Sharepoint – Run code with elevated rights

Sometimes, visitors or non-admin users need to run a task which need higher rights to perform. Execute specific code to run with Full control even the user does not have it. Common block message is “Access denied”, remarks prohibit executing the codes. For such purpose, Microsoft.SharePoint.dll provides method RunWithElevatedPrivilages.


SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite("http://localsite/"))
    {
         using (SPWeb web = site.OpenWeb(site))
         {
            // code to run
         }
    }
});

Continue reading

Advertisements

SP.js not load on Sharepoint Pages

There is an issue I found when working on Sharepoint 2013. I got “SP.js” error right after published the page and cause some feature disable, such as ribbon and other scripts can not be executed. It seems that SP.js does not load properly for publishing page and anonymous users. Some articles said that sharepoint loads certain javascript files when it needs, after published the page, ribbon will close and several javasripts were unload automatically.

Actually Sharepoint provides some methods to call scripts for many conditions. So we could choose wisely among them to solved our problem. Take a look :

Continue reading

Sharepoint 2013 – System accounts can not deploy an apps

1. Error occurred in deployment step ‘Install app for SharePoint’: The System Account cannot perform this action.

2. Cannot perform this action

3. Sorry, something went wrong Please refresh the page and try again.

These errors occur when I was trying to deploy an apps for SharePoint 2013. It took a while for me to figure out what truly happen. But, I’ll save your time by expose this solved problem of mine now.

Continue reading

Simple Javascript Debugger

While developing javascript, to debug any line of code, I always put Alert(value);. Most of us ever did this don’t we? Alert things is the fastest way to check value within running code. But, recently, I found interesting article on Firebug’s blog about “Firebug Logging”.

They said : Having a fancy JavaScript debugger is great, but sometimes the fastest way to find bugs is just to dump as much information to the console as you can. Firebug gives you a set of powerful logging functions that you can call from your own web pages. Using console makes our code clean, no pop-up message, and I can try to debug within Live site and won’t interrupt user. Debug’s result will be written inside console, for those who ever play with browser’s developer tools. Just press F12 inside browser’s window, each browser has it’s own tools.

Continue reading

Lorem Ipsum Dolor Sit Amet

That sentence appears in many products such as Ms Word online help, dummy web page, wood-matches box, etc. This phrase has the appearance of an intelligent Latin idiom but actually, it is nonsense.

The phrase has been used for several centuries to show the most distinctive features of fonts. It is used becasue the letters involved and the letter spacing in those combinations reveal, at their best, the weight, design, and other important features of the typeface. It aims the reader would ignore meaning of texts and stay focused onto element design of texts only. During the 1500s, a printer adapted this phrase to print sample of pages. Since then, many printing industry use it for dummy text.

Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. It came from a classical literature written by Cicero, “The Extremes of Good and Evil section 1.10.32-33“. This book is a treatise on the theory of ethics, very popular during the Renaissance.

Continue reading

Security Validation For This Page Is Invalid

Once time I wrote code for sharepoint, I got message error when tried to update item of certain list,

“The security validation for this page is invalid. Click Back in your Web browser.”

Actually, this is warning message to prevent our page from cross-site scripting attack or know by XSS. In general, cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.

To handle that issue, simply set “AllowUnsafeUpdates” into True to code before updating list. From msdn, SPWeb.AllowUnsafeUpdate means Gets or sets a Boolean value that specifies whether to allow updates to the database as a result of a GET request or without requiring a security validation. Setting this property to true opens security risks, potentially introducing cross-site scripting vulnerabilities.. Then finalizing the update by set AllowUnsafeUpadates back to default value : False.

Continue reading

SharePoint List Versioning

Utilizing SharePoint list gives us some key benefits instead of external list, there are paging, versioning, permission, etc. And at this time, I’m going to share about versioning, which enable us to store history of editing item inside list. Versioning by default is not active yet, we can enable it through List Setting. It seems a simple step to take but how if we have a system with many lists and all need versioning enabled. You can simply click this and click that thing for all day but I don’t recommend it.

There are some ways we could do to enable versioning on list. If you are developing solution with list definition, only left a few things to do are adding property VersioningEnabled in two files below.

Continue reading