Radi Atanassov

SharePoint MCM, MVP, MCT and owner of OneBit Software

Using ASP.NET Identity 3 with Entity Framework 6



I put together a provider for Entity Framework 6 and ASP.NET Identity 3. This post introduces it.

ASP.NET Identity 3 is awesome and packed with new features. Me and my team (OneBit Software) – we are comfortable and very keen to use it in our projects.

ASP.NET Identity 3 by default uses Entity Framework 7 (together with other details, such as ASP.NET 5, MVC 6, DNX, etc. etc.). EF7 is also great and stable, but very feature-poor at the moment. We are not ready to use EF7 (at the time of writing this post) in production, even though there is go-live production support for it.

Entity Framework 6 for that matter is stable and we trust it.

So the long story short – we need ASP.NET Identity 3 with support for Entity Framework 6. The solution is the Microsoft.AspNet.Identity.EntityFramework6 project.

GitHub source: https://github.com/OneBitSoftware/Microsoft.AspNet.Identity.EntityFramework6

At the time of launching the project is built for RC1-Update1. All nugget packages are fixed to the 1.0.0-rc1-final version.

The solution is structured with the core source, unit tests and a sample web application:


Entity Framework 6

 EF6 doesn’t support generic types for DbSet’s. You can’t do:

 DbSet<IdentityUser<TKey>> Users;

 This adds some complexity, because Identity 3 aims to use generic types to support generic keys for the database.

 There’s some further complexity in other features/limitations of EF6 in itself, so some parts of Identity 3 code need tweaking, like the OnModelCreating initializer.


ASP.NET Identity 3

 I’ve spent quite some time with this lovely library that it has become my weekend hobby. I’ve done my best to reuse as much as I can and do as little as possible to get it running with EF6.

 The database is assuming the Id columns (TKey) are of type string. You can modify that to your liking. I’ve done it because the default implementation uses Guids.

 There are no changes to the way ASP.NET Identity 3 works internally, all modifications are around how users and roles are stored.


Getting Started: Sample ASP.NET 5 MVC 6 solution project with ASP.NET Identity 3 and Entity Framework 6

 You will find a complete sample with everything set up in the repository: https://github.com/OneBitSoftware/Microsoft.AspNet.Identity.EntityFramework6/tree/master/samples/IdentitySamples.MVC6.EF6

 If you need to add this to your own MVC project, just reference Microsoft.AspNet.Identity.EntityFramework6 and place the following in the ConfigureServicesmethod of your Startup.cs file:

 //Inject ApplicationDbContext in place of IdentityDbContext and use connection string

 services.AddScoped<IdentityDbContext<ApplicationUser>>(context =>



//Configure Identity middleware with ApplicationUser and the EF6 IdentityDbContext

 services.AddIdentity<ApplicationUser, IdentityRole>(config =>


     config.User.RequireUniqueEmail = true;





 You can use ApplicationUser and IdentityDbContext to modify the model further.

 This is currently not released as a Nuget package, although if there is interest we could do that on MyGet.


 The Test project requires Microsoft.AspNet.Testing and Microsoft.AspNet.Identity.Test nuget packages. These are available on the MyGet aspnetmaster package source here: https://www.myget.org/F/aspnetmaster/api/v2/

In order for this to be easy to get going, I have included them in the “lib” folder. The “project.json” files in the “wrap” folder point to these local assemblies.

 Unit Testing

At the time of releasing, the solution passes all unit tests.  Make sure they run for you too if you are contributing to the repository.

 Contribution, Issues and Discussions

 I would love it if you make a fork and create a pull request. Let’s keep all discussions and issues in GitHub. Anything that you need to be updated or fixed – let us know and if time allows for it we will look into it. Feel free to follow the patterns and contribute.

 We will keep a close eye on updates to ASP.NET Identity 3, especially around RC2 and a final version.



Authorizing Office 365 SharePoint Apps to read Azure AD data

I've been using the Azure AD Graph API in SharePoint/Office Apps for some time now and the changing releases of the different Microsoft products definitely makes it very confusing for newcomers. The documentation has a long way to go, it is quite tricky with the very few examples that use old API's. I hear that people find it frustrating to get going with the Graph API.

This blog post describes how you can make use of Azure AD in Office/SharePoint Apps, what API's to use and how to authenticate your App. I have been using a technique for a while now and it is still not widely popular, most likely because it is not documented anywhere. I have been presenting on it for a while now:

  • Microsoft InTouch conference 2014
  • EUSPC 2014 in Barcelona
  • SharePoint Days 2014 in Slovenia
  • JSNext 2014 in Bulgaria


  • You are building a SharePoint App that needs to read user data that does not exist in the User Profiles in SharePoint Online
  • You need to get a list of members in a group in Azure Active Directory in a provider-hosted SharePoint App that will run in Office 365
  • You need to reach to other directory objects in Azure AD like Roles, Conference Rooms, Computers, etc.
  • You DON'T have an Azure subscription (you don't need one!)


The first key point to understand: every Office 365 tenant has an Azure Active Directory instance in the background. This was never well-known and it took some time in the industry before the mass population got a grasp of that fact. DirSync helped, but terminology definitely changed, and so did the Azure landscape.

One of first and best posts out there that highlighted this was by fellow MVP Chris O'Brien: http://www.sharepointnutsandbolts.com/2014/04/using-azure-instance-behind-your-office-365-tenant.html His does a great job to show you how you can fiddle with your Office 365 users with a trial Azure subscription.

The second key point: SharePoint Apps get "registered" as Applications (Service Principals) in Azure AD. I will show you how to see that further below.

And the third point: You *don't need* an Azure subscription to work with Azure AD, you can use PowerShell. You will miss out on the awesome web portal, but you can still do your job. Many blog posts show how to do it through the Azure portal, but most don't have an Azure subscription.

Azure Active Directory – a few words

For those not so familiar with Azure AD, it is just a directory in the cloud J There are tons of examples of how Azure AD delivers significant value, but here we focus on what is different from Active Directory on-premises that is relevant to Apps.

Instead of using LDAP to communicate with AD, when using Azure AD we use HTTP-based authentication standards and packet flow: SAML-P, OAuth 2.0, WS-Federation. That's all you need to know for now.

Again, all Office 365 (Multi-tenant) tenants have an instance of Azure AD in the background, so if you are doing anything with Office 365 development, you will eventually come across this.


The Graph API

So no LDAP, no DirectorySearcher, no old ways to interrogate the directory. The Azure AD team has built what is called the Graph API.

The terminology is confusing, but if you've been in the SharePoint/Office world that has always been the case. I am sometimes confused myself:

This blog post is specifically about the Azure AD Graph API and how you can use it in SharePoint Apps.

So, why would you care about all this?

As we're moving from On-premises to more and more development in Office 365, you will eventually hit the need to get information from Active Directory that is not in neither the User Profiles, nor attainable through the Office Graph GQL search interface. You will need to do stuff in AD that you just can't do through other API's, for example getting a user's country or Office 365 license information through the User Profiles CSOM API.

Steps to give SharePoint Apps permission to Azure AD

So now with the background out of the way, let's dig into it. As I mentioned previously, you don't need an Azure subscription to read Azure Active Directory data – your Office 365 tenant gives you everything you need.

Our goals:

  • Register a SharePoint App with your tenant -> get a ClientId and ClientSecret
  • Give permissions to the App to call Active Directory using the Graph API
  • Show some code

Registering a SharePoint App with a tenant

I use this technique with our clients when we develop something that is a one-off case, and mainly when we build console applications or windows services that do periodic work on SharePoint Online tenants. I use AppRegNew.aspx and you could read more about it here: https://msdn.microsoft.com/en-us/library/office/jj687469(v=office.15).aspx

You can also find more samples where I use this technique in OfficeDev Patterns & Practices: Core.UserProfiles.Sync Governance.EnforceContentTypeRetention and a few others

  1. Open https://[tenantname].sharepoint.com/_layouts/15/appregnew.aspx
  2. Generate your ClientId and ClientSecret, and fill in the other fields:

If you are just building a console app with no user interaction, the AppDomain & Redirect URI could be just "localhost" & "https://localhost".

Confirm and copy your ClientId and ClientSecret. You could also use AppInv.aspx to give your app permissions to SharePoint data. See one of the OfficeDev PnP samples for more info on that.

Give your App access to Active Directory

This is where the real fun begins.

After you used AppRegNew.aspx, you might wonder where that App configuration goes… Let's have a look.

  1. To use PowerShell with Azure Active Directory you need to get the Azure AD modules: (also described here: Core.UserProfiles.Sync )

http://msdn.microsoft.com/en-us/library/azure/jj151815.aspx is the official MSDN page.

Open the Windows Azure Active Directory PowerShell module (or you can just import the modules):

  1. Connect to your tenant:

Connect-SPOService -Url https://onebitsoftware-admin.sharepoint.com -Credential admin@onebitsoftware.onmicrosoft.com

  1. Purely for academic purposes, poke around:

To prove that SharePoint Apps get registered as Azure Active Directory service principals, run this command:

## Set the app Client Id, aka AppPrincipalId, in a variable

$appId = "06277b15-fc38-4df8-bf93-a76c9f9e5dc2"


## get the App Service Principal

Get-MsolServicePrincipal -AppPrincipalId $appId


You will get this:

Notice "AppPrincipalId" -> this is the ClientId, there is just a huge element of bad and misaligned terminology.

But the point is made, AppRegNew.aspx registers a SharePoint App as an Azure AD service principal. The Service Principal Names are taken from the AppDomain property and the client Id. The Display Name is what you put in the AppRegNew.aspx form.

NOTE: SharePoint Apps will not appear in the Azure web portal, there are reasons for this and it is normal. See this: Application Objects and Service Principal Objects https://msdn.microsoft.com/en-us/library/azure/dn132633.aspx

  1. Give your App access

Again, for academic purposes, run Get-MsolRole:

This is a list of all roles in AD that you could assign. In our case the "Directory Readers" role is what we need. So let's give that role to our App:

## Set the app Client Id, aka AppPrincipalId, in a variable

$appId = "06277b15-fc38-4df8-bf93-a76c9f9e5dc2"


## get the App Service Principal

Get-MsolServicePrincipal -AppPrincipalId $appId


## Get the Directory Readers Role

$directoryReaderRole = Get-MsolRole -RoleName "Directory Readers" ##get the role you want to set


##Give the app the Directory Reader role

Add-MsolRoleMember -RoleMemberType ServicePrincipal -RoleObjectId $directoryReaderRole.ObjectId -RoleMemberObjectId $appPrincipal.ObjectId


You are DONE!

To validate, run this:

##Confirm that the role has our app

Get-MsolRoleMember -RoleObjectId $directoryReaderRole.ObjectId


And you will see:

Notice Yammer?? That's how Yammer gets data from Azure AD J This gives you significant info on how things work in AD.

Test access and get going with some code

So, now you need to test, then write the actual code for the SharePoint App.

First, some reading:



To test your app authentication, use the Graph Explorer: https://graphexplorer.cloudapp.net/

Type in your tenant UPN followed by /Users to get all users:

When you click Get you will get a login prompt:

Principal Id is the same as "ClientId" and "AppPrincipalId" (bad terms!)

"Symmetric Key" is "ClientSecret".

Click log in and you will get your results J Beware of caching issues!!

Add the Graph Client Library to a project

Now that your authentication is set up, grab the Graph Client Library through Nuget:


That is pretty much all you need! You should keep your assemblies fresh, however beware of the changes, "GraphClient" & "GraphConnection" are old API's, "ActiveDirectoryClient" is the object in 2.0.

Code samples

There's not a hell of a lot of code samples out there, but there are a few to help you get going. I put together an update to the OfficeDev PnP sample "AzureAd.GroupMembership" so check it out:

Core.UserProfiles.Sync - https://github.com/OfficeDev/PnP/tree/dev/Solutions/Core.UserProfiles.Sync - this example gets the Country from Azure AD and syncs it to SPO User Profiles, where that field is unavailable.

(no need for me to paste the code here)


The Azure AD Graph Team have good samples too:




That should be enough to get you going, good luck J Please feel free to reach out to me and ask questions, I would be glad to help. You might find me junking in the Yammer OfficeDev Patterns & Practices group.

Debugging and troubleshooting SharePoint – Part 1

A friend of mine asked me a very cool question: "how does an MCM troubleshoot and debug SharePoint?" Well, as simple as the question is, I prepared a big set of tips that I believe are extremely unpopular in the SP development space, yet extremely powerful if used in the right way.


I use these techniques in my everyday SP life both in development and when we do troubleshooting. This is a multi-part set of posts, where I'm going to start with some easy stuff, then increase the complexity:


Debugging and troubleshooting SharePoint

Part 1: Using a console listener during deployment (this post)

Part 2: Following the order of feature installation and activation

Part 3: Don't forget about the Developer Dashboard!

Part 4: ULS troubleshooting tips

Part 5: Debugging SharePoint JavaScript

Part 6: Turn on Fusion logging to troubleshoot assembly loading/binding information

Part 7: Profiling SharePoint with the ASP.NET Profiler

Part 8: Collecting SharePoint intelligence with IntelliTrace

Part 9: Debugging SharePoint code execution with decompilers and reflection tools

Part 10: Debugging SharePoint memory dumps and live execution with WinDbg



Part 1) Use the Console Listener to send messages to PowerShell while deploying WSP's:


This part is easy, but sometimes very helpful. I have created an awesome WSP that uses TraceListener to send output messages. It is a convenient way to get output to the console when deploying with PowerShell.


Some quick code:

public static void WriteToLog(string message)


//Quick lame check to ensure our listener is not there

bool containsListener = false;

foreach (TraceListener item in Debug.Listeners)


if (item.Name == CustomConsoleListener)

containsListener = true;



//Add listener if it doesn't exist

if (!containsListener)


TextWriterTraceListener writer = new TextWriterTraceListener(System.Console.Out, CustomConsoleListener); //type console and name

Debug.Listeners.Add(writer); //register the Console listener



//send message

Debug.WriteLine(message + " " + Version); //Send message to the console


In my feature I have:

public override void FeatureActivated(SPFeatureReceiverProperties properties)


ConsoleLogger.WriteToLog(DateTime.Now.ToString("dd/MM/yyyy hh:mm:ss.fff tt") +

" WebApplicationFeature2 FeatureActivated Event" + properties.Feature.Parent.ToString());



When deploying with PowerShell, you will see the following output:


(I have crossed out the name of my web application as it is "sensitive", and I have many features.)


Note, the SharePoint Timer Process responsible for deployment of WSP's without the –Local switch doesn't have a console.


The above helps when figuring out deployment issues predominantly during development when you are trying to get things right.


Another very interesting point regarding this is the "Activate on Default" setting:


Activate on Default: It is only relevant to Farm and WebApplication scoped features. The deployment framework will automatically activate the feature if this is set to True and the scope is either Farm or Web Application. I blogged about it ages ago here: "Activate on Default" confusion and features scoped at Web Application level

HOWEVER, there is a slight gap here… if the solution is a Sandbox Solution, this setting will also trigger on features at the Site scope. Ignore the documentation, it doesn't tell you this.


Always Force Install: this setting will get rid of the annoying message that tells you the feature is already activated at the scope. While it is very annoying during development, in a real-life production environment it makes a lot of sense. It reminds us that re-activating the feature will apply all feature elements and execute feature receiver code. Forcing the activating will suppress that message for features at any scope level.


Auto Activate in Central Admin: This setting name actually gets it right for once, it will automatically activate the feature at Web, Site or Web Application level on Central Administration.


Until next time, where I show how the feature activation order works.




Recompiling your own version of the SharePoint code to suit your needs

Ever been pissed off at the SharePoint code? Banging your head against the wall, trying to figure out why something is not working for you, you're looking at it with a reflection tool and just want to see what would happen if you change a single line of code?

You don't have the SharePoint source code, but you still want to fiddle with it and compile your own build? You might have never thought that is possible, but here in this post I will show you how!

This is by far extremely awesome and some seriously fun shit, so enjoy!

(Disclaimer: don't do this, seriously. Just learn from it. I am sure that reverse engineering is written to be forbidden somewhere. And don't do this anywhere near a production server.)

STEP 1) Get the Reflexil plugin, either in Reflector or Telerik JustDecompile. It is called "Assembly Editor" and is available as a JustDecompile Plugin. Ever since Red Gate basterdised Reflector I prefer Telerik JustDecompile, it is free and built in Sofia, where I live and where OneBit Software is located.

Once you get all the components in there, load your tool and the assembly that you want to fiddle with.

In my example I modify Microsoft.SharePoint.ApplicationPages.Administration.dll, to make the CA UI show that I have a custom build, but you could easily do this with Microsoft.SharePoint.dll or any other assembly.

STEP 2) Browse through the assembly and find the code you want to modify. If you are tweaking a property, you need to specifically select the getter or setter. The UI will look like below, with many tabs in the Reflexil UI:

Right-click and either choose to edit the instruction, or "Replace all with code" for the fun stuff.

STEP 3) You will end up in an interface looking like the one below. On the left you will see generated code, on the right you will see instruction information. In my example, I replaced return default(string); with return "Radi's Custom SP Build!";

Make sure the Compiler version is the one relevant for the assembly, in my case v3.5, and hit Compile. You will get standard compiler errors if you have screwed something up. Otherwise if successful, the Instructions on the right will change as per your modification. That stuff is IL, you might already be familiar.

STEP 4) Go ahead and save your modified assembly. It will prompt you to save it with "Patched" in the filename:

STEP 5) After you save it, Reflexil/Telerik JustDecompiler will tell you some very important stuff about the Strong Name of the assembly. This step is key to get this to work and there's deep theory about assembly signing coming to play.

Assemblies are usually signed with a key so that they don't get tampered with in the way I'm doing it. Unless you have the key you can't modify it and resign it. This is something that Visual Studio does when it builds an assembly.

You can either remove the Strong Name, or register the assembly for verification skipping. This is something you could do with the sn.exe tool, or just through the interface below:

"Register it for verification sipping" requires that "sn.exe" is in the path variable so the tool can call it. It will basically execute:

sn -Vr yourAssembly.dll

I had to add "C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\x64" to my Environment PATH variable and restart JustDecompiler. You might want to do this before you edit assemblies so you don't have to do it again. This is what you will see if sn.exe is not found:


STEP 6) What you should see next is the patched assembly, but the most important part is the PublicKeyToken, it should not be null:


STEP 7) The last step, rename the "Patched" DLL to its original name, then do an IISRESET.


And here she is, the most beautiful SharePoint release ever:

Please comment if you like this post!

Slides and Video from my #SPC14 sessions, what a ripper I'm on Channel 9!

So, as you could imagine, #SPC14 was INSANE!!! So much content, amazing sessions, awesome announcements lots of great fun, lots of lost money at the casinos. I am still recovering, trying to get my calendar in order and attending to the endless list of tasks and people to follow-up. I have collected over 100 business cards, many of which are potential business opportunities, and have given out at least 400.

I got really good feedback from my sessions, I am happy, but there is always room for improvement. I was visibly (and audibly) tense in my #AccessServices session (the first one), but the amount of humor and jokes made up for it. A lot of people came up to me and told me they enjoyed it very much and that it was pure comedy. It was engaging, but definitely the amount of people in that session was mind gobbling. Definitely the first time for me speaking in front of 650 people (968 confirmed to attend, many more came, many got rejected because of no room). Overall it was a good session, but I also got some suggestions for improvements. The feedback is always the most important so I will definitely take action.

My talk on Work Management Service was significantly straight forward. It received a really high score, but overall it was not as entertaining as Access. the content was quite flat but unique. No other session at #SPC12 or #SPC14 demonstrates Task Synchronization and the Work Management Service. Many people, including in the feedback, told me they didn't even know it existed. It is very honorable to show something at #SPC14 that people don't know about.

Here are my slides and video:

Access is back! High-value, 'no code', functional & flexible business apps with the new Access services



My Rating so far:

Evaluation Count 108 
Question: Average Score:
The speaker’s presentation style helped me better understand the material. (5 excellent - 1 poor) 4.46
The speaker was knowledgeable about the subject matter. (5 = high to 1 = low) 4.72
The presentation was effective. (5 = high to 1 = low) 4.33
The demo(s) were effective. (5 excellent - 1 poor) 4.28
Overall satisfaction with this session. (5 = high to 1 = low) 4.39
Overall: 4.436

SharePoint 2013 Work Management Service Deep Dive



My rating so far:

Evaluation Count 27 
Question: Average Score:
The speaker was knowledgeable about the session’s topic. (5 excellent - 1 poor) 4.87
The speaker’s presentation style helped me better understand the material. (5 excellent - 1 poor) 4.39
The presentation was effective source of learning. (5 excellent - 1 poor) 4.61
The demo(s) were effective. (5 excellent - 1 poor) 4.35
Overall satisfaction with this session. (5 excellent - 1 poor) 4.42
Overall: 4.528

(People are evaluating continuously, so numbers may change)

Overall, it was a great pleasure and a great experience. I sincerely hope I have shown someone something new.

Please feel free to contact me and ask me about these things, I would be glad to help. Oh, yes, and if I haven't offended anyone with my jokes, please feel free to come to my next session! 

Day 1 highlights for developers at SPC14


The hype here at #SPC14 is absolutely huge. I am extremely excited about so many new things that are announced. I'm going to start keeping track of everything I find interesting and post it, so keep an eye out.

For developers:


Office Web Widgets (Preview) - http://www.nuget.org/packages/Microsoft.Office.WebWidgets.Experimental/ Nice components for provider hosted apps. The People Picker is something to check out.


Office SDK for Android - https://github.com/OfficeDev - this looks like a repository that the MS Office team will publish dev related stuff. So far the Android SDK is there, but maybe that’s it.


SharePoint Workflow Apps - I still need to find a link for this one. Keep an eye for an update.


Office 365 Device and website Apps - Same as above. Keep an eye for an update.



SharePoint 2013 and SharePoint Online solution pack for branding and site provisioning http://www.microsoft.com/en-us/download/details.aspx?id=42030 - Nice, putting this in my reading todo list.


Office App Model samples - http://officeams.codeplex.com/ (Blogged by Vesa here: http://blogs.msdn.com/b/vesku/archive/2014/03/03/announcing-office-app-model-samples-codeplex-project.aspx) - Really nice stuff, I saw Steve Walker hit the "publish" button in front of me. That was epic…. I can't wait to find time to check these out


There's some other new stuff like O365 Discovery Services & Azure AD OAuth. I still have to get my head around that one.


I’m speaking at SPC14 and ESPC14!

It has been a quiet period on blogging, but I have been very active in presentations and conferences. Well… not as active as Joel, Michael and Paul, but still active J

Catch me next at:

The SharePoint Conference 2014 in Las Vega, yeah baby!!!!

Session 1: Access is back! High-value, 'no code', functional & flexible business apps with the new Access services

Microsoft Access 2013 and Access Services 2013 have made a huge step forward... one of the greatest advancements on top of the new SharePoint platform. Anyone can build powerful business solutions in minutes. The new Access 2013 allows you to follow agile development from your business units and remain confident the data is secured, backed up, and managed appropriately. We will look at how you can leverage the SharePoint Apps model and use SQL Azure as a backend database. We, too, will talk about how your legacy Access applications could be brought forward and migrated.

This will be a technical session focused on functionality, capability, process and architecture. There will be 'no code' and we will discuss the rationale of why this should be in your development arsenal.

Date: Tuesday, March 4

Time: 5:00 PM - 6:15 PM

Room: Murano 3201-3303

Session Type: Best Practices

Session Code: SPC301

Audience: IT Professional

Level: 300

Product: Access, Office 365, SharePoint 2013

Tag: 2013, Access, Access Services, Apps, Cloud, On-Premises, Solutions, Tools

Role: Administrator, Application Manager, Database Administrator, IT Architect, Software Architect, Systems Administrator


This session currently has 474 attendees confirmed… WOW, just wow!!!


Session 2: SharePoint 2013 Work Management Service deep dive

Where do you keep track of all your tasks? Outlook? SharePoint? Maybe Project Server? Storing them across multiple applications is a pure Information Worker challenge. SharePoint 2013 has the new Work Management Service Application to solve these issues. It aggregates tasks across SharePoint, Exchange, Project Server and there's even a story for TFS. There's not that much documentation out there on how to configure it, how to maintain and work with it. In this session I will walk through the architecture and setup, and go over how it operates and what you need to know to keep it alive. I will demonstrate the features and discuss all of the technical aspects.

Date: Wednesday, March 5

Time: 5:00 PM - 6:15 PM

Room: Murano 3201-3303

Session Type: Deep Dive

Session Code: SPC342

Audience: IT Professional

Level: 300

Product: Exchange, Project, SharePoint 2013

Tag: 2013, Architecture, Deployment, On-Premises



The European SharePoint Conference 2014 in Barcelona, 5-8th May:

SharePoint 2013 App Authentication

SharePoint 2013 introduces a new App model that is drastically changing the way developers think about and deliver new functionality. This talk is a deep dive on SharePoint 15 App authentication and how it works, how tokens get exchanged and how the communication is secured. We will look at the framework API and architecture, all the various bells and whistles of OAuth and Server-2-Server authentication. This talk is developer oriented and we will spend a lot of time covering the specifics on OAuth authentication & tokens, communication back to SharePoint, the different deployment models, various limitations and how to overcome them and apply them to the real world.

Link: SharePoint 2013 App Authentication

Soon I will also be posting the upcoming local user group sessions. Stay tuned :)

#spc14, #espc14


Blog brought back up from the ashes….

Hi readers!

You might have noticed my blog down for a few months. Quite sad, I was constantly getting spam comments and eventually the whole SharePoint.BG platform crashed, bringing down a few blogs.


It took a while for me to find out, then eventually book time to revive it with the help of my colleagues.


We ended up migrating from BlogEngine 1.8 to 2.8, which is really much better. It still has bugs, but it is an OK platform. The challenging parts we're migrating some lost posts, making sure URL's are the same, making images work properly.The key feature we use is multiple bloggers, which is the idea of SharePoint.BG, a blog platform for interested people.


So… we’re back in business J oh yes, screw you annoying spammers!


The Fall of the Master

Today the entire MCM/MCA and MCSM community received the sad and utterly disappointing message that all Master & Architect programs will be retired on the 1st of October, 2013.

This is a complete shock to all involved in the community and is by far one of the worst decisions Microsoft has ever done. As an external (to Microsoft) MCM and MCSM, a customer to the program, and what many of my program peers consider a successful  delegate with achieved business results and commercial customer recognition due to the program, I have all the right to publicly announce my disappointment with the person who made this decision and ask for his/her resignation. Hundreds of us have invested their time, money, blood, sweat, nerves, pride and honour, and now it has abruptly been retired for all.

What does this mean for the SharePoint product?

The MCM/MCSM/MCA crew have been long recognised as the best technical field experts in the industry. Maybe not so widely communicated and maybe the message has not been so successful, but the lads and lass of the program have made a difference to the success of the product.

Quite frankly, this is actually a sad, sad day for SharePoint. I know extremely well from experiences, the MCM/MCSM/MCA crew have saved a ridiculous number of failed deployments (no offence to anyone!) and without us this product would have failed embarrassingly in a far too great number of occurrences at key clients that actually fund the product.

What does this mean for customers of SharePoint?

Many customers ask for the skills of MCM/MCSM/MCA… and pay for it. They get good results for the buck, no question asked. There is not one problem we couldn’t fix, not one challenge we couldn’t design for and that’s what we we’re trained for. The actual certificate is not that important here – it is the training and knowledge sharing that matters. There is not one place/program/event/community that I know that offers the collaborative training experience that the training rotation offered. There is no other place in the world, no matter how big the internet is, that offers all of that knowledge collected, systemised, ordered and analysed for the purpose of the better client deployment.

Without this level of training in the future, customers will suffer more failed deployments and essentially Microsoft may suffer a loss in profit. I sincerely believe that you can’t solve many global SharePoint problems/challenges with the training available at the MCP/MCSE/MCSA levels. They are just not deep enough. SharePoint is huge and extremely diverse, so the knowledge matters. Even Microsoft internals are trained at the program. So who’s going to grow stars now?

What about the other programs?

The same story applies. Microsoft just slapped the best in the world. Doesn’t matter if you’re in SharePoint, Exchange, Lync, SQL or Directory, or more than one discipline, it’s a sad day for all.

What does it mean for businesses with MCM/MCSM/MCA specialists?

Well… now there is no way to differentiate the top  of the industry. There might be other certificates or programs to train and recognise, but many partners recognised the Masters and Architects. Many paid a lot for their training and many had a lot of success & return afterwards.

I for one gained significant benefit after passing MCM, I started my own business and currently grow armies of SharePoint developers and infrastructure specialists which assist Microsoft customers and partners (and even Microsoft!) all over the world. A delivery team with a Master is worth much more compared to a delivery team without a Master and many customers hire these services in favour of other nearshore/offshore offerings. Call me commercial, but that’s what I am – I deliver resources and skill set to partners and customers that need it, and the program made me better at it. There are many places in the world that need the MCM/MCSM/MCA difference that it makes.

What would this mean for instructors and managers of the program?

I would imagine you feel disappointed too? You’ve spent so much time to make this all a success for us… and its all gone (I hope you are not made redundant?).

What does this mean to existing MCM/MCSM/MCA?

We’re more tough than you could imagine. For those who have achieved certification, you will always be remembered as the ones who succeeded in the challenge, the original crew. Many of us are hurt (I can see more than 10 emails per hour filled with frustration on the internal DL), but we will continue to be as knowledgeable as we can and act in the best interest for the client. The program has taught us values and practices that will continue to drive product success and adoption.

We’re gonna get some kind of refund, but that won’t cover the disappointment towards Microsoft that the best are feeling at the moment. I guess it’s kind of hard to have the people you recognised as the best to tell you that you suck. If you cared, that is.

What does this mean for people who never had the chance to attend?

There’s a lot of “masters” in the field who didn’t have the chance or just didn’t bother to do this. For those that never had the time or possibility to attend a rotation or pass the exams, you don’t need no certification, we know who you are. The community is mature enough to recognise one another and the impact you have on the success of the product.

And to all MVP’s? think about what it would mean to you if you suddenly receive an email telling you that the MVP program is suddenly retired and within two months your award means nothing anymore. Well guess what, tomorrow that could happen. So have a second thought if you are giving your heart to a company that is changing. Microsoft is no Microsoft anymore.

What does this mean for Microsoft Learning?

YOU FAILED THIS EXAM.. You failed your purpose and your promise to customers. For once YOU get the failed message and not I :) Quite frankly, you damaged the reputation of Microsoft, and you’re probably going to shim off a bit of the share price.