Category Archives: Everything

“Every” post goes into this category

Creating an SSL Certificate for SharePoint (Development)

I have recently been researching Active Directory Federated Services (ADFS), for my upcoming book on SharePoint 2013. Once of the requirements for ADFS is to communicate with relying parties, such as SharePoint, over SSL. Setting up SSL for a SharePoint web application is a trivial process, but nonetheless, one I thought I’d blog about.

Note: The following steps create a self-signed certificate for development purposes, never use these in production.

1. Open Internet Information Service Manager 7

2. Click on the server name in the left navigation tree, and then double-click the Server Certificates icon on the right, under IIS section.

3. Click the link to create a self-signed certificate

4. Give the certificate a friendly name, and then click the OK button

5. Double-click the self-signed certificate to see the details

6. Click the details tab and then click the button to copy the certificate to a file

7. Click the next button

8. Select the option to NOT export the private key, then click the next button

9. Choose the export format (I chose the default DER format) and then the next button

10. Give the certificate a filename and browse to a location on disk

11. Click the next button, then finish button to export the certificate to the file

You have now created a new self-signed certificate and exported the public key to a file on disk. The steps that follow demonstrate adding the public key to the trusted root authorities certificate store, so the certificate is trusted on the local machine – this avoids annoying messages in IE about untrusted certificates.

12. Open the Microsoft Management Console (MMC.exe)

13. Add the Certificates snap-in for the computer account and local machine

14. Import the certificate into the Trusted Root Certificate Authorities node

15. Import the certificate into the SharePoint node

Now we have a trusted certificate, next we add the certificate to the trusted store in SharePoint, using the following PowerShell script:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:MYCert.cer ")
New-SPTrustedRootAuthority -Name "SharePoint Certificate" -Certificate $cert

Note: you must provide the full path to the CER file in the above script.

Let’s go ahead and bind the certificate to an application (web site) in IIS:

16. Return to IIS Management

17. Click the SharePoint application in the left navigation, under sites

18. Click the Bindings link (on the far right)

19. Click the add button

20. Choose HTTPS, and select the certificate to use

Finally, we must let SharePoint know that we can receive requests on the SSL address, by creating an Alternate Access Mapping entry, as follows:

21. Open Central Administration

22. Click the Application Management heading

23. Click the link to configure alternate access mappings

24. Click the button to Edit Public URLs

25. Change the Alternate Access Mapping Collection for the correct web application

26. Choose an empty zone and add the HTTP URL (this should be the full domain name that is listed for the self-signed certificate in IIS)

That’s all there is to it.

Ctrl-F Crash in Visual Studio

I have Resharper 4 installed into Visual Studio 2008.  On 64-bit the CTRL-F functionality crashes the application, which has driving me nuts.  My colleague Anand posted a solution to our company Intranet, so I stole his post for my blog for future reference. 

Thanks Anand 😉

“Visual Studio might crash when using the Find feature on a 64 bit system. This msdn article explains the issue. KB947841 I uncovered this problem after installing resharper on a 64-bit system, however, it is not related to resharper. Installing this add-in simply uncovers this bug in visual studio. You need to request this hotfix ”

Blog moved to

On a whim decision in middle of yesterday evening I decided to move my blog from Community Server 2.1 to

Please update syndication URL to


Community Server and the team at Data Research Group, where my blog was hosted, have been great and I thank both DRG for their support and free hosting; and the Community Server guys for the wonderful platform I’ve been using for the past 3-4 years.

My decision to move last night wasn’t an agonizing one (hence “whim”) and nothing to do withy the CS platform or hosting, but because I am moving my life in the direction of “less maintenance for Rob.”

I chose to move to because WP offers a clean, slick, easy to use interface – and the best part, I don’t have to maintain it.  It’s taken me a while to comprehend that the more services one is responsible the more headaches one has to deal with (not that my blog was ever a huge burden).  WP affords me the ability to concentrate on blog posting, and never do I have to worry about backing up data, checking in a site errors, or making changes inline with infrastructure changes at my hosting org.

I did consider several other blog engines, especially SharePoint, since this is the focus of my career, but settled on WP because it was free, they offer 3GB of space, and configuration is simple.

The following is a list of pros and cons I have evaluated in the 24 hours since I moved to WP:


-  Easy to use administration interface
-  Stock templates – get bored with look and feel, I can just change it
-  iPhone application available
-  Never going away (hopefully), infrastructure maintained by WP team
-  Never have to worry about backups again
-  3GB of storage space (can pay for addition)
-  Stable platform, should never error out


-  Limited customization ability
-  No Google ads
-  No Google analytics
-  Have to pay extra for custom CSS

Moving my blog posts from CS 2.1 wasn’t as painful as I thought it would be.  I followed a great post from Rob Walling, which led me to use the CS BLOGML export tool from CodePlex, to export all my posts to BLOGML.  Once I exported my content, I was then able to massage the content, convert to WXR format using Damien G’s XSLT (and Visual Studio 2008), and then import the content directly into WP – presto, posts and comments.

The above process did some hand-holding.  Trawling the web, I found some claims to developed tools that would do the complete migration in one step, but never found a so called solution that worked.  With some knowledge of ASP.NET (debugging the CS export tool) and XSLT (for WXR convert) I was able to weed out posts causing difficulty in the conversion process and pull over a clean set.

I’m not sure if WP has fixed the importer recently, but I read many exasperating complaints about the WXR importer timing out.  I was able to import 300+ posts (about a 2MB file) with no issue.

So… enjoy the location, and send me feedback about anything you see broken, something you don’t like, or praise for the move 😉

Efficient way to add a new item to a SharePoint list

Never use SPList.Items.Add because this approach gets all items in the list before adding a new SPListItem.  Use the following method instead, which does not preload the list items:

   1:  /// <summary>
   2:          /// More efficient way of adding an item to a list.
   3:          /// </summary>
   4:          /// <remarks>
   5:          /// GetItems with a query is faster than calling the OM to get all items.
   6:          /// This is because the SPListItemCollection is created without loading all the
   7:          /// data until the first query request.  Whereas SPList.Items loads all the data
   8:          /// at construction.
   9:          /// </remarks>
  10:          /// <param name="list">List.</param>
  11:          /// <returns>List Item Added.</returns>
  12:          public static SPListItem OptimizedAddItem(SPList list)
  13:          {
  14:              const string EmptyQuery = "0";
  15:              SPQuery q = new SPQuery {Query = EmptyQuery};
  16:              return list.GetItems(q).Add();
  17:          }

SharePoint Development Best Practices (Summary)

I’ve read several blog posts of late regarding best practices for developing SharePoint API based components.  Some developers are aware of issues surrounding disposal of SPSite and SPWeb objects and the use of SPList Item collections, and some are not.  The simple fact is the SharePoint API is not intuitive when it comes usage of memory hungry-object instances, and it is all too easy to leave too many of these objects in memory for the garbage collector to deal with – causing large memory spikes in the site application pool with high traffic utilization.  Furthermore, what seems like innocent well structured code can perform badly because of the underlying calls against the SharePoint content databases.  This blog post serves as a reference point and as a quick summary of some of the best practices.

Best Practices: Using Disposable Windows SharePoint Services Objects


Enable the following registry setting to populate the ULS logs with allocation identifiers to isolate non-disposed SPSite and SPWeb objects:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsWeb Server ExtensionsHeapSettings SPRequestStackTrace = 1

Wrap all calls that create a new SPSite or SPWeb object (except those from obtained from the SPContext.Current singleton) in try, catch, finally blocks, or using statements

SPContext objects are managed by the SharePoint framework and should not be explicitly disposed in your code. This is true also for the SPSite and SPWeb objects returned by SPContext.Site, SPContext.Current.Site, SPContext.Web, and SPContext.Current.Web.

You must be cautious and aware of what the runtime is doing whenever you combine SharePoint object model calls on the same line. Leaks arising from this scenario are among the hardest to find.

The finally block executes after calls to Response.Redirect in the try block. Response.Redirect ultimately generates a ThreadAbortException. When this exception is raised, the runtime executes all finally blocks before ending the thread. However, because the finally block can do an unbounded computation or cancel the ThreadAbortException, there is no guarantee that the thread will end. Therefore, before any redirection or transfer of processing can occur, you must dispose of the objects. If your code must redirect, implement it in a way similar to the following code example.

String str;
SPSite oSPSite = null;
SPWeb oSPWeb = null;

oSPSite = new SPSite("http://server");
oSPWeb = oSPSite.OpenWeb(..);

str = oSPWeb.Title;
if (oSPWeb != null)

if (oSPSite != null)

catch(Exception e)
if (oSPWeb != null)

if (oSPSite != null)


Good practices to reduce object long-term retention:

  • If you create the object with a new operator, ensure that the creating application disposes of it.
  • Dispose of items created by SharePoint methods that return other SPWeb objects (such as OpenWeb).
  • Do not share any SPRequest object (and by extension any object that contains a reference to an SPRequest object) across threads.

SPSite Object:

  • The SPSiteCollection.Add method creates and returns a new SPSite object. You should dispose of any SPSite object returned from the SPSiteCollection.Add method.
  • The SPSiteCollection [] index operator returns a new SPSite object for each access. An SPSite instance is created even if that object was already accessed. The following code samples demonstrate improper disposal of the SPSite object.
  • The SPSite.AllWebs.Add method creates and returns an SPWeb object. You should dispose of any SPWeb object returned from SPSite.AllWebs.Add.
  • The SPWebCollection.Add method creates and returns an SPWeb object that needs to be disposed.
  • The SPSite.AllWebs [] index operator returns a new SPWeb instance each time it is accessed.
  • The OpenWeb method and SelfServiceCreateSite method (all signatures) create an SPWeb object and return it to the caller.
  • The Microsoft.Office.Server.UserProfiles.PersonalSite returns an SPSite object that must be disposed.
SPSite.RootWeb Property

An earlier version of this article indicated that the calling application should dispose of the SPSite.RootWeb property just before disposing of the SPSite object that is using it. This is no longer the official guidance. The dispose cleanup is handled automatically by the SharePoint framework. Additionally, SPSite properties LockIssue, Owner, and SecondaryContact used the RootWeb property internally. Given the updated guidance for RootWeb, it is no longer advisable to call the Dispose method on the SPSite.RootWeb property whenever any of these properties are used.

SPWeb Object:

  • The SPWeb.Webs property returns an SPWebCollection object. The SPWeb objects in this collection must be disposed.
  • The SPWeb.Webs.Add method (or Add) creates and returns a new SPWeb object. You should dispose of any SPWeb object returned from this method call.
  • The SPWeb.Webs[] index operator returns a new SPWeb object for each access
SPWeb.ParentWeb Property

Updated Guidance

An earlier version of this article recommended that the calling application should dispose of the SPWeb.ParentWeb. This is no longer the official guidance. The dispose cleanup is handled automatically by the SharePoint framework.

Other Objects:

  • Microsoft.SharePoint.Portal.SiteData.Area.Web Property.  The Web property returns a new SPWeb object each time it is accessed.
  • If the object is obtained from the SharePoint context objects (GetContextSite method and GetContextWeb method), the calling application should not call the Dispose method on the object.
  • The SPLimitedWebPartManager class contains a reference to an internal SPWeb object that must be disposed.
  • The GetPublishingWebs method of the PublishingWeb class returns a PublishingWebCollection object. You must call the Close method on each enumerated innerPubWeb object. When you are calling only the GetPublishingWeb method, you are not required to call Close.
  • The Microsoft.SharePoint.Publishing.PublishingWeb.GetVariation method returns a PublishingWeb object that must be disposed.

Best Practices: Common Coding Issues When Using the SharePoint Object Model


Caching Data and Objects

Many developers use the Microsoft .NET Framework caching objects (for example, System.Web.Caching.Cache) to help take better advantage of memory and increase overall system performance. But many objects are not "thread safe" and caching those objects can cause applications to fail and unexpected or unrelated user errors.

Caching SharePoint Objects That Are Not Thread Safe

You might try to increase performance and memory usage by caching SPListItemCollection objects that are returned from queries. In general, this is a good practice; however, the SPListItemCollection object contains an embedded SPWeb object that is not thread safe and should not be cached.

You can cache a DataTable object that is created from the SPListItemCollection object.

Using Objects in Event Receivers

Do not instantiate SPWeb, SPSite, SPList, or SPListItem objects within an event receiver. Event receivers that instantiate SPSite, SPWeb, SPList, or SPListItem objects instead of using the instances passed via the event properties can cause the following problems:

  • They incur significant additional roundtrips to the database. (One write operation can result in up to five additional roundtrips in each event receiver.)
  • Calling the Update method on these instances can cause subsequent Update calls in other registered event receivers to fail.

Working with Folders and Lists

Do not use SPList.Items.  SPList.Items selects all items from all subfolders, including all fields in the list.

  • Instead of calling SPList.Items.Add, simply use SPList.AddItem.
  • Retrieve list items using SPList.GetItems(SPQuery query)
  • Instead of using SPList.Items.GetItemById, use SPList.GetItemById(int id, string field1, params string[] fields)

Do not enumerate entire SPList.Items collections or SPFolder.Files collections.

Poor Performing Methods and Properties Better Performing Alternatives
SPList.Items.Count SPList.ItemCount
SPList.Items.XmlDataSchema Create an SPQuery object to retrieve items you want
SPList.Items.NumberOfFields Create an SPQuery object (specifying the ViewFields)
SPList.Items[System.Guid] SPList.GetItemByUniqueId(System.Guid)
SPList.Items[System.Int32] SPList.GetItemById(System.Int32)
SPList.Items.ReorderItems Perform a non-paged query using SPQuery in each page
SPList.Items.GetItemById(System.Int32) SPList.GetItemById(System.Int32)
SPFolder.Files.Count SPFolder.ItemCount

Use PortalSiteMapProvider (Microsoft Office SharePoint Server 2007 only).

Steve Peschka's white paper Working with Large Lists in Office SharePoint Server 2007 describes an efficient approach to retrieving list data in Office SharePoint Server 2007 by using the PortalSiteMapProvider class.

(Very important as this works around the 2000 item limit)

Scaling Code

How to make this code more scalable or fine-tune it for a multiple user environment can be a hard question to answer. It depends on what the application is designed to do.

You should take the following into consideration when asking how to make code more scalable:

  • Is the data static (seldom changes), somewhat static (changes occasionally), or dynamic (changes constantly)?

  • Is the data the same for all users, or does it change? For example, does it change depending on the user who is logged on, the part of the site being accessed, or the time of year (seasonal information)?

  • Is the data easily accessible or does it require a long time to return the data? For example, is it returning from a long-running database query or from remote databases that can have some network latency in the data transfers?

  • Is the data public or does it require a higher level of security?

  • What is the size of the data?

  • Is the SharePoint site on a single server or on a server farm?

Using SPQuery Objects

SPQuery objects can cause performance problems whenever they return large result sets. The following suggestions will help you optimize your code so that performance will not suffer greatly whenever your searches return large numbers of items.

  • Do not use an unbounded SPQuery object.
  • An SPQuery object without a value for RowLimit will perform poorly and fail on large lists. Specify a RowLimit between 1 and 2000 and, if necessary, page through the list.
  • Use indexed fields.
  • If you query on a field that is not indexed, the query will be blocked whenever it would result in a scan of more items than the query threshold (as soon as there are more items in the list than are specified in the query threshold). Set SPQuery.RowLimit to a value that is less than the query threshold.
  • If you know the URL of your list item and want to query by FileRef, use SPWeb.GetListItem(string strUrl, string field1, params string[] fields) instead.

Authentication failed because the remote party has closed the transport stream

If you receiver the error "Authentication failed because the remote party has closed the transport stream" when accessing "Search Settings" in the SSP, the following steps will resolve the issue.  The issue is a result of incorrect self-serving-certificate.

1. Install the IIS 6.0 Resource Kit on the index server (
2. Assign a new SSL certificate  to the Office SharePoint Server Web Services site on the index server using the SELFSSL tool from the resource kit.

SELFSSL.EXE /N:CN=<name of index server> /K:1024 /V:<number of days cert should be valid> /S:951338967  /P:56738
The /S and /P parameters specify the web site ID and port number, respectively, of the Office SharePoint Server Web Services site in IIS. They should be set to the appropriate values for your environment.