Abstract: “Why am I getting a security error??” “Why does my code work sometimes, but not others?” “I wonder if McDonalds is hiring.” Writing custom code in SharePoint opens up unlimited possibilities but also throws many hurdles in your way that will slow you down if you don’t take them into account. So, before giving up and searching for careers in the fast food industry, equip yourself with the knowledge you need to succeed in writing custom code for SharePoint.
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Best Practices in SharePoint Development - Just Freakin Work! Overcoming Hurdles and Avoiding Pain in SharePoint Development
1. Thinking SharePoint? Think Jornata.
Just Freakin’ Work!
Avoiding Common Hurdles in SharePoint
Development
Prepared for
Prepared by
Geoff Varosky
Jornata
61-63 Chatham Street
Jornata
Fourth Floor
Boston, MA 02109
Submitted on December 14, 2011
8. Introduction
• Development Environment
– Physical?
– Virtual?
– Desktop?
– Dusty old PC under the desk?
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
9. Introduction
• 2007 or 2010
– 64-bit (leaves room for upgrade)
– >= 4G of RAM
– Choice of Virtual Host
• HyperV, VMWare, VirtualBox
• Not much in the way of VirtualPC support
– Create a base virtual image
• SQL, Base SP install, Service Packs, Dev Tools
• Visual Studio, SPD, etc.
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
10. Introduction
• Development Environment
– Follow the SDK (2010)
• 64 bit
• Desktop
– Windows 7
– Vista (SP1+)
– Http://msdn.microsoft.com/en-us/library/ee554869.aspx
• Server 2008
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
11. Introduction
• Development Environment
– Make sure your environment matches deployment
targets!
• In Visual Studio
– CPU
» x86? x64? AnyCPU?
• .NET Framework
• Service Packs
• Same architecture
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
12. Introduction
• Development Environment
– Don’t do everything as local admin!
• Follow proper account configuration from the SDK
• Developing to Deploy
– Use the least amount of privileges
• This will make admins happy
– Web application deployment (/bin)
• CAS policies
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
13. Development
• General Development Practices
• Lists
• Event Receivers
• Web Parts
• Unmanaged Code
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
14. Development
• General Development Practices
– Dispose of Objects!
• SPDisposeCheck
– Test with multiple accounts/privileges
– Strongly named assemblies
– Separate high and low privileged DLLs
– Do not mix .NET Framework versions
– 64 bit code compatibility
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
15. Development
• General Development Practices
– Stay away from the database
• USE THE API!
– Use resource & language files
• Do not hard code strings and labels
– Caching when and where possible
• msdn.microsoft.com/library/bb687949.aspx
– CAS Policies
– Safe Controls
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
16. Development
• General Development Practices
– Use try{} catch{} finally{} blocks
– Check for nulls in finally{} blocks with disposable
objects before disposing
• Change defaults
– Assembly Info
• Name it properly
– Jornata.SharePoint.WebParts.Stuff
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
17. Development
• General Development Practices
– Sign Controls
• Do not password protect the SNK
– Elevating Privileges
• SPSecurity.RunWithElevatedPrivileges()
– Clean, Validated, Secure data
– Runs as System account
– Write operations?
» Preceeded by SPUtility|SPWeb.ValidateFormDigest
– Must use new SPSite or SPWeb – not SPContext.Current
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
18. You might be a SharePoint Developer if…
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
19. Development
• Lists
– Test queries before deployment!
– U2U CAML Query Builder
• Remove the <Query></Query> tags!
– LINQ
– Batch queries when possible
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
20. Development
• Lists
– Do not use SPList.Items
• Use SPList.GetItems(query)
• Paginate (2000 items) – RowLimit
– GetItemByID
• Use SPList.GetitemByID
• Not SPList.Items.GetItemByID
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
21. Development
• Event Handlers
– Do not instantiate SPWeb, SPSite, SPList, or
SPListItem
– Use what the properties give you
• properties.OpenWeb()
– Do not need to dispose
• properties.ListItem
– Bulk operations will not run event handlers
• Ex: New list created – FieldAdding will not run
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
22. Development
• Event Handlers
– Connections
• Make sure you code for external systems not being
available
– LOG ERRORS
• Make it known why something went wrong
Thinking SharePoint? Think Jornata.
23. Development
• Web Parts
– Deploy to the Web Part Gallery
• Easy to add to a page from there
– AllowClose = false
• Closing web parts = bad
• X DOES NOT EQUAL DELETE
– Use Properties – avoid hard coded values
– HTMLEncode input values
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
24. Development
• Web Parts – In Code
– EnsureChildControls
• Ensure that the controls have been loaded before using
them.
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
25. Development
• Unmanaged Code
– JavaScript
• Will this be used in more than one place?
• Central Script repository (easy access)
• Deployment to _layouts folder
– More of a “managed” approach, more secure
– Less flexible
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
26. Development
• Unmanaged Code
– Content Editor Web Parts
• Awesome, flexible web parts!
• Use a library with versioning to link the WP to
– Easier to manage
– Versioning of “code”
– Publishing Sites
• Use content controls, not CEWPs!
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
27. Development
• Unmanaged Code
– Ghosted v. Unghosted pages
• Uncustomized v. customized
• Unghosted pages can have issues with upgrades
– i.e. site definitions change with upgrades
• Branding
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
28. You might be a SharePoint Developer if…
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
29. Development
• User Code Solutions (2010)
– When possible
– Forces better programming practices
– Keeps the farm safe
• Makes admins & managers happy
– Admins can control
• Makes them feel special
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.
30. Development
• USE SOLUTION PACKAGES!
• USE SOLUTION PACKAGES!
• USE SOLUTION PACKAGES!
• USE SOLUTION PACKAGES!
• USE SOLUTION PACKAGES!
• USE SOLUTION PACKAGES!
• USE SOLUTION PACKAGES!
• USE SOLUTION PACKAGES!
email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro
Thinking SharePoint? Think Jornata.