Tag Archive 'moss'

Nov 14 2012

Beating CRM2011 Anti-XSS with a Web Resource Shim

Published by under Microsoft CRM

Background

In Microsoft Dynamics CRM we’ve got several places that documents relating to an account can be uploaded to SharePoint.  Some are custom solutions developed whilst we were using CRM4 and others are using the built-in CRM2011 SharePoint integration.

To keep things simple for users, I have created a SharePoint web part that allows them to see a consolidated view of documents relating to each account.  This web part has a menu against each document that allows users to open the record that the document was uploaded against.

The Problem

Previously, I was just opening the CRM record in an Internet Explorer (IE) window and everything was fine.  However, now CRM has got a nifty Xrm.Utility.openEntityForm() JavaScript function that will open entity forms in either an IE or Outlook window, depending on which client the user is using to access CRM.

If you are using a CRM Web Page WebResource, you’ve got the option of either including ClientGlobalContext.js.aspx or using parent.Xrm to access the Microsoft Xrm JavaScript object model.  Unfortunately, Crm is on one website address and SharePoint is another website address.  Therefore, although SharePoint is being displayed in CRM using an iFrame, Anti-XSS (Cross Site Scripting) prevents the use of parent.Xrm in the SharePoint page.

The Solution

Given that the Xrm JavaScript object model needs to be used from a page in CRM the solution I came up with is to use a WebResource html page that will act as a shim for SharePoint:

!DOCTYPE html>
<html>
<head>
    <title>Xrm Shim</title>
    <base>
    <script type="text/javascript" src="../ClientGlobalContext.js.aspx"></script>
    <script type="text/javascript" src="../c5_javascript/lib/jquery.min.js"></script>
    <script type="text/javascript">
        $(function () {
            var data = Xrm.Page.context.getQueryStringParameters();
            Xrm.Utility.openEntityForm(data.typename, data.id);
        });
    </script>
    <meta charset="utf-8">
</head>
<body>
</body>
</html>

I then updated my SharePoint web part to run the following script when the user clicks the CRM Record menu item:

crmRecordMenuItem.ClientOnClickScript =
    string.Format(@"ifrm = document.createElement('IFRAME');
        ifrm.setAttribute('src', '{0}/{1}/WebResources/xrmshim.htm?typename=%DocTypeName%&amp;id=%CRMDocID%');
        ifrm.style.width = 1+'px';
        ifrm.style.height = 1+'px';
        document.body.appendChild(ifrm);", crmUrl, crmOrgName);

This creates an iFrame that loads from html shim from CRM which in turn calls Xrm.Utility.openEntityForm using the typename and id passed from SharePoint in the query string parameters.

The shim is simple enough that it can be used on any page that is hosted on any site other that CRM.  It could be extended to call any Xrm object model methods provided by ClientGlobalContext.js.aspx.

No responses yet

Mar 10 2009

The SharePoint Adrenalin Moment

Published by under Programming,Software

I’ve been developing with SharePoint for about 9 month now, and by developing I don’t mean airy-fairy SharePoint Designer drag-and-drop, I mean proper getting your hands dirty in code because SharePoint doesn’t have an *cough* out of the box *cough* feature that does what you want.

Mostly, deployment is done in two stages, firstly to a UAT box and then to a Live box.  Obviously the most efficient way to do this is to bundle your features into a solution which can easily be deployed onto any number of machines.  But, it does mean you have to make sure you’ve got everything right.  Untangling mistakes in your code can be a right royal pain in the arse.

By the time you’ve developed your solution, tested it out, deployed it to UAT and tested it again you should be fairly confident that when you come to deploy it on the Live server things should go pretty smoothly.  And, touch wood, to date things have gone smoothly.

But I still can’t get over that rush of adrenaline that comes with clicking “Activate Feature” after deploying the solution on Live.  In the second or two whilst the page waits to reload my mind runs through all the possible things that could go wrong and how long it would take me to unpick the changes my code might have got half way though.  Then the page finally loads…..

….. “Feature Activated”, phew!  Time for a lie down to clam my nerves.

2 responses so far

Feb 11 2009

Microsoft Enterprise Search Roadmap

Published by under .NET,Programming,Software

When I first started developing with SharePoint in June last year the last thing that was on my mind was Enterprise Search.  I had considered it the sort of technology that you just plug in a magic box and it just did all the work for you.

Recently, however, I have been involved in developing a customised search solution using Microsoft Office SharePoint Server (MOSS) to allow a client to search client and non-client related documentation within their organisation.   What I rapidly discovered is that enterprise search is not a plug-and-play affair.  A lot of thought needs to go into the meta data that is used to define the taxonomy of the data (in this documents) and also how users are going to interact with search and how to make sure they get the information they need.

I have also recently been on a training course at FAST Search,which was acquired by Microsoft in April 2008.  The course was both an introduction to the structure of FAST ESP and also an in-depth look into customising the internal, both feeding content into the indexing engine of FAST ESP and building a rich user experience for getting content from the FATS ESP search engine.

The two activities have really awaken me to how powerfull enterprise search can be in empowering users to find information which previously they either may not have know how to access or, more likely, simply hadn’t known existed.  Whilst I was learning about FAST Search, it was generally anticipated that it would be included with the next generation of MOSS.  Today that was confirmed at FASTForward ’09 when Microsoft announced its roadmap for enterprise search which has two initial streams, firstly FAST Search for Internet Business which is mainly aimed at internet retail businesses – like you’d use to find products on Amazon.  The second, and more interesting for me, stream is FAST Search for SharePoint, which will integrate FAST Search more closely with SharePoint and would be used for the type of internal information discovery that I have been working on recently.

Mark Harrisson also noted on his blog that Microsoft is going to be offering ESP for SharePoint immediately which is

a special offering that allows customers to purchase high-end search capabilities today, with a defined licensing path to FAST Search for SharePoint when it becomes available.

I haven’t been able to find out more information about ESP for SharePoint, but it certainly looks like it could be an interesting product to get hold of.  I the mean time I’m keen to continue working with MOSS Enterprise Search and have just the right project lined up to flex my new found love of search on.

No responses yet

Aug 14 2008

The Quick Way To Trash SharePoint

Published by under Programming

I have just leant the hard way that you should always check the name you have given your feature before deploying it to a server.

Quite stupidly I created several features, at least two of which I now know conflicted with existing SharePoint features.  I used the xcopy method of deploying the feature on my local dev machine with the “/Y? switch to suppress prompts when over-writing existing files, so at the time I didn’t realise what I had done.

It was only when I can to create a new site collection that everything call falling down.  I’m currently downloading the SharePoint installation DVD from Microsoft in the hopes that a re-install will fix the problems.

From now on I’m going to be prefixing all features I create with the clients name.  This will provide two benefits:

  1. It will greatly reduce the risk of a feature name conflict.
  2. It will group all the directories together in explorer for easier deletion.

One response so far

Jul 14 2008

SharePoint Event Receiver Manager

Published by under .NET,Programming,Software

One of the things I’m working on is Event Receivers in SharePoint but I’ve found registering the event receivers to be a bit on the annoying side.  Yes you can do it with the feature.xml Receivers section and there is the great El Blanco Event Receivers Manager.

EventReceiverManagerI personally prefer desktop GUI applications and so, based on code by Liron, I’ve created my own desktop Event Receiver Manager.  It allows you to select site & list, browse for an assembly so it can give you the full assembly name and a list of classes inside, and a list of receivers you can attach to.

The current version only allows adding new event receivers.  Before adding a new receiver it will check to make sure the same receiver doesn’t already exist.

Future plans for it include listing existing receivers to allow users to delete them but as I don’t need to do that myself yet I haven’t implemented it.

Download a copy of EventReceiverManager.

3 responses so far

May 30 2008

Large Downloads From Microsoft

Published by under General

For my new job, which I’ll be starting in a little over three weeks, I’m going to be working heavily with Microsoft SharePoint (MOSS 2007 – I’ll leave the versions for another post) and Microsoft Dynamics CRM 4 (again a guide to version can wait for another post).  Whilst there is loads of information out there about development with these two platforms, what someone starting out with these needs to some hands-on experience.  

It’s wonderful reading about creating custom workflows in CRM but right now I’m suffering from serious information overflow because I’ve got all these theoretical concepts flying around in my head without being able to see how they work in reality – a picture is worth a thousand words but an hours hands-on experience is worth a thousand pictures.

Microsoft has been kind enough to provide free pre-configured demonstration Virtual PC disk images for free that allow you experiment and test without the cost or time spent in setting up your own server.  The images themselves are about 4Gb to download.  Considering all the software installed on them that isn’t too bad.  The trouble is that Microsoft has split these images into 700Mb self-extracting rar files that have to downloaded separately and extracted, which requires upwards of 8Gb of free space.

Over the past couple of weeks I have made several attempts to download the files but I have yet to get a working copy on my machine.  I have had problems with disconnection’s, running out of disk space (my bootcamp partition was too small) and corrupted files when they did download.  The fact that I have to download multiple files is a serious pain in the ass.  Why can’t Microsoft provide the disk images as a single file and embrace BitTorrent for distribution.   I’m sure it would be a lot quicker and less error prone.

In the meantime my new employer is sending over a portable hard drive with the disk images on it for me to use.

No responses yet