Application Security Testing: An Integral Part of DevOps
SharePoint - the buzz word for web portal that is browser based and drives towards effective management of data with ease. Also termed as one of the effective collaborative tools helping offices of all sizes to share the information effectively and manage day-day office processes through elegant workflows.
This article outlines few of the common mistakes encountered when working with SharePoint and Sharepoint solutions.
CAML Queries Don't Apply The Filters
SPQueryobject that helps you query using the SharePoint Object Model.
SPQuery myQuery = new SPQuery(); myQuery.Query = ""<Query>..<Where>...</Where></Query>";
The Query property of the
SpQuery object does not need the <QUERY> tag in the Query. This causes the filters not to be applied. Remove the Query tags and the filters shall be applied with the Query.
Also, a good practice is to use the "
ViewFields" property to retrieve only required fields from the Query. You can specify these using the
ViewFields property of the Query Object. A sample snippet is as shown below:
oQuery.Query.ViewFields = "<FieldRef Name='Age' />";
First thing that strikes is the
Unknown error in the SharePoint Page. This is known at times as the dreaded message. A lot of effective mechanisms to tackle this problem are provided on the web. Nevertheless, a quick mention of the easiest step would be worthless.
SharePoint does the job of hiding the exact error message from the .NET framework, thereby answering the concerns of security. However, the stack trace that is secured through the default behavior of the SharePoint is the vital need for the solution to such unknown errors.
For a developer to figure out the stack trace for an error, all the user has to do is to turn off the custom error in the web configuration file. In the Web configuration file of the site, look for the
SafeMode tag. Under this tag look for the
CallStack attribute. Set it to true to enable the Call Stack.
Additionally, look for the
customErrors node and change the
mode attribute value to
After changing these two values in the web configuration file, safe the
web.config file and run your application. Ensure that you do these in your production environment only to figure out the actual error and then do not forget to toggle the values of the
CallStack and the
mode attributes of the
SafeMode and the
CustomErrors tags respectively. If you fail to do this, you might be compromising the security of the application.
These errors typically occur when you don't possess the right level of permissions to create sites OR add documents to a library.
Strange Errors After A Config Change
Strange errors can appear after a configuration change to the SharePoint application. This typically happens when you make changes to the "Alternate Access Mappings" or any other config changes. Timer jobs also fail to complete successfully at times.
Clear the SharePoint Configuration Cache in such cases.
SPLISTITEM Does Not Update The Object Properties
When we try to set values for
SpListItem properties with the help of an Indexer, the values are not updated. The right way of doing this is to use the
SpListItem object itself.
var list = web.List["theListName"] list.Items["field1name"] = "val1" list.Items["field2name"] = " val2" list.Items.Update() write, SPListItem myItem = web.List["theListName"].Items; myItem ["field1name "] = " val1" myItem ["field2name "] = " val2" myItem.Update(),