Integrating Windows Live ID, Google and Facebook Authentications with SharePoint 2013

Federated authentication mechanism handles authentication by external providers which send the token back to SharePoint. So, Instead of we, creating accounts internally (in AD, SQL Server) for external users and partners, We can make use of external authentication providers like Microsoft Live ID Accounts, Google, Yahoo, Facebook accounts (or even external Active Directory - ADFS ) to manage authentication. Its extremely useful with public facing SharePoint sites, isn't it?

This article walks through step by step on integrating Windows Live ID, Google and Facebook account authentications with SharePoint 2013.

To start with, Here are the steps in summary:

We need Windows Azure ACS (Access Control Service) as our Trusted Identity provider. Subscribe and get one.

Add new Identity Provider for SharePoint 2013 with PowerShell.

Authorize users by granting them access to the web application.

Step 1: Configure Azure ACS with required Providers:

Create a Windows Azure Account
We need Windows Azure Access Control Service (ACS) to handle authentication from external entities. From ACS we can to choose Providers like Microsoft Live ID, Google , etc. Create a windows Azure Account - Subscribe for Azure (you must have a Microsoft Live ID & may need credit card).
Go to: https://www.windowsazure.com/en-us/ and register a new account.

I registered a Trial account with Azure. If you are part of any Windows Azure user groups, you can obtain a free coupon and get Windows Azure 30 days free pass at: http://www.windowsazurepass.com/

Create New Azure Access Control Service

Login to Windows Azure Portal, Click on "New" link from the footer pane >> App Services >> Active Directory >> Access Control >> Quick Create. Provide Namespace and location for your ACS service.

Once the service is created and activated, Select the ACS and Click on "Manage" link from the footer pane. This takes us to the ACS configuration page.

Configure Azure ACS

There are four settings we got to configure in ACS.

Identity providers

Relying party applications

Rule groups

Certificates and keys

Proceed to the below configurations one by one.

1. Identity Providers:

To start with, click on "Identity Providers" link - You'll notice "Windows Live ID" already listed there. You can add additional providers by clicking "Add" link in Identity Providers Tab. Lets Add "Google"

From the list, Choose "Google" and click on "Next" button

Click Save button to complete the changes.

Integrate Facebook Authentication with SharePoint 2013:

For Facebook accounts integration with SharePoint 2013, We need to do one more step: Create New Application in Facebook and then add the provider as Facebook in ACS.

Go to Facebook Apps, https://developers.facebook.com/apps

Create new Facebook Application

Give it a App Name and App Namespace. Click on "Continue"

Provide the Website with Facebook Log-in as: https://{your ACS Namespace}.accesscontrol.windows.net

Click Save Changes.

Now, in ACS:

Add new "Facebook Application" identity provider and Click Next

Enter Application ID, Application Secret values from Facebook application.

Click on save to complete your changes. Now our identity providers page contains these three identity providers:

2. Relying party applications:
Relying party application is generally a web site or application that uses ACS for Authentication. Here in our case, Its our SharePoint site. So, Lets create a Relying party Application.

Go to Relying Party Applications Tab, Click on "Add"

Enter the below parameters: Give it a Name (can be anything)

Specify the "Realm" as your SharePoint Web Application's URL (Say: http://extranet.crescent.com")

In Return URL, Just append /_trust , So, in our case, Its: http://extranet.crescent.com/_trust

Token format should be SAML 1.1

Set the Token timeout value to 3600

Make sure "Create new rule Group" is checked and click "Save" button

3. Rule groups:

Click on "Default Rule Group for http://extranet.crescent.com"

Under rules, You'll get a message: "No rules have been added. Click on "Generate" link just above "Rules" section

Select the providers, Hit Generate button again on the apps presented. Click on "Save"

If you visit the default Rule group again, You will see the mapping fields used by these providers.

You can also map additional properties from providers.

4. Certificates and keys:
We have to Encrypt the traffic between ACS and our SharePoint environment by exchanging certificate between Azure ACS and SharePoint. So, we need a Digital certificate. You can create SSL certificate from development environments with MakeCert.exe.

MakeCert.exe is part of Windows SDK. You can download it from: http://go.microsoft.com/fwlink/p/?linkid=84091 .MakeCert lives under: C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\BinSo, in command prompt: enter:

C:\>cd "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin"

MakeCert.exe -r -pe -n "CN=crescent.accesscontrol.windows.net" -sky exchange -ss my -len 2048 -e 11/15/2014

This will generate the certificate and install it automatically to the trusted certificate store. Or you can use:
MakeCert.exe -r -pe -n "CN=crescent.accesscontrol.windows.net" -sky exchange -ss my -len 2048 -e 11/15/2014 -sv "c:\Extranet.pvk" "c:\Extranet.cer "

If makecert.exe is not available, Use IIS self signed certificate creation with the specified common name, and the export the .CER & PFX files from Certificates Snap-in through MMC.

Import the Certificate to ACS:

Once certificate is generate, on the certificates and keys tab, Click on "Add link"

Browse to the certificate created (.pfx), provide password of it and then click "Save"

Warning: MakeCert.exe is not recommended for Production environments!

Step 2: Add new Trusted identity Provider as Azure ACS

We've our authentication providers ready now! We've make SharePoint aware by creating a new "Trusted Authentication Provider". Here is the PowerShell script to create new trusted authentication provider.

?

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

`Add-PSSnapin` `Microsoft.SharePoint.PowerShell`

`#Realm we created in Azure`

`$realm` `=` `"http://extranet.crescent.com"`

`#Replace "crescent.accesscontrol.windows.net" and "extranet.crescent.com" with yours here!`

`$signinurl` `=` `"https://crescent.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2fextranet.crescent.com%2f"`

`#Location of the certificate generated with Makecert.exe`

`$certloc` `=` `"C:\extranet.crescent.com.cer"`

`$rootcert` `=` `Get-PfxCertificate` `$certloc`

`New-SPTrustedRootAuthority` `"Windows Azure ACS"` `-Certificate` `$rootcert`

`$cert` `=` `New-Object` `System.Security.Cryptography.X509Certificates.X509Certificate2($certloc)`

`#Map the Fields from Rules Created for All Providers: Facebook , Google & Live ID`

`# NameIdentifier Field`

`$NameIdentifier` `= New-SPClaimTypeMapping` `-IncomingClaimType` `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"` `-IncomingClaimTypeDisplayName` `"UPN"` `-LocalClaimType` `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"`

`# Email Field`

`$Email` `= New-SPClaimTypeMapping` `-IncomingClaimType` `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"` `-IncomingClaimTypeDisplayName` `"Email"` `-SameAsIncoming`

`#Given Name Field`

`$GivenName` `= New-SPClaimTypeMapping` `-IncomingClaimType` `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"` `-IncomingClaimTypeDisplayName` `"Display Name"` `–LocalClaimType` `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"`

`$AccessToken` `= New-SPClaimTypeMapping` `-IncomingClaimType` `"http://www.facebook.com/claims/AccessToken"` `-IncomingClaimTypeDisplayName` `"Access Token"` `-SameAsIncoming`

`$Expiration` `= New-SPClaimTypeMapping` `-IncomingClaimType` `"http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration"` `-IncomingClaimTypeDisplayName` `"Expiration"` `-SameAsIncoming`

`#Create New Trusted Identity Provider`

`New-SPTrustedIdentityTokenIssuer` `-Name` `"Live ID/Google/Facebook"` `-Description` `"Live ID/Google/Facebook"` `-Realm` `$realm` `-ImportTrustCertificate` `$cert` `-ClaimsMappings` `$NameIdentifier,` `$Email,` `$GivenName,` `$AccessToken,` `$Expiration` `-SignInUrl` `$signinurl` `-IdentifierClaim` `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"`

`# IdentifierClaim defines the Field to display on User Name`

`# E.g. If you use only Google: New-SPTrustedIdentityTokenIssuer -Name "Google Account" -Description "Google Account" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $NameIdentifier,$Email,$GivenName -SignInUrl $signinurl -IdentifierClaim $Email.InputClaimType`

`# Make sure that the IdentifierClaim is common for all providers, if you are using more than one!`

Step 3: Authorize users by granting them access to the web application.

Associate Authentication provider to the target web Application:

Go to Central Admin >> Application Management >> Manage Web Applications

Select the web application you want to enable Federated Authentication

Click on "Authentication Providers" from Ribbon >> Click on 'the "Default" link >> Scroll down

Enable "Live ID/Google/Facebook" under "Trusted Identity Provider section

Grant Users Access:
So the authentication part is over. we've to handle authorization from SharePoint side, as we do for Windows AD accounts. Lets create a user policy to grant all users of the trusted identity provider to Read access to all sites in the web application (Otherwise, They'll get "Access denied" error message.

Go back to Manage web applications page, Click on "User Policy" button from the ribbon.

Click on Add Users

Choose All zones and click Next

Under Uses section, Browse and select "All Users"

Select "Full Read" permission and Click Finish.

Unit Test:
That's all! we are done!!

Hit the SharePoint Web Application URL. Users presented with login page.

From the list, choose "Windows Live ID/Google/Facebook"

Choose the appropriate login provider which takes us to the appropriate login screens.

Verify users are able to access SharePoint site with Google & Facebook accounts. Here are some screen shots:

Ref:

http://social.technet.microsoft.com/wiki/contents/articles/22309.integrating-windows-live-id-google-and-facebook-accounts-with-sharepoint-2013-white-paper.aspx

Enable Barcodes in SharePoint 2013

Bar codes are part of SharePoint Information Management Policies (IMP) feature. If you need bar codes for your document, here are the steps to enable bar codes on SharePoint document library.

Steps to enable bar code in SharePoint:
In SharePoint 2013 enabling barcode is a simple two-step process.

Approach 1:

Create New Document Library and Enable the bar code from IMP feature.

Browse the Document Library and Navigate to Library Settings.

Click on Information management policy and click on document content type.

Check the Enable Bar Code check box.

Click save and navigate to document library and start uploading the document in library. Now it will look as below.

Approach 2:

Create new content type and enable bar code through Information Management Policies.

Create new content type:

Navigate to Site Settings > Click on "Site Content Types" ->Create

Click Ok and select Information management policy settings

Select Enable Bar Code Value

Allow Content Type in Library.

Add above created content type

Select created Content Type

Browse the document library and naving to library settings and select content type and then select Bar Code and Bar Code Value

Click Ok and start uploading document in document library

column 'publishing page layout' does not exist. it may have been deleted by another user

This issue occur , if user is not using correct refernce in their custom aspx page layout.

Usually Error occured

If you check custom page layout .aspx file

Correct One:-

How to delete a Page layout in Master page and layouts library in SharePoint 2010/2013

On activating a feature, a new page layout will be deployed to the Master page and layouts library. On the other way, when I deactivate the feature the solution should delete the deployed page layout and associated content types etc so that I can ensure that no turds are left in the farm.

But to my surprise I was not able to delete the page layouts I created either through code or manually in the document library. It was throwing a very misguiding error "Server error: This item cannot be deleted because it is still referenced by other pages".. After spending a hour or so I figured that there is no page in my site referencing this Page Layout.

Deletion Approach:-

If you have created any custom pages using above created custom page layout. Then before deleting custom publishing page layout. Delete all create pages then it will allow to delete custom page layout.

Alternative Trick…

But how do I delete it then?. There is a trick to do it.
1. Open the Master page gallery in windows explorer mode.
2. Create a subfolder and name it 'Delete' (you can give any name to it).
3. Cut and paste your layout.aspx page to the folder.
4. Delete the folder now.

So we confirmed that manually we were able to delete the page layouts. Lets try it programmatically.

SPWeb web=properties.Feature.Parent as SPWeb;
SPSite sitecollection= web.site;

PublishingWeb web=PublishingWeb.GetPublishingWeb(web);

SPFolderCollection folders=web.Lists["Master Page Gallery"].RootFolder.SubFolders;

SPFolder folder =folder.add("Delete");

PublishingSite psite=new PublishingSite(sitecollection);

SPContentType ctype=psite.ContentTypes["SampleCType"];

PageLayoutCollection pagelayouts=psite.GetPageLayouts(ctype,true);

PageLayout layout=pagelayouts["/_catalogs/masterpage/SampleLayout.aspx"];

layout.ListItem.File.MoveTo(folder.url+"/SampleLayout.aspx");

folder.Delete();

SharePoint Page layout error: Only Content controls are allowed directly in a content page that contains Content controls

I created a new custom page layout using Visual studio and created a new page based on the page layout. When I deploy my custom solution. Its deployed fine , As I create new page using my custom page layout, Page created successfullu but not able to browse the page amd my publishing page was throwing a error " Only Content controls are allowed directly in a content page that contains Content controls". and showed some html elements in the error message which is placed outside of the content place holder.

I went back to my page layout design and after much analysis i could figure out the culprit. Its the case sensitive of contentplaceholder tag.

My code was like this which is actually fine and should work.

<asp:contentplaceholderId="PlaceHolderPageTitle" runat="server"></asp:content>

I changed the 'c' in the contentplaceholder tag to upper case like this

<asp:ContentPlaceholderID="PlaceHolderPageTitle" runat="server"></asp:Content>.

Redeployed the solution and it did the trick. It was working fine. So the lower case of the content place holder tag has actually inserted some html markups to my page which in turn has caused me the error.

Step by step creating News Page Layout using Content Type in SharePoint 2013

Step 1- Open Visual studio 2013 and create new project of type SharePoint Solutions…”SharePoint 2013 Empty Project”.

Step 2- As we will deploy our solution as a farm solution in our local farm on our local machine.

Step 3- Our solution will be as the picture blew and we will add a three folder for “SiteColumns”, “ContentTypes”, “PageLayouts” and "Resources" .

Step 4: - Starting by adding a new item to “SiteColumns” folder.

Step 5 - After we adding a new site column and renaming it. Add the following columns as we need to make the news layout NewsTitle, NewsBody,NewsBrief,NewsDate and NewsImage.

then add the blew fields and you will note that I use Resources in the DisplayName and the Group.

<Field

ID="{9fd593c1-75d6-4c23-8ce1-4e5de0d97545}"

Name="NewsTitle"

DisplayName="$Resources:SPWorld_News,NewsTitle;"

Type="Text"

Required="TRUE"

Group="$Resources:SPWorld_News,NewsGroup;">

</Field>

<Field

ID="{fcd9f32e-e2e0-4d00-8793-cfd2abf8ef4d}"

Name="NewsBrief"

DisplayName="$Resources:SPWorld_News,NewsBrief;"

Type="Note"

Required="FALSE"

Group="$Resources:SPWorld_News,NewsGroup;">

</Field>

<Field

ID="{FF268335-35E7-4306-B60F-E3666E5DDC07}"

Name="NewsBody"

DisplayName="$Resources:SPWorld_News,NewsBody;"

Type="HTML"

Required="TRUE"

RichText="TRUE"

RichTextMode="FullHtml"

Group="$Resources:SPWorld_News,NewsGroup;">

</Field>

<Field

ID="{FCA0BBA0-870C-4D42-A34A-41A69749F963}"

Name="NewsDate"

DisplayName="$Resources:SPWorld_News,NewsDate;"

Type="DateTime"

Required="TRUE"

Group="$Resources:SPWorld_News,NewsGroup;">

</Field>

<Field

ID="{8218A8D9-912C-47E7-AAD2-12AA10B42BE3}"

Name="NewsImage"

DisplayName="$Resources:SPWorld_News,NewsImage;"

Required="FALSE"

Type="Image"

RichText="TRUE"

RichTextMode="ThemeHtml"

Group="$Resources:SPWorld_News,NewsGroup;">

</Field>

Step 6 : - Creating Content Type, we will adding new Content Type to the folder ContentTypes.

Step 7- We must make sure to select the base of the content type “Page”.

Step 8- Open the content type and adding our new columns to it.

Step 9 - Open the elements file of the content type and make sure it will look like this the code blew.

Note: we use Resources in the Name, Description and the group of the content type.

<ContentType ID="0x010100C568DB52D9D0A14D9B2FDCC96666E9F2007948130EC3DB064584E219954237AF39007A5224C9C2804A46B028C4F78283A2CB"

Name="$Resources:SPWorld_News,NewsContentType;"

Group="$Resources:SPWorld_News,NewsGroup;"

Description="$Resources:SPWorld_News,NewsContentTypeDesc;"

Inherits="TRUE" Version="0">

</FieldRefs>

</ContentType>

Step 10- Add new Module to the PageLayouts folder after that we will find sample.txt file then rename it “NewsPageLayout.aspx”.

Step 11- Adding the the code blew to this “NewsPageLayout.aspx”.

<%@ Page language="C#" Inherits="Microsoft.SharePoint.Publishing.PublishingLayoutPage,Microsoft.SharePoint.Publishing,Version=15.0.0.0,Culture=neutral,PublicKeyToken=71e9bce111e9429c" %>

<%@ Register Tagprefix="SharePointWebControls" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>

<%@ Register Tagprefix="WebPartPages" Namespace="Microsoft.SharePoint.WebPartPages" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>

<%@ Register Tagprefix="PublishingWebControls" Namespace="Microsoft.SharePoint.Publishing.WebControls" Assembly="Microsoft.SharePoint.Publishing, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>

<%@ Register Tagprefix="PublishingNavigation" Namespace="Microsoft.SharePoint.Publishing.Navigation" Assembly="Microsoft.SharePoint.Publishing, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>

<asp:Content ContentPlaceholderID="PlaceHolderPageTitle" runat="server">

<SharePointWebControls:FieldValue id="FieldValue1" FieldName="Title" runat="server"/>

</asp:Content>

<asp:Content ContentPlaceholderID="PlaceHolderMain" runat="server">

</asp:Content>

Step 12- Adding the following code to the elements file of the “NewsPageLayouts” module.

</File>

</Module>

Step 13- Don’t forget to add the Resources Folder then adding the resource file with the name “SPWorld_News.resx” as we used it the previous steps and adding the blew keys to it.

News News

NewsBody News Body

NewsBrief News Brief

NewsContentType News Content Type

NewsContentTypeDesc News Content Type Desc.

NewsDate News Date

NewsGroup News

NewsImage News Image

NewsPageLayout News Page Layout

NewsTitle News Title

Step 14- Finally Deploying the solution.

Step 15- The next steps will explain how we add the “news content type” to the page layout through SharePoint wizard we will do these steps pragmatically in the next article.

A- Go to Site Contents then Pages , Library, Library Settings