Content by Search webpart in Office 365

3 Replies

It looks like the much awaited Content by Search Web Part might start showing up in Office 365 tenants!  I’m not sure when this started, and it might not be on all tenancies just yet.

Here it is in all its search laden glory …

image

It seems to depend on what version your Office 365 tenant is.  If you have 16.0.0.2120 or above then you should be in luck.

To find out what version your tenancy is on log in and navigate to the following URL:

https://FooCorp.sharepoint.com/_vti_pvt/service.cnf

You should see something like this:

vti_encoding:SR|utf8-nl
vti_extenderversion:SR|16.0.0.2120

Update: MS has announced this now:  http://blogs.office.com/b/office365tech/archive/2013/10/29/search-innovations-for-site-and-portal-design-in-sharepoint-online.aspx

-CJ

SharePoint Online protects against BREACH

1 Reply

Back in August a co-worker who is doing a lot of work with Office 365 noticed something changed in Office 365.  One of those sneaky, unannounced changes that break things inadvertently and take a while to track down.

It turns out Office 365, SharePoint Online in particular, had stopped Zipping returned  payloads to JavaScript Object Model (JS OM or JSOM), even if you explicitly asked for them.  You can read about his initial discovery in a blog post.

TL;DR – Send a request for information from SharePoint, include the “Accept-Encoding: gzip, deflate, sdch” header, response comes back without compression applied.

Here is it in action.  To try this at home you will need:

  • One SharePoint Online site
  • A tool like Fiddler or PostMan (handy Chrome app) for easily handcrafting and initiating HTTP requests and seeing what comes back.  I’m using it below.
  • A list set up in your SharePoint site with some data in it

Create a HTTP GET request to return the items from your list. Something like this:

http://MySharePointOnlineSite.SharePoint.com/sites/Developer/_api/Lists/MoviesList/Items?$select=Title

Add your Accept-Encoding header and Accept headers like so to ask for JSON back and gzip compression:

image

Send your request and you should see some JSON come back.  Something like this:

image

Notice a distinct lack of zippage? Also if you flip to the Headers tab on the response you don’t see a Content-Encoding: gzip like this:

image

Now this isn’t really a big problem in the grand scheme of things.  Unless you are calling this from a mobile app where bandwidth is important or you need low latency replies. Another example would be if you are building a SharePoint App and calling the REST services to get back list data to drive some UI … you want it to be snappy.

After a bit of hunting my co-worker pointed me at a post about an SSL + HTTP Compression hack called BREACH.  Basically this hack lets hackers break SSL by fiddling with the input on a request and watching changes in the compressed response. After a few (say 1000) requests they can crack your SSL.  Note this is only an issue if you are serving content than can change based on manipulation of request data AND the return payload can be compressed.

The fix?  Turn off HTTP compression on responses.

Yes, really. That seems to be the only practical option for mitigating against this attack right now. No, this isn’t a bug in IIS or SharePoint or any other product.

Hence, this seems to be why SharePoint online no longer compresses responses.  I was told that static files might be compressed since they wont fall victim to this hack, however my testing didn’t surface any resources that I could make come back compressed. (Let me know if you find one)

E plan tenants  are the most effected I think as the SharePoint Online sites are all behind SSL.

I found this really interesting so I thought I would share.

-CJ

PS: thanks to my Microsoft buddies who helped confirm this for me.

Speaking at SharePoint Intersection: Where Business, Technology, and Solutions Intersect, Oct 27th – 31st, Vegas!

Leave a reply

I’m heading to Vegas at the end of this month to speak at the SharePoint Intersection event.  You should come!!

I’m speaking about:

  • Pre Day workshop: Getting Your Arms Around the SharePoint 2013 App Model (with Andrew Connell)
  • SESSION: Apps for SharePoint Primer
  • SESSION: Working with SharePoint’s REST, CSOM and APIs Remotely
  • SESSION: Soup to Nuts: How to Build a Metadata and Search Driven Intranet
  • INTERSECTION: Extending SharePoint with Apps and Enterprise Solutions (with Andrew Connell and Jeremy Thake)

Register with the code JOHNSON and get $50 off. And get a free Surface or XBox One!*

WHERE: October 27-31, 2013, MGM Grand, Las Vegas, Nevada

SHAREPOINT INTERSECTION 2013 is an entirely new type of event, and it’s the one event you won’t want to miss. Join the world’s top SharePoint experts, Microsoft’s own product team, and hundreds of peers representing IT, business, developer, and design communities as we intersect to solve business problems and to maximize the value of SharePoint for our organizations.  

TRAINING: SharePoint Intersection features more than 50 sessions presented by the best-known names in the industry.  As if that’s not enough, five full-day workshops dive deep into key challenges and workloads.

FOR ALL YOU’RE DOING: Training at SharePoint Intersection is not just “50 random sessions”. Instead, the event’s sessions have been carefully laid out to deliver end-to-end guidance and solutions across 11 scenarios or “workloads”

  • Developing Apps and Enterprise Solutions
  • Administering and Managing SharePoint
  • Upgrading and Migrating to SharePoint 2013
  • Strategy, Governance, Adoption, and the Business of SharePoint
  • SharePoint in Office 365, the Cloud and Hybrid Environments
  • Collaboration and Content Management: ECM, IM, RM and DM
  • Search with SharePoint
  • Workflow, Business Process Management and Automation
  • Insight, Business Intelligence and Data Visualization with SharePoint and SQL Server
  • Branding, Design, and User Experience
  • SharePoint Social and Yammer

FOR YOUR ENTIRE TEAM: Unlike other events, SharePoint Intersection’s content chairs—SharePoint MVPs Andrew Connell and Dan Holme—have assembled an event that addresses the needs of everyone who is involved with, touched by, and impacted by SharePoint. You’ll find best-of-class content, whether you are a

  • Developer
  • IT Pro
  • Business manager or platform owner
  • Business user
  • Designer

SUCCEED TOGETHER: When it comes to maximizing the business value of SharePoint, and delivering real business needs, it takes the entire team.  We must come together, as business, IT and developers, to solve our problems.  At SharePoint Intersection, each scenario or workload features a unique Intersection Session, in we bring together IT, business, developers and our SharePoint Experts to answer questions, tackle the most pressing issues, get on the same page, and to build a path to success. We’re confident that the open forum Q&A style of these Intersection sessions will be among the most valuable experiences you take away from SharePoint Intersection.

BEYOND SHAREPOINT: SharePoint Intersection is just one of the events that is part of DEV INTERSECTION.  And as a SharePoint Intersection attendee, you have full access to dozens of sessions across other Intersection events, covering SQL, ASP.NET, Visual Studio, Azure, and Open Source.

FREE SURFACE OR XBOX ONE*

*When you make the most of SharePoint Intersection by registering with a Show Package that includes one or more full-day workshops, you’ll receive your choice of an XBOX ONE or SURFACE RT! See the website for details.

Keeping up with cloud releases, Yammer vs. 365

Leave a reply

A colleague Brendon Ford , and Office 365 MVP I would add, pointed me at a great resource today for keeping up with what Yammer are up to in terms of new stuff coming down the line.

http://success.yammer.com/product/releases/

This gives a reasonable amount of detail on the things they are working on and at what stage they are at.  I say reasonable because they don’t give hard dates on when things will release, but they do give some detail on what is coming.

Here are some examples that specifically relate to Office 365.

Better search integration…

image

Could this be the single sign on we are all waiting for?  Maybe not, but it seems to be getting better…

image

Office web app integration in Yammer for viewing documents etc…

image

This is pretty cool insight into what’s coming.

The question I have is:

When are we going to get this level of visibility into the core Office 365 products? Exchange, Lync and SharePoint?

One of the big issues we face with customers in Office 365 is having zero visibility into when things change.  We are not alone, Jeremy has a good write up about some issues they have faced with APIs changed unexpectedly.

If I were at Microsoft still here is a sampling of things I would be pushing hard for:

  • Release and Update schedule.  Notes on exactly what is coming and when (per tenant).
  • Dev sandbox.  Ability to ask for a temporary test tenancy on a particular “version” of the service/product so that customers and partners can test their other systems that integrate with Office 365.
  • Postponement.  The ability to ask for a postponement of an update for up to 30 days. This would give customers/partners time to test and fix up any issues.
  • Open dialog with trusted advisors.  Microsoft was built on the back of strong partnerships.  Having a group of trusted advisors with a Bat Phone to someone who cares in engineering would go a long way. This group wouldn’t need to be big, but would be of good people who get it. People who want to help MS get better, not moan about it publically.

Some might say:

“Chris that is all great, but surely they should just get their cloud model to work and not break stuff randomly!”

Yeah that is great if you think you can reach Nirvana.  However, that is an impossible goal. Especially with something as complicated as Office 365 and all of its constituent parts.  Don’t let some chump from the valley with bubble gum SaaS product tell you otherwise 🙂

I think with some of the above changes proposed that things would get A LOT better really quickly.

-CJ

Subscriptions for Office and SharePoint apps arrive

Leave a reply

One of the biggest issues for developers they face today with various app eco-systems is how to build an on going revenue stream.  This is the problem mobile developers face and why many mobile marketplaces have introduced in app purchases.

In the business world this is even more of a problem. Typically the apps are a lot more complex and require big investment to build, maintain and improve over time. It is simply not possible to build a business model on a single one time payment when someone buys an app.

What app builders need is an on going revenue stream via a subscription model.  It has been by far and away the most asked for revenue feature in the Office/SharePoint store.

Starting today that is possible. Here is the announcement.

The long and short of it is app developers can submit or update their apps to use the subscription model.  As of writing the store doesn’t seem to be offering subscriptions, but i suspect its going live shortly.

Update:  It looks like the only subscription option will be per user per month. Not yearly or something like per tenant per month/year etc…

The implications of this are HUGE.  I have heard from many people who are just not interested in building apps unless they have subscriptions. To date only ISVs with decent size and resources have been able to work around this store limitation by building their own commerce model and do their commerce and licensing outside of the store (which is allowed).  Nintex recently launched Nintex Workflow for Office 365 which does this. Licensing is managed outside of the store and they manage the subscriptions etc… This is also handy because they can deal with much more complex subscription types such as pricing tiers etc…  Managing your own subscriptions is nice because you have full control, but with it comes the complexity of doing all the commerce etc… Also by doing the commerce outside of the store you are not giving MS the 30% cut from your app sales.

I am really interested to see what other ISVs now pull the trigger and start offering apps in the store now we have this capability.  I suspect the big ISVs wont be using the store commerce model anyway … but i would expect to see some smaller ISVs coming to the party soon. 

-CJ

Super easy source control – Using Git and Dropbox together

2 Replies

I have been a big fan of Git source control for a while now.  It’s got great momentum, loads of support on various platforms and plenty of tools to help with using it.

For those not aware of Git i suggest taking a read of the Wikipedia article as i am not going to cover the basics of what a source control system is, or in Git’s case a distributed version control system.

I like Git … it is super simple. There is no server and no SQL database etc… Its all just on the file system.

As a Windows user I recommend the Git Extensions tools. It gives you a GUI tool that lets you do almost everything with your Git repository.

If you are working with someone else on some source there are a couple of strategies for using Git as i understand things (please let me know if there are other better options)

  1. Create Patches and send those to others (say in an email)
  2. Create a central repository and Push/Pull changes to that repo that everyone has access to.

GitHub.com is an example of 2. above that a lot of people will recognize. Another, less well known option is Microsoft’s Team Foundation Service (TFS) Online.  Both allow you to create and interact with repositories remotely.  In a reasonably simple manner.  You have to pay for private repos on GitHub and TFS is free for up to 5 users currently with more pricing options coming soon.

1. above seems hard to me. Constantly managing patches etc… eeek

However, for two or three person projects I wanted an even simpler option, so i started looking at using Dropbox to host the central repo. The idea is that team members push/pull from a repo that is in a Dropbox folder and that is replicated between machines. This means no additional setup to do with authentication with those services which i think makes life easier.

There is a drawback that you need to be aware of!  You really want to avoid people pushing changes to the central repo at the same time. This can lead to Dropbox getting confused and corrupting the repo. However, if you IM people and make sure it’s all clear then you should be good to go.  This is really only suitable for a two or three person team. Get a GitHub account if you need something more robust 🙂

Here is how it looks:

image

The central repo doesn’t have a “working directory” (a copy of the source that you can work on). It’s just the Git repo.  You can’t edit files etc… in this location. The Central repo is synced between, in this case, two peoples machines (there is also a copy in the Dropbox cloud).

Each person “clones” the central repo to a local working location on their machine. They do this as a personal repo so that they get a working directory. This will allow them to edit and modify files etc… They can also “commit” (aka checkin) changes to their personal repo.

When they are ready they Push commits from their personal repo to the central repo.  This then replicates the changes to others.

This might sound complex, but if you are a Git user and familiar with the tools its pretty easy to set up.

Using Git Extensions you do this as follows:

First create a new Dropbox folder:

image

Open Git Extensions and create a new central repo like this in your new folder in Dropbox:

image

Now go and create your personal Local repo by cloneing the central repo … but do it to a local directory (non-Dropbox)

image

Then you can open your Local repo and work your coding monkey magic in there. Drop in a file for example (note the irony of the filename i am using here and the file extension … i don’t like JS).

image

Commit that sucker and you have made your first legit change to the code.

At this point your buddy cant see your stuff. You have been working locally.  So now you need to Push your commit to the central repo.

image

Notice that your central repo is already set up as the “origin” remote location.  Push to that and you will notice some files start syncing in Dropbox.

image

Now your central repo is all syncing and dancing your counterpart can join the Dropbox folder and do the same “clone” process you did to create a local repo that they can work in.

I got the idea for using this method a while back from this stackoverflow thread: http://stackoverflow.com/a/1961515/26843  It shows you how to do this same process via the Git command line.

-CJ

SharePoint Saturday Redmond – Building solutions with the future in mind

1 Reply

I had a great time presenting at the SharePoint Saturday Redmond event today at the Microsoft Conference Center in Redmond.

My session was aimed at asking people to think about building and architecting solutions today while keeping the future in mind … even if you don’t have any plans to move to the cloud in the near future.

Even if you are not building cloud apps or solutions today this is still relevant. Get code out of your SharePoint processes and into a loosely coupled architecture. Your servers will be safer, faster and will remain up more often.

Here are the slides.

Erica Toelle was kind enough to take some notes during the session: http://ericatoelle.com/2013/spsred-johnson/

Launching SharePoint Apps, launch sequence, debugging and AppRedirect.aspx

1 Reply

Writing SharePoint Apps can be tricky at times. Especially until you learn to know where to look when things are not working for you. Usually the first issue people strike is trying to launch their app and it not working.

Usually one of the first errors people strike is a common one that has an error that says “The parameter ‘token’ cannot be null or empty string”.

image

This is a signal that something went wrong launching the application and that some of the information that is passed to SharePoint during the app launch wasn’t passed correctly.  Usually due to an app setup issue.

The particular error above could be caused by a variety of issues, however the point of this post is to show you the first place I look when trying to debug it.  Hopefully this will help others find and fix their problem too.

First, to understand where to look when debugging its important to understand the process of what happens when you are launching a SharePoint App. The basic steps of the launch process are:

  1. User clicks the app to launch it
  2. SharePoint sends the user to the AppRedirect.aspx telling it what app to launch
  3. AppRedirect.aspx builds a set of launch parameters including a context token and other parameters about the SharePoint site launching the app e.g. SPSiteUrl
  4. AppRedirect.aspx renders a page with these parameters as a hidden HTML form on the page
  5. Javascript runs that submits the form to the applications launch page, POSTing these form parameters along with some query string parameters
  6. The App page is called and can get these parameters from the Request and use them as it needs. e.g. for using the CSOM to call back to SharePoint.

The error shown above is a snippet of boilerplate code from a provider hosted app code template in Visual Studio.  In order to construct the CSOM context the classes in TokenHelper.cs that are used need some of the information passed in the POST parameters from AppRedirect.aspx.  These are not on the query string as they are POST parameters, so this is usually where people get stuck debugging.  You need to use a tool like Fiddler to see the POST being made and take a look at it.

Below is what the launch sequence looks like in Fiddler (click on the image to get a bigger version):

image

  1. AppRedirect.aspx is called and the launch parameters are constructed and the Form is submitted by the browser.
  2. The app page is called, in this case Default.aspx
  3. My app wants to make a call using the CSOM to SharePiont and as part of that needs an OAuth Access Token, so is reuqesting one from Azure Access Control Services (ACS) (topic for another post).
  4. Finally the CSOM query is processed and the call to ProcessQuery is made.

In the browser you will recognize the AppRedirect.aspx page by the infamous “Working on it…” text 🙂

If you open #1 above in Fiddler in the raw response to the browser you will see the following:

image

This is the HTML Form with the launch parameters included. 

If the SPAppToken is empty … you have a launch problem 🙂

If your form is missing the SPAppToken then you will get the error message at the beginning of those post. It’s got the context token that you need in order to use the CSOM.

If it’s empty in the Form you likely have an error message in the SPErrorInfo giving your some more information about why is null/empty.

SPErrorInfo is your first place to start looking for why things are not working.

This should provide some insight and more pointers on where to look next.

E.g. “The Azure Access Control service is unavailable”.   This message says that SharePoint can’t construct the SPAppToken because it cant talk to ACS in order to do that.  This could be for a variety of reasons, such as network connectivity.

This post wasn’t written to solve every problem you have with launching an app.  It was posted to help those trying to debug their apps.  I thought it would be useful for those wanting tips on where to look to find some information when they are having issues launching their app.

I hope to helps!

-CJ

Yammer and Office 365 integration gets tighter

Leave a reply

Microsoft has been talking about faster releases in Office 365 and getting functionality out to its customers on a cadence they are not used to with on-prem software.  It’s great to see this happening albeit too slowly for some people.

Today is another example of small but important steps forward.

Christophe from the SharePoint team just posted about a new improvement in Office 365 that lets you comment on a document that lives in Office 365 and have that comment land in Yammer.

We had built an app called Share-It for Office 365 that does this, albeit in a less sophisticated manner.  You can read about that here: http://www.looselytyped.net/2013/06/26/shareit-for-office-365-is-published/

Although I’m sad that Share-It for Office 365 in its current form has been superseded we have some new plans for Share-It that I hope to be able to talk about shortly deepening the integration options between the two system.  I can’t say i am upset they did this at all, after all the idea from Share-It actually came from the work I did with the SharePoint team during the last SharePoint Conference and it was very clear that eventually this same functionality would be baked in. It was no surprise at all.

It’s awesome to see the two getting small but important improvements like this!  Well done MS.

Read Christophe’s post here:
http://blogs.office.com/b/office365tech/archive/2013/09/12/starting-yammer-conversations-from-documents-stored-in-sharepoint-online.aspx

-CJ.

Extending your Azure AD tenant to include Office 365 services

2 Replies

I learnt something today that I thought would be interesting to share in the hope someone else won’t need to do the research.

Say you already have Windows Intune or Azure AD already up and running and now you are ready to give Office 365 a go.

You have a couple of choices:

  1. Create a new Office 365 tenant
  2. Extend your existing Azure AD tenant and add Office 365 services.

The correct way to do things is to Extend your existing tenant and add Office 365 services.  If you have Azure AD already you are likely DirSync to push all your user accounts from your on-prem AD to Azure AD.  It makes sense that those are the same users you want to access Office 365 no doubt.

If you try and create a new tenant and then do DirSync to that tenant you will most likely hit issues with trying to push the same users to two different Azure AD tenants.

Extending is the way to go.

If you sign into the Office 365 management portal using your current credentials you use for Azure AD/Intune you will see a page like this:

image

You will notice it is saying that you are not currently subscribed to any Office 365 services.

So how do you go about adding those?

Jump over to the “purchase services” tab in the left navigation and you will get a selection of the various plans (aka SKUs) available.  In my case I picked the E3 –Trial.

image

This will then add the services included to your tenant. Once provisioning is complete you can carry on with the other tasks you might like to do like setting up Identity Federation (ADFS) etc…

It seems blatantly obvious now I have tried this and this is possibly hardly worth a blog post, but until now I had always started from the Office 365 side of things and had never looked at starting with Azure AD and adding Office 365.

Turns out to be dead simple 🙂

-Chris.