Secure Store Service to store credentials - work with anonymous

Hi All,

Just want to share something. Following my colleague's post , there is one more way on where to store settings, which is probably the preferred way.

We have been using config list in SharePoint that only Site Collection Admin can access. The problem is that they are stored as clear text and SharePoint doesn't provide Password field type OOTB.

Since the password requirement has changed, only infrastructure team can add/modify the password and they don't want us to know what the password is. As we want to avoid web.config modification, Secure Store Service application is the rescue! and it turns out to be pretty straightforward as well.

Having created your Secure Store Service application and added the credentials in, I only had to create a helper class to retrieve my settings. I didn't end up using the code in that post as I want to simply grab all my key-value pair:

Then you can just call that function and you will get your dictionary :)

Hope this helps,

SharePoint repair WFE IIS Site Missing Virtual Directories


When you have multiserver environment, your web application provisioning can go wrong due to many reasons (app pool timeout etc.) and as a result you can get one WFE works while the other does not.

In my case, some of OOTB virtual directories like _login and _windows were missing on one of my WFE. I don't want to recreate my web application from scratch - and luckily SharePoint provides Provision() and ProvisionGlobally() method.

We ran Provision() on the failed WFE and it fixed all our IIS sites (default and internet zone) in one go.

To do this just open powershell on the WFE:

You can remove the IIS site completely in WFE IIS manager and Provision() will recreate the IIS site for you.

Hope this helps,


Creating Web Template and WebProvisioned Receiver Walkthrough


As part of my migration project from MOSS 2007 to SP2013, I realised there was a site template I had to create. Reading up on web template and site definition, I decided to go with creating web template as this is much easier.

Turns out that to get things glued up together (site columns, content types, lists, etc.) is not as straightforward as it seems as we need the right code. I have listed the final code here so if you are to go and create a new web template things will be easier (I hope) :)

It's good to read this article as well re. Web Template

Creating Site Columns and Content Types

Creating these programmatically will allow you to have more control and will be able to upgrade these in the future. So in the 'Branding' feature, I create these with the help from this article and extend the helper methods to cater for the publishing html fields:

The Utility helper class:
Creating Web Property Bag

Next we will create property bag for our new site (Web scope). Add a new empty element file. P.S: the WebTemplateFeatureId will be your Web Template feature (Site scope)

Creating Web Template

Now we add a new module for our web template, which consists of Elements.xml and onet.xml.

For the onet.xml I copied the one from C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\TEMPLATE\SiteTemplates\BLANKINTERNET\XML without Document templates, Configuration 1 & 2 and Modules tag.
Onet.xml file:
Notice that I added the property bag feature and my default.aspx module that uses my custom page layout.

WebProvisioned receiver

The last thing we want to do is to configure our new created subsite to match the settings we want. Add a receiver module for the WebProvisioned feature receiver. Mark the receiver as Synchronous.
And the receiver code:
Navigation helper (thanks to this article) :

That's all I have to do :)


SharePoint 2013 Search Results webpart Change Query (QueryBuilder) button not working

Hi everyone,

I got this problem on my sites where 'Change Query' button on the Search Results webpart refreshes the page instead of showing the modal window.

Looking at the console window it seems that it can't read property 'QueryBuilder'.

Turns out after some investigation, it is because I had an html tag with name="Search" and it didn't like it.

I changed the name tag to something else and it starts working again.


SharePoint 2013 Running workflow programmatically StartWorkflow error FAILED hr detected (hr = 0x8102008a)


Just want to share something in regards to starting workflow using the Workflow Manager in code.

I have built a SPD reusable workflow for a content type.
I then add this workflow to my list in my site.

As I want to be able to trigger this workflow anonymously, I have to run the workflow using WorkflowManager instead of the standard auto start from UI (Otherwise the workflow will be created but will not run)

Originally I used the ItemAdded event receiver, then use this piece of code:

StartWorkflow function:

But my workflows only get triggered for some records (intermittently). When I run the debugging, I can see that a weird error is thrown:

An exception of type 'Microsoft.SharePoint.SPException' occurred in Microsoft.SharePoint.dll but was not handled in user code

FAILED hr detected (hr = 0x8102008a)
in the log : COMException: 0x8102008a

Looking around for solution I couldn't find the answer.

After some trials and errors, I noticed that my code doesn't throw that error when I call item.Update() before my StartWorkflow function.

However it sometimes throws Save Conflict Your changes conflict with those made concurrently by another user when I tested creating my list items in a quick manner.

I soon realised that it is because ItemAdded receiver is by default running asynchronously.

Since I also use my custom save functionality on my list item, I moved my code to be part of it. After the attachment functionality (described in my previous post), I just call my workflow.

Completed code:

If you still want to use ItemAdded receiver you should be able to make it work as well. Just make it run as a synchronous event rather than asynchronous.

Hope this helps,

SharePoint ADFS Cert expiring / rollover


If your ADFS cert is expiring, the SharePoint site will throw this error:

The SAML Assertion is either not signed or the signature’s KeyIdentifier cannot be resolved to a SecurityToken. Ensure that the appropriate issuer tokens are present on the token resolver

To resolve this, just go into your ADFS server, export the new Token Signing certificate, then run this in CA server:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:\SSL Certificate\ADFSCert.cer")
New-SPTrustedRootAuthority -Name “Token Signing Certificate” -Certificate $cert
$sts = Get-SPTrustedIdentityTokenIssuer
$sts | Set-SPTrustedIdentityTokenIssuer -ImportTrustCertificate $cert

And voila! it will start working again.


SharePoint Designer 2013 Workflow not updating and cache issues

Hi there,

Just want to share something re. the issues I encountered when using SPD to create SP 2010 workflows and then uploading them to other environment.

I found that after I made some changes to my workflows and then uploaded them to uat environment, my changes were not picked up.

First after reading some SPD cache issue here,
I thought this might have been my issue (not getting the latest assembly when Saving As Template from SPD DEV)

So I cleared the cache files as instructed and tried to upload them again to UAT and activated the solution + feature.

Then I noted these points
1. When you deactivate + remove solution from Solution gallery, it doesn’t remove it from SharePoint. SPD still lists the workflows!
2. Only when you activate the site feature then the SPD will recognize it and Modified Date is updated. I then checked my updated workflow and it still had the old logic!

So I deleted my workflows through SPD (in UAT) and re-uploaded and activated my workflows again. This time they are in the correct latest version J


Session state not storing or saving gotcha

Hi folks,

Recently in my SP-CRM project I noticed that my session state that I enabled in SharePoint doesn't use SQL Server for storage (it uses inproc). Although it works fine so far, but the recommended way is to enable sessionstateservice using Enable-spsessionstateservice powershell cmdlet.

So I did this, and my application was broken. After debugging, I realized it could not store my object into the session table in the database. I read up documentation and the requirement for storing object is that the object must be serializable.

I checked my class and it already had serializable attribute. However, there is a property with the type of the generated class created by crmsvcutil and I had a feeling this was the culprit, and I was right!

The solution is to not use any of the crmsvcutil generated class in your session variables, otherwise you wouldn't be able to save it. 


Knockout + JavaScript + Validation useful custom bindings and functions


Just to post some helpful bindings and JavaScript functions that I used multiple times throughout my projects. I have been using this in creating forms using jQuery and Knockout with Ajax web services.


Update: be careful if you need to deal with different timezone as client timezone and server timezone might not be the same. To avoid this issue altogether you can use knockout-jqueryui extension so that the value is written as string. This way we only need to deal with server timezone.

Radio Yes/No buttons

Synchronous ajax call (normally used to populate dropdown values)

Get QueryString

IE9 Filter problem

That's all for now. Hope this helps.


Sharepoint 2013 Anonymous list send email workflow


Continuing with the limitation of anonymous access in association to SharePoint lists, it turns out there is another one!

When anonymous users add a new list item and we want to send an email, we will think of either 'Alerts' or 'Custom Workflow'. Using alert will work fine if the email is redirected to SP users.
However if the email wants to go to certain email addresses or the person submitting the item (through email field for example) then 'Custom Workflow' is the way to go.

So I opened SPD 2013 and created some reusable workflows with 'To' set to Association parameter and the Email field on the list item. Also the send email is contained in the Impersonation step.
Workflow is then published and associated to the list. I set the trigger to run the workflow when new item is created.

Testing the workflow while logged in works fine - however when adding a new item anonymously, the workflow is just waiting and never triggered. Having read other people experiencing the same issues, the solution is to create an ItemAdded event receiver to run the workflow using elevated permission.

In my case I have a few lists with their own content types.

After activating the feature, you don't need the triggers set on your workflow settings anymore.


SharePoint 2013 anonymous access add attachments to list item


Sometimes you want to enable anonymous access to be able to add a list item but at the same time attaching some documents.

After good few hours playing around trying to make this work, turns out that we can achieve this functionality. The trick is to use RunWithElevatedPrivileges method for the file upload. We also want the file upload functionality to be available on the NewForm.aspx as it wouldn't make sense to put it in other forms as any user would be able to upload files to other records.

The result will be something like this:

When it is saved, the user is redirected to the display form:

The close button then will take the user back to the homepage (or any page you desire)

The steps:
1. Create an ascx control to host your file upload control in your project. 

Put the below script in the ascx as well (credit to this post):
The code behind:
2. Create custom form template. You have to put the ascx in the CONTROLTEMPLATES folder of the 15 hive. Then find ListForm rendering template from the DefaultTemplates.ascx and copy to the custom template ascx. Register the control from step 1 and modify the following table:

3. The last step is to add a FeatureActivated receiver in order to set the template name (I use content type for my lists). Also your code needs to break list inheritance and specify AddListItems permission for the anonymous users.


Sharepoint 2013 visual webpart ascx not updated when updating solution

Hi all,

I recently came across this issue. My visual webpart ascx file does not get updated when updating wsp solution. Same issue as this post or this post.

I have checked my ascx inside the wsp file and also looked at the g.cs file generated by SharePoint. Both were fine.

It used to be working fine when I updated my webpart files. This issue happens after I merged the code from another branch and built the solution. I suspect this has something to do with it.

I tried changing my ascx file so that it regenerates the g.cs file - but still doesn't work.

I then rolled back my code (before merging), updated the code manually and rebuilt the solution. This time it works! my webpart is updated again.

So, there is a bug with moving webpart code around projects (as indicated in the first post above) or merging the code (in my case). I hope this issue will get resolved as it will be annoying to not being able to merge some visual webpart codes between branches.

Update: this post might be the workaround - haven't tried it yet.


CRM 2011 - set or assign record owner


Just a recap of how to set the record owner or assign a new owner through the sdk.

When creating a record, you don't need to use AssignRequest. Simply set the OwnerId and call SaveChanges of your context.

But if the record already exists, then you must use AssignRequest to assign the record to the new owner.


Sharepoint 2013 List View Webpart Anonymous Access denied error You do not have permission to perform this action or access this resource


If you happen to get the access denied for anonymous users on a webpart (in my case list view) and you already gave anonymous permission on the list, you are not alone.

Apparently this is happening especially when you use custom xsl for the display of the items. Luckily I came across this thread that shows the trick to avoid this bug.

You just need another xsl that imports your custom xsl. In the webpart Xsl link you will then use this other xsl instead.

There you go. I tried this and I'm not getting the access denied anymore.