However, I have crossed that off my list. Dominick Baier of DevelopMentor has posted a service to echo the claims as part of a larger series on ADFS2, WIF and WCF. Recommended.

Sep 01
Published: September 01, 2010 23:09 PM by  Paul Schaeflein

Have you ever noticed the security paradox in computers? Most people will agree that managing Active Directory or LDAP directories is an administrative task. Not necessarily the password resets and account create (those tend to get pushed to the help desk), but the installation, configuration and general maintenance of these vital data stores is performed by the top-of-the-heap admin. (Rightly so!)

However, if the authentication provider is not one of these, say an ASP.NET Membership provider (FBA), then it usually falls to the developer to configure the solution. It seems short sighted to me that the person charged with monitoring the system would wash their hands of the technology used to secure it! But, I’m not here today to change this activity. No, I am writing about a wonderful little utility that developers and admins alike can use to get up to speed on the new claims-based identity world!

First, a little background. To setup claims authentication with SharePoint, you need to follow the directions on TechNet: Configure authentication using a SAML security token (SharePoint Server 2010). The big stumbling point for those just getting started – where do I find a Security Token Service Web application?  The answer is either ADFS2 or the WIF SDK. Well, now you have a third, and much easier option - SelfSTS.

SelfSTS is a security token service that is designed to issue tokens without a lot of configuration. For a full explanation, refer to Vittorio’s blog post. (If you are not subscribed to Vittorio’s blog, then you are not serious about claims auth!) To get SelfSTS working with SharePoint, there are a few little tweaks required outside of the steps laid out by TechNet and Vittorio. The steps below are copied and adjusted from the TechNet directions.

  1. Extract SelfSTS and run the executable from the bin\Release directory.
  2. Save the X509 Certificate that SelfSTS is using
    1. In the browser, navigate to the federation metadata page. (Be sure to start SelfSTS first. Otherwise, you will get a DNS error.) Hint: You can copy the url of the page from the SelfSTS UI. Click the "C" next to the link.
    2. In the metadata page, look for a tag named X509Certificate. Copy the inner text from any of these tags and paste it into Notepad.
    3. Save the file in Notepad. I put mine in the SelfSTS bin\Release folder with the name SelfSTS.cer
  3. In the SharePoint Management Console (PowerShell), read the certificate into a variable.
     $cert = New-Object
    System.Security.Cryptography.X509Certificates.X509Certificate2("path to cert file") 
  4. Map the claim that SelfSTS provides to one that is understood by SharePoint
     $map1 = New-SPClaimTypeMapping "" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming 
  5. The Realm setting is used by the STS to identify the source of the authentication request. In ADFS2, there is a user interface for mapping this identifier with the url of the application. However, SelfSTS does not have such a UI. Instead, it will automatically redirect to the value provided as the realm. So, this must be the url of the SharePoint claim service.

     $realm = "http://[WebApplicationUrl]/_trust/"
  6. You will need to tell SharePoint the url of the identity provider. This is the endpoint in SelfSTS. (I’ve listed the default value below.)
    $signinurl = "http://localhost:8000/STS/Issue/"
  7. Now, the trusted login provider can be created as shown in the TechNet article.
    New-SPTrustedIdentityTokenIssuer -Name
    "SelfSTS" -Description "SelfSTS sample" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType

Upon completion of these steps, the SelfSTS provider will be available for selection in the Trusted Identity Provider section when creating a new Web Application or modifying the Authentication Providers of an existing claims-based web application.

Before attempting to login to a site collection using SelfSTS, there are a few other items to address. The token signing certificate used by SelfSTS must be trusted by SharePoint. This is accomplished by the New-SPTrustedRootAuthority cmdlet in PowerShell, or via the Manage Trust link in the Security section of Central Administration. Also, be sure to grant permissions to the account provided by SelfSTS (or the all users account).

Again, the key differences when using SelfSTS is the Realm property, and that https is not required. (You are not leaving the box, so no need to incur that overhead.) Lastly, I want to point out that THIS IS FOR DEVELOPMENT PURPOSES ONLY. You should never use SelfSTS in production.

Update: Works fine under Windows 7.

Jul 08
Published: July 08, 2010 15:07 PM by  Paul Schaeflein

When VS2010 first came out in betas, one common complaint was that closing a lot of windows (for instance, after a debug session where you stepped into many different code files) required more work. The close button was moved from the right side of the tab well onto each individual tab.

I’m elated to see that the Visual Studio 2010 Power Tools lets us put the close button back to where it was!

Visual Studio Options - Document Tab Well

Apr 13
Published: April 13, 2010 20:04 PM by  Paul Schaeflein

Quite some time ago, Amazon came out with their cloud computing offering, EC2. I found the concept fascinating and wanted to try it out. I never did though, for quite a few reasons: initially there were no Windows instances; setup and management was via command-line utilities; running the command-line required confusing (to me) encryption keys; and I don’t run Firefox so I couldn’t take advantage of the extensions. I am sure that over the years that EC2 has been around that many of these obstacles have been removed. This post is not a criticism of Amazon, but there was no way that I was going to figure out all that stuff in the little free time I had. So cloud computing was still on my “see if it can help me do my job someday” list.

Today was that day. I needed to get a file from a client that was 60+ MB. Too big for email. The client has a policy forbidding the use of Mesh, and wanted to “just ftp” the file to my site. Well, I don’t have a site just lying around to receive ftp requests. Then I remembered – I can get one quickly in the cloud! Off to Amazon EC2. Instances. AMI’s. S3. Eeeek!!! I’m just a lowly developer, can I just get a remote desktop session?

Then I remembered talking with Jeff DeVerter from Rackspace when I was presenting in San Antonio a few months back. They have a cloud offering, so I looked at their instructions. 1-2-3. So simple, even a developer can do it! So, I signed up; talked with the agent to confirm I really want an account; provisioned a server with Win2008r2; added the IIS Management console and the FTP service; created a local account for my client; opened the FTP ports in the firewall and gave instructions to my client in less than 1 hour. He uploaded the file, I downloaded the file and deleted the server. Because of a couple of phone calls, my cloud server was running for 1 hour and 40 minutes. Total cost:  7 cents.

Now that I know the steps involved, I can script them and I bet that next time I can have the server running and configured while my client waits on the phone. (That is what us devs do best – automating those steps so they don’t get performed incorrectly!) That is certainly preferable to running a dedicated server as I did in the past.

Thank you to Amazon for pioneering this concept. And a big thank you to Jeff and Rackspace for making it easy for me to use it!

Mar 08

Are you interested in using the new claims-based authorization (Windows Identity Foundation) in SharePoint? I want to hear from you!

I’ve created a single-question survey that should take only a minute or two. It is anonymous. (If you want to start a dialog, contact me thru the blog or Twitter.)

Thanks in advance!

Mar 08
Published: March 08, 2010 10:03 AM by  Paul Schaeflein

Last week I had the opportunity to view the workshop put on by Mark Miller from I have to admit that I am not a real big “end user” of SharePoint. I am really an end user of Visual Studio. So it was very helpful to put myself in the shoes of others for a few hours.

I have a project coming up in which I need to build a video library in SharePoint. While I’m sure that I can build something pretty fancy, I don’t want to administer this library forever. That is where this workshop helped me: What concepts/actions are comfortable for end users? What issues will they face when using my application? What features does SharePoint provide that I can reuse?

So, it seems to me that is not valuable only to end-users. Even bit-twiddlers like me can benefit. If you see a workshop that looks relevant to your project, I encourage you to attend. You won’t regret it!

Mar 03

I spent entirely too much time troubleshooting failures to PXE boot to my WDS server. So, I’m adding this page to the Bing decision engine.

The problem and resolution are in this KB Article:

The DNS Server service binds to all ports in the Windows Deployment Services port range on a server that is running Windows Server 2008 R2 or Windows Server 2008

Mar 01
Published: March 01, 2010 13:03 PM by  Paul Schaeflein

Do you have tough technical questions regarding SharePoint for which you're seeking answers? Do you want to tap into the deep knowledge of the talented Microsoft Most Valuable Professionals? The SharePoint MVPs are the same people you see in the technical community as authors, speakers, user group leaders and answerers in the MSDN forums. This is the first time we have brought these experts together as a collective group to answer your questions live. So please join us and bring on the questions! This chat will cover WSS, MOSS and the SharePoint 2010 beta.  Topics include setup and administration, design, development and general questions.

Monday, March 15, 2010

9:00 – 10:00 A.M. Pacific Time

12:00 - 1:00 P.M. Eastern Time

16:00 - 17:00 GMT

Join the chat room on the day of the chat:


Feb 15
Published: February 15, 2010 14:02 PM by  Paul Schaeflein

I am excited to announce that I am hosting a SharePoint 2010 Community Launch event in conjunction with The Chicago Microsoft SharePoint Business Strategies Group.

We will have a short overview of SharePoint 2010 followed by a presentation on Enterprise Content Management by SharePoint MVP Ben Curry.

Come see the new Enterprise Content Management functionality in SharePoint Server 2010. Have you ever wanted to replicate a content type across many site collections with the click of a button? Have you wanted a centralized taxonomy that was easy to manage? Do you want to save time & money managing your information architecture? In SharePoint Server 2010, Enterprise Content Types and Metadata provide much more robust methods of data classification, retention, retrieval, and consumption. The agenda will include Content Type Syndication, Creating and Managing a Term Store, and integrating these solutions into sites, libraries, and Office 2010 applications.
Ben Curry (SharePoint MVP, CISSP, MCT, MCP, MCTS) is an enterprise architect specializing in knowledge management and collaboration technologies. As a Managing Consultant for Summit 7 Systems, Ben draws on his years of experience to manage the most demanding projects and system architectures while delivering powerful customized solutions based on the Microsoft Information Worker platforms. He has authored or co-authored 4 books on SharePoint Server, including SharePoint Server 2007 Best Practices and the forthcoming SharePoint Server 2010 Administrators' Pocket Consultant, both by Microsoft Press.

Registration is now open.

 ‭(Hidden)‬ Admin Links