SharePoint Dragons

Nikander & Margriet on SharePoint

Monthly Archives: October 2012

Office 2007/2010 feature overview

For a customer, we had to provide a feature overview of SharePoint 2010 integration with Office 2007 and Office 2010. We really liked this post:

SharePoint 2010 Best Practices

The TechNet Wiki SharePoint 2010 Best Practices page at is updated again. Check out the Extranet section!

What about the Update-the-App loop hole?

One of the warnings we’re hearing a lot about Apps is the following: Apps that are submitted to the SharePoint Store, SharePoint Market Place (or whatever the final name will be), undergo a rigorous approval process. But, after granting an App Full Control, as long as the accompanying App manifest file doesn’t change, the App itself can change and start misbehaving on purpose after receiving an update.

Is this going to be a problem? In theory, yes. In reality, we don’t think so. Submitting Apps to the SharePoint Store will tie your company, or you personally, to that App. So, Apps starting to misbehave on purpose will definitely lead to immense legal claims. The SharePoint Store as a platform for hackers, we just don’t see it happening.

SharePoint Online for Office 365: Note to Self

The essential Developer Guide for SharePoint Online for Office 365 can be found here:

Nice overview of SharePoint Online features per plan

App Authorization Gotcha

Interesting App gotcha: when Apps run under the App Only App Authorization Policy they run under the special SHAREPOINT\APP account. This only works for OAuth authenticated calls, and doesn’t work for some APIs that require the presence of a user context, such as the Search API.

Designing SharePoint 2010 extranet infrastructure

This is a great link with information about SharePoint 2010 extranet infrastructures: It also contains a link to the extranet hardening planning tool (which is actually a Visio diagram, but useful nonetheless).

Biggest drawbacks of SharePoint 2013 App Model

We feel that most people would agree that the introduction of the SharePoint 2013 App model is the biggest architectural change in SharePoint 2013. We feel it’s a logical step and we have faith that eventually the App model will turn out fine, but we have our doubts how the APP model will work out initially. For now, these seem to be the biggest drawbacks of the App model:

  • Apps can leverage a basic stylesheet of the referring SharePoint site, but for sure until so far the UI integration between Apps and SharePoint doesn’t look seamless at all. The Apps that are available right now from the SharePoint App Store seem to be struggling with this a lot. This is going to be a huge pain point, customers will expect integration to look naturally and for now it’s a big question mark if the tools provided to App developers allow them to deliver.
  • Apps will need to rely heavily on JavaScript and asynchronous REST API calls/client OM calls to interact with the associated SharePoint context. Apps mostly built using JavaScript: we fear the code will become a huge spaghetti mess.
  • Sahil Malik brings up an interesting point in , although App/SharePoint communication leverages OAuth, will it be safe? Sahil raises some serious doubts concerning the current implementation, and expects the burden of providing a secure solution will be placed on the shoulders of every App developer.
  • After a SharePoint App has successfully obtained Full permissions, in principle there is nothing from stopping a vendor from modifying that web application to do something different (and evil?).
  • The new App model brings a lot more cross-server communication with it. Will this impact the performance noticeably, will Apps be perceived as sluggish?

Advanced SharePoint 2013 workflow debugging

Andrew Connell has written this great blog post about doing advanced workflow debugging in SharePoint 2013 by leveraging the free HTTP traffic monitoring tool Fiddler. Using an HTTP monitoring tool for workflow debugging purposes makes a lot of sense for two reasons:

      • SharePoint 2013 leverages Windows Azure Workflow (WAW) to provide SharePoint 2013 workflows. Both components communicate via HTTPS/SSL.
      • SharePoint 2013 workflows are declarative and don’t allow developers to add custom code. Instead, developers have to either create custom actions or use the new HTTP workflow activities to call custom WCF services.

Because of these two reasons, the amount of HTTP traffic that happens under water when executing workflows increases dramatically. Hence, Fiddler becomes a useful workflow debugging tool. Check out the good stuff at:

jQuery in Action

We were technical reviewers of the book “jQuery in Action” ( ) and thought it was really good. The recommendation on the back by John Resig, creator of jQuery, says it all: “The best-thought-out and researched piece of literature on the jQuery library.”

The book discusses:

  • JavaScript essentials
  • jQuery fundamentals
  • Selecting elements
  • Generating new HTML
  • Working with element sets
  • Changing element styling and content
  • Events
  • Animations and effects
  • jQuery utility functions
  • Extending jQuery
  • Using Ajax
  • Themes and effects
  • Mouse interactions
  • jQuery UI widgets