Archives / 2011 / May
  • Microsoft Certified Master - SharePoint 2010, thoughts and reflections

    Tags: Personal, SharePoint 2010

    Now with the Microsoft Certified Master course two and a half weeks behind me and the great news that I accomplished all the exams, and might call myself a Microsoft Certified Master for SharePoint 2010, only a few days old I thought I should write something about the program, experience and value of it. Recent blog posts about the Microsoft certification programs also put some extra fuel onto the urge of writing about it.

    About the Microsoft Certified Master Program

    The Microsoft Certified Master Program is a high-end and exclusive training available for SQL Server, Active Directory, Lync Server, Exchange Server and SharePoint Server. The training is normally a three week course, held on site at the mothership in Redmond, tutored by the most skilled people on the respective product. It's the best training you can get! But it's not for everyone; first of all you need to pass several steps to even get into the program, then you need to pay the huge fee and then finally get out of the classroom with three exams and a qualification lab alive. If you need more information about the program, head on over to the MCM/MCA site.

    My rotation

    Ever since I first heard about the MCM program for SharePoint it has been a dream going over to Redmond and endure the pain. Last fall me and my company decided that I should go for it. So in December I started the application for the MCM training. The application is done in several steps. Before even starting it you have to pay the non-refundable application fee of about $1.000. Once this is cleared the application process starts; you need to send in samples of what you have done with the SharePoint products like specifications and designs and then you will be scheduled for an interview. The interview was horrible and at the same time fantastic. I had three people, current masters, interview me trying to find all my gaps and pain points. Once you couldn't answer properly or directly the drilled even further  until you almost had no idea what they were talking about. I was really impressed by the interview and the background research the interviewer had made - they even questioned me on details in my presentations that I had posted on my blog.

    Lab time in B40About a week after the interview I had a phone call where I was told that I was allowed into the program and schedule a rotation, after paying the huge fee. I also received very good feedback on what I needed to read up on and practice on. This was in January and I scheduled the next upcoming full rotation, which was in April/May. And now the hard work started. The pre-reading list is quite extensive and covers most of TechNet and MSDN and I finished that a couple of weeks prior to the rotation. I also did a lot of practice on my own using CloudShare where I could build me some virtual farms and experiment with different scenarios.

    When the actual rotation started I thought I was well prepared! But, the depth and level of details was far more than I expected. Each and every session had so much information that needed to be placed somewhere in your head and I found myself sometimes not finding room for it. I especially remember the Search session and the Upgrades sessions! During these three weeks every weekday had scheduled sessions daytime and evening/nights were spent on reading and doing hand-on-labs. A huge credit to the MCM team with Brett leading the crew, for all the labs and the amazing lab environment! The weekends were spent on reading, reading, reading and doing labs to prepare for the weekly exams. These are Prometric like exams but where almost any answer could be the correct one - extremely hard.

    The Qualification Lab

    The grand final of the MCM is the Qualification Lab. It's an 8 hour long lab where you get a number of tasks, ranging from IT-pro to dev stuff to governance and architecture. I was quite nervous about this one, but as soon as it started I enjoyed every single minute of it. I usually drink quite a lot of coffee - but I forgot about that and I almost skipped eating my lunch to try to get as much as possibly done. After the qual lab I was completely drained, and I guess most of my R8 mates was as well.

    MCM Summary

    After coming home I was so tired, should have taken vacation! Not only the jet lag but in fact that you have been receiving so much information and learnt so much over the past few weeks. A week and a half after getting home I got the fantastic news that I passed all written exams and the qualification lab. On my first attempt - hell yeah I'm proud!

    The network you build during the rotation with the class mates, tutors and product group are invaluable. I've already after a few days seen the benefit of this!

    MCM tips and tricks

    Here are some tips and tricks for you already scheduled for a rotation or planning on diving into the MCM:

    • Prepare and prepare well
    • Plan your rotation - plan the pre-reading and practice on the different topics
    • Read the pre-read list
    • Exercise before and during your rotation - sitting in those chairs for three weeks really takes its toll
    • If your used to a non-American keyboard - bring your own since you're going to write a lot of PowerShell and stuff and you don't want to waste time on mistyping for the qual lab. (I actually bought an American keyboard over there instead)
    • Enjoy!
    • It depends!

    So what about the other SharePoint certifications...

    I'm not talking about the MCA, that's for just a few brave ones. I'm talking about the four MCP exams. I've done them all, since it's a pre-requisite for MCM, and I've done the four for 2007 and one for 2003. I've previously wrote about them and I still stand by my post from last year. I do not think the exams are actually good - they have huge improvement potential.

    But I'm not, like some others, that refuses to take them just to stand out and look cool. They provide value for businesses that are Microsoft Partners and if you're a MCT. Also the clients are actually aware of these exams, compared to other non-Microsoft sanctioned exams, and they sometimes request that you have them. Also they can be of real value when your learning SharePoint - you can see what areas you need to improve on etc. So I do recommend you to go and get them!

    The problem with MCM though is that very few clients are aware of this certification. And that's what we/I are trying to change. And in fact I think this is changing right now, even before attending the training, I saw an increase in attention in my and my companies services.

    Now I'm going to enjoy this and soon have a nice vacation to catch up with lost time with the family.

  • How to do active authentication to Office 365 and SharePoint Online

    Tags: SharePoint 2010, Office 365

    This is a post detailing how you perform active authentication to SharePoint Online in Office 365. Active authentication is required when you need to authenticate in code to programmatically access SharePoint objects, using for instance Client Object Model, web services or WebDAV from outside of Office 365. When you are "in" SharePoint Online or using the web browser this is not needed since you are either already authenticated and the web browser handles the authentication using active authentication.

    Note: The active authentication "mechanism" have unfortunately changed a few times the last month without any notice. I had a really bad timing with one of these changes just a couple of days before demoing it on TechDays here in Sweden. With that said - I cannot guarantee that this method will work in the future. But if it changes I'll try to update the post or write a new one...

    SharePoint Online active AuthN basics

    Before digging into the actual code I think it is important to understand how it actually works and what the code does. This is easier done using a diagram.

    Passive claims AuthN

    What happens is that we need to request a token from the STS. In Office 365 the STS is located at To request the token from the STS we pass the username and password using the SAML 1.1 protocol. If the authentication is successful the STS returns a security token. This security token is sent to SharePoint and if SharePoint successfully validates the token it will return two cookies (called FedAuth and rtFa). These two tokens must then be passed along with all requests to SharePoint.

    There are some other interesting things happening here  that you need to be aware of. For instance; you need to be aware of which Office 365 subscription you are targeting. P-subscriptions must use HTTP Url's when communicating and E-subscriptions must use HTTPS. Using HTTPS for P-subscriptions will create redirect responses that eventually will drive you crazy when trying to code around them (I got a solution for that though - but I can't get any worse anyways).

    How to use Client Object Model with Office 365 from a remote client

    To be able to remotely invoke methods on SharePoint Online using Client Object Model (CSOM), web services or WebDAV we need to authenticate first, according to above. Then we need to pass along the cookies for each request. And this is how we do it. Once you have the cookies (FedAuth and rtFA) you need to create a CookieContainer object in which you add the cookies. This CookieContainer must then be added to the request done by the Client Object Model before the request is done. The client runtime Context object has an event called ExecutingWebRequest that can be used for this. The code could look something like this:

    context.ExecutingWebRequest += (s,e) => {
        e.WebRequestExecutor.WebRequest.CookieContainer = 
        e.WebRequestExecutor.WebRequest.UserAgent = userAgent;

    The createCookieContainer() method is the one responsible for creating the cookie container, more on this one later. Also note here that I set the UserAgent of the request to a new value. This is important! If you do not set any user agent of this request SharePoint Online will gently throw a 403 Forbidden error if you're on an E-subscription. It works fine without on P-subscriptions, but it doesn't harm to add it. So just do it all the time, for the sake of it! The user agent could be any normal browser - this is what I use:

    "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" 

    That's basically it! Use the same procedure when you're manually using WebRequest objects or when you're using the SharePoint web services. Just add the cookies and user agent and you're fine.

    Show me the code to get the cookies!

    Now to the core of this article. How does the code look like to get the actual cookies? As a good TV-chef I've prepared all the things you need to make it really easy for you. I've been using a number of helper classes for a couple of months now and first showed them during TechDays 2011. Chris Johnson, Microsoft, also made a version of them for his blog post on the topic. My helper class has an origin in posts from Steve "SharePoint Claims" Peschka. I've modified and tweaked his code samples so that they work with SharePoint Online.

    What I've done is a helper class called MsOnlineClaimsHelper. This class contains all you need to authenticate, retrieve and cache the cookies and piggyback the cookie container on the CSOM web requests. Let's see a very simple sample:

    MsOnlineClaimsHelper claimsHelper = new MsOnlineClaimsHelper(url, username, password);
    using (ClientContext context = new ClientContext(url)) {
        context.ExecutingWebRequest += claimsHelper.clientContext_ExecutingWebRequest;
        Console.WriteLine("Name of the web is: " + context.Web.Title);

    On the first line I create the helper object and pass in the URL, username and password. This class will once used do the active authentication for you and cache the cookies until they expire. It will handle the HTTP/HTTPS problem with the E/P-subscriptions mentioned earlier, the User Agent problem and everything else you need. Yes, you will be able to download the code later. After creating the client context I hook up a helper method of the MsOnlineClaimsHelper class called clientContext_ExecutingWebRequest. This method is the one adding the cookies and fixing the user agent. Then it's just to use the client object model as usual. Remember that when you are using P-subscriptions the URL's passed into the client object model must be HTTP (the helper class doesn't really care and can handle both) and use HTTPS for E-subscriptions.

    The helper class is made so that you can reuse it, so you don't have to re-authenticate all the time, since that will really slow your application down. If you need the CookieContainer to add to your own web requests it has a property called (surpise!) CookieContainer that you can use.

    To illustrate another use, that also is a very useful helper class, is a Office 365 claims aware WebClient derivative.

    public class ClaimsWebClient : WebClient {
        private readonly MsOnlineClaimsHelper claimsHelper;
        public ClaimsWebClient(Uri host, string username, string password) {
            claimsHelper = new MsOnlineClaimsHelper(host, username, password);
        protected override WebRequest GetWebRequest(Uri address) {
            WebRequest request = base.GetWebRequest(address);
            if (request is HttpWebRequest) {
                (request as HttpWebRequest).CookieContainer = claimsHelper.CookieContainer;
            return request;

    This is a class that can be used just as the normal WebClient class. Using this one you enable WebDAV fiddling with SharePoint Online. It's very useful to upload and retrieve documents using PUT and GET methods.

    The download

    I promised you to see the code how we actually retrieves the cookies. Sorry, I won't. I'll leave that to you. Download the code sample, including all helper classes, by clicking this link and experiment with it as you like.

    Happy coding!

    Updated: Sometimes you're tired - mixed up passive and active...

  • Speaking at the European SharePoint Conference in October

    Tags: SharePoint 2010, Presentations

    imageI'm proud to announce that I have been selected to speak at the European SharePoint Conference, held in Berlin 17-20 October 2011. This is the largest SharePoint conference in Europe this year and there are plenty of good speakers and sessions, so get your seat while they still are available.

    I will have two sessions:

    I will be bringing a few copies of my book, so make sure that you attend my sessions and have a chance to win one.

    Webinar on developing for Office 365 and SharePoint Online

    I will also have a webinar, next week on Wednesday, that you can join to get up to speed on developing for Office 365 and SharePoint Online. Make sure you don't miss out on it. Register online here.

  • CKSDev version 2.0 is released - includes Contextual Web Part SPI

    Tags: Visual Studio, SharePoint 2010

    Extension ManagerThe by far best utility for SharePoint 2010 developers is the CKSDev extension (Community Kit for SharePoint - Developer extensions). It's an extension to Visual Studio 2010, available through the built-in Extension Manager. To install it, just hit Tools > Extension Manager and then search for "CKSDEV" in the Online Gallery. Version 2.0 of CKSDev was released yesterday, and if you already have it installed you should have been notified about the update.

    CKSDev is a community effort involving several genius SharePoint developers that in a combined effort shares their best tools and extensions in one package. It includes everything from new project templates, project items, extensions to the built-in designers and explorers. It's just a project that you can't live or work without. You can read more about all the great features at: Where you also can find the source code if you're interested in building your own extensions and eventually contribute to the project.

    Contextual Web Part SPIThe version 2.0 release is a great update and contains new and better keyboard shortcuts, the WSPBuilder Conversion Tool and a set of new SPI's. My contribution, except for testing, is the Contextual Web Part SPI. This SPI allows you to easily create a Web Part with a contextual behavior, that is it has an accompanying Ribbon extension.

    To create a Web Part using this new SPI just add a Contextual Web Part (CKSDev) project item into your farm solution. Your project will get modified to include the necessary references for the Web Part and Ribbon extension to work and it will add a new SPI.

    The Contextual Web Part SPI dissected

    The SPI contains a set of files;

    • A .cs file - this is your actual Web Part class containing the necessary Ribbon plumbing
    • A .webpart file - the standard Web Part Control Description file
    • An Elements file - the element manifest for the Web Part
    • A CustomAction file - this is the Ribbon extension and it includes a new ContextualGroup with a Tab containing a Button and then necessary templates
    • A PageComponent JavaScript file - this is the Ribbon Page Component where you implement the logic for the Ribbon commands
    • A sprite image - this is a sample image containing the sprites for your Ribbon icons

    It's very easy to build your own Contextual Web Part using this. Just add the necessary business logic into the Web Part, modify the Ribbon in the CustomAction element manifest and hook up your actions into the Page Component. Don't forget to add your sprites into the composite image instead of creating tons of small images.

    This is how it (almost) looks out of the box.

    A custom Contextual Web Part

    If you find anything "funny" about this SPI - don't hesitate to get in contact with the team.

    Happy SharePointing!

About Wictor...

Wictor Wilén is the Nordic Digital Workplace Lead working at Avanade. Wictor has achieved the Microsoft Certified Architect (MCA) - SharePoint 2010, Microsoft Certified Solutions Master (MCSM) - SharePoint  and Microsoft Certified Master (MCM) - SharePoint 2010 certifications. He has also been awarded Microsoft Most Valuable Professional (MVP) for seven consecutive years.

And a word from our sponsors...