When installing K2 Blackpoint (http://www.k2.com/en/blackpoint.aspx) you might encounter the following error:

Arguments: 
Exception: Value was invalid.
Parameter name: sddlForm
StackTrace:    at System.Security.Principal.SecurityIdentifier..ctor(String sddlForm)
   at SourceCode.SetupManager.Program.ensureUserPrivileges()
   at SourceCode.SetupManager.Program.Main(String[] sArgs)

If this error occurs, it is due to the fact that K2 Blackpoint uses Active Directory, thefore it requires the logged in user to be a member of a domain and not the local computer.

If this error does occur, need to make sure AD is even installed on the server, for information installing AD on Windows Server 2003, check out: http://technet.microsoft.com/en-us/library/aa998088(EXCHG.65).aspx

Once the user trying to install K2 Blackpoint is part of a domain, they will be able to proceed without receiving this error.

There are some issues surrounding enabling the Aero transperency in Windows 7. There are several factors to keep in consideration in order to see the features work properly. Most notable are the following conditions that have to be met in order for the visual effects to take place:

• Desktop Window Manager must be enabled
• Color Quality must be a minimum of 32 bit

First thing that you need to do is to select a Aero Theme (if you haven't already) by right clicking the desktop and selecting Personalize. This will pull up the Personalization window and you will see a list of available Aero Themes that you can select from. Choose one and close the window.

At this point, if the transparency is working correctly, you should see the glass effect visualization on your desktop. If this is not working correctly, then there are some conditions to check. 

One condition is to see if the Desktop Window Manager is running. Go to Windows services by clicking the windows icon and typing services.msc in the search box and the press enter. It will pull up the Services window and scroll down until you find the service name of Desktop Window Manager Session Manager and make sure it's started. If it's not started, right click the name and select Start.

After the DWM condition is verified, there is a feature to run a Windows Troubleshooting tool to find and fix the problem in Windows 7

Start by clicking the windows icon and typing Aero in the search box. It will list some options under the Control Panel, select the one that states: Find and fix problems with transparency and other visual effects.

It will then bring up the troubleshooting wizard to help in determining if there is a problem with the Aero transparency.

After the wizard runs, if it finds a problem, it will state the issues that might be a cause for the transparency not to work. As in the case that I found for my laptop, it said that the DWM was enabled, however, the color quality was set to low. In order for the effects to run correctly, it requires a MINIMUM of 32bit.

 At this point, go to the display settings of your laptop and verify that the color quality is set to 32 bit. For my secenario, that option to set the color quality higher was not available. I was running a nVidia Quadro NVS 140M graphics card and had run windows update to grab the driver for it. However, the driver only allowed a 16bit color quality. I went to the nVidia website and downloaded the latest driver for Windows 7 64bit and after installing and rebooting, it solved the issue and I now have the transparency.

 I've seen some of the hacks of the registry for possibly getting around some of these situations, however, be very careful editing the registry because I've heard from several individuals that it corrupted their screen.

 But, if you make sure that the 2 conditions that I stated are correct, you should enjoy the Aero functionality. Just make sure you have the latest drivers for your graphics card and it supports 32bit color quality.

After completing the process of creating a MOSS configuration list and the SetConfiguration method in the event receiver (Creating Item Level Security for an Event Receiver based upon metadata (Part 1)), it’s now time to create the methods for actually implementing the security for the individual documents.

SetSecurityForItem:

This method will set the applicable security for the document. For my purposes, I added a boolean field in the document library called ChangeSecurity that can be checked if different security needs to be applied.  Once this is done,  we need to call the method BreakRoleInheritance(false) so that it will not copy down the permissions from the library.  I did find when you call the ItemUpdated method, that you need to remove all inherited roles to be able to apply the correct assignment (See line 23). Therefore, one of the parameters passed into the SetSecuritForItem method requires the type of method being called (“ItemAdded”, “ItemUpdated”, etc…) At this point, we need to set the SPRoleDefinitionCollection (I chose to utilize caching in this instance again).  To obtain the role definitons, the SPWeb parameter is called. Following this, a new array of type SPRoleDefinition is created passing in the roleType from the custom list. Last portioin of this method is to iterate through the SPFieldUserValue to apply the permission to the document.

   1: #region SetSecurityForItem

   2:        // This function sets the Item Level Security for the document

   3:        private void SetSecurityForItem(SPItemEventProperties properties, SPWeb spWebSet, string methodType)

   4:        {

   5:            SPFieldUserValueCollection sharePointGroups;

   6:            SPList spList = properties.ListItem.ParentList;

   7:            SPListItem docItem = properties.ListItem;

   8:  

   9:            bool isChangeSecurity = (bool)docItem["ChangeSecurity"];

  10:  

  11:            if (isChangeSecurity)

  12:            {

  13:                sharePointGroups = group2;

  14:            }

  15:            else

  16:            {

  17:                sharePointGroups = group1;

  18:            }

  19:            //Break the Inheritance to assign new role definition to the group

  20:            docItem.BreakRoleInheritance(false);

  21:  

  22:            //Remove the previous RoleAssignment if this is an update

  23:            if (methodType == "ItemUpdated")

  24:            {

  25:                //remove all the inherited roles  

  26:                for (int i = docItem.RoleAssignments.Count - 1; i >= 0; --i)

  27:                {

  28:                    docItem.RoleAssignments.Remove(i);

  29:                }

  30:            }

  31:            // Get Role Definitions

  32:            SPRoleDefinitionCollection roleDefinitions = HttpRuntime.Cache.Get("WebRoleDefinitions") as SPRoleDefinitionCollection;

  33:            if (roleDefinitions == null)

  34:            {

  35:                roleDefinitions = spWebSet.RoleDefinitions;

  36:                HttpRuntime.Cache.Insert("WebRoleDefinitions", roleDefinitions);

  37:            }

  38:  

  39:            SPRoleDefinition[] rolesToApply = new SPRoleDefinition[1] { roleDefinitions[roleType] };

  40:  

  41:            foreach (SPFieldUserValue fuv in sharePointGroups)

  42:            {

  43:                addPermissionToListItem(properties.ListItem.Web, properties.ListItem, fuv, rolesToApply);

  44:            }

  45:  

  46:        }

  47:        #endregion

addPermissionToListItem is called in SetSecurityForItem which I will go into detail below:

addPermissiontoListItem:

With this method, it allows you to programmatically add security to a list item by the means of iterating through the values of a SharePoint User or Group column, including support for passing in a list of SPRoleDefinition items to grant to the security item. SPPrincipal represents either a user or group that will be assigned permissions.  Once we distinguish the type of SPPrincipal, a new SPRoleAssignment is created and the binding information is then iterated through and added to the role assignment. Finally, the group’s (or user’s) role assignment is then added to the list item. One thing to note about this method is that if the field user value is a User, a lookup is performed to obtain the SPPrincipal value (line 21)

   1: #region addPermissionToListItem

   2:        private void addPermissionToListItem(SPWeb SharePointWeb, SPListItem ListItemToAddTo, SPFieldUserValue UserOrGroupToAdd, params SPRoleDefinition[] RolesToGrant)

   3:        {

   4:            if (SharePointWeb != null && ListItemToAddTo != null && UserOrGroupToAdd != null && RolesToGrant != null && RolesToGrant.Length > 0)

   5:            {

   6:                SPPrincipal newItemToAdd = null;

   7:  

   8:                bool isUser = false;

   9:                try

  10:                {

  11:                    if (UserOrGroupToAdd.User != null)

  12:                    {

  13:                        isUser = true;

  14:                        newItemToAdd = UserOrGroupToAdd.User as SPPrincipal;

  15:                    }

  16:                }

  17:                catch { }

  18:  

  19:                if (!isUser)

  20:                {

  21:                    newItemToAdd = SharePointWeb.SiteGroups.GetByID(UserOrGroupToAdd.LookupId) as SPPrincipal;

  22:                }

  23:  

  24:                if (newItemToAdd != null)

  25:                {

  26:                    //Create a new assignment for the new group

  27:                    SPRoleAssignment newRoleAssignmentToAdd = new SPRoleAssignment(newItemToAdd);

  28:  

  29:                    //Get the role definitions binding collection for the new assignment

  30:                    foreach (SPRoleDefinition roleDefinition in RolesToGrant)

  31:                    {

  32:                        newRoleAssignmentToAdd.RoleDefinitionBindings.Add(roleDefinition);

  33:                    }

  34:  

  35:                    // Add Group

  36:                    ListItemToAddTo.RoleAssignments.Add(newRoleAssignmentToAdd);

  37:                }

  38:            }

  39:        }

  40:        #endregion

Final Step:

Create your overload methods for ItemAdded and ItemUpdated inheriting from the SPItemEventProperties. Make sure to call the methods above and also set the SPWeb value.

   1: #region ItemAdded

   2:        public override void ItemAdded(SPItemEventProperties properties)

   3:        {

   4:            base.ItemAdded(properties);

   5:  

   6:            if (properties.ListItem != null)

   7:            {

   8:                SPWeb spWeb = properties.ListItem.Web;

   9:  

  10:                SetConfiguration(spWeb, properties.ListTitle);

  11:  

  12:                if (applySecurity)

  13:                {

  14:                    SetSecurityForItem(properties, spWeb, "ItemAdded");

  15:                }

  16:            }

  17:        }

  18:        #endregion

Finally, build your project and deploy as a feature. That’s a brief overview of how to apply item level security based upon a metadata value.

First step in the process is to create a basic feature for MOSS. For more information in regarding the template, view the information here: http://www.stevenboldt.com/blog/post/2009/06/01/Creating-a-SharePoint-Custom-Event-Handler-Basics.aspx

The steps I took in creating item level security utilized a custom list in MOSS. This way, the user can customize the setting of the feature and also the group/user permissions that will be set. This can also be done using a config file or other possibilities, but for my example, I used a list.

Configuration List Setup

Browse to the SharePoint site you have the Security event handler feature activated and create a new list called: ItemLevelSecurityConfiguration(or whatever you want to call it). A basic example of what the list should include is as follows:

For the columns Group 1 and Group 2, I set the following:

• Allow multiple section = Yes
• Allow selection of = People and Groups
• Choose From = All Users
• Show Field = Name

For the column RoleType, I set the choice values as follows:

• Administrator
• Contribute
• Guest
• Reader
• WebDesigner

For my example, I set the default value as Contribute.

To set the values of the configuration list, observe the following for reference:

• Title = Name of the entry, usually the same name as the document library
• WebURL = the web URL of the site that the feature is activated on
• SharePointList = SharePoint Document library that will incorporate the security event handler feature
• Group 1 = the groups(or user) that will be given access to the document.
• Group 2 = the groups(or user) that will be given access to the document.
• RoleType = type of permissions the groups are given access to the document (default is Contribute).

Connecting to the Configuration List

A method that I created that gathered the information from the configuration list is called SetConfiguration. This method allows the user to pass in 2 parameters, a SPWeb & document library name. 

Since the configuration list shouldn’t change often, I decided to cache the values, so that the setting of the configuration is kept to a minumum. Line 19 shows me inserting the values into the HttpRuntime.Cache, expiring after 1 day (DateTime.Now.AddHours(24)).  Therefore, next time this method is called, it will be able to populate the SPListItem without parsing through the MOSS list. The SPListItem specifies a specific row or item in a list. To determine this row, I used a SPQuery method utilizing CAML to retrieve the SharePointList values where it matches the current document library that the feature is running. I then call the SPList GetItems method to populate a list item collection.

   1: #region SetConfiguration

   2:         private void SetConfiguration(SPWeb sWeb, string docLibName)

   3:         {

   4:             SPListItem configurationListItemForDocLib = HttpRuntime.Cache.Get(docLibName) as SPListItem;

   5:             if (configurationListItemForDocLib == null)

   6:             {

   7:                 //List name of configuration settings

   8:                 SPList spListConfig = sWeb.Lists["ItemLevelSecurityConfiguration"];

   9:  

  10:                 //Query the ItemLevelSecurityConfiguration SharePoint list where the entry matches the current document library.

  11:                 SPQuery spQuery = new SPQuery();

  12:                 spQuery.Query = "<Where><Eq><FieldRef Name='SharePointList' /><Value Type='Text'>" + docLibName + "</Value></Eq></Where>";

  13:                 spQuery.RowLimit = 1;

  14:  

  15:                 SPListItemCollection collListItems = spListConfig.GetItems(spQuery);

  16:                 if (collListItems.Count != 0)

  17:                 {

  18:                     configurationListItemForDocLib = collListItems[0];

  19:                     HttpRuntime.Cache.Insert(docLibName, configurationListItemForDocLib, null, DateTime.Now.AddHours(24), System.Web.Caching.Cache.NoSlidingExpiration);

  20:                 }

  21:             }

  22:  

  23:             if (configurationListItemForDocLib != null)

  24:             {

  25:                 sharePointList = configurationListItemForDocLib["SharePointList"].ToString();

  26:                 Group1 = (SPFieldUserValueCollection)configurationListItemForDocLib["Group 1"];

  27:                 Group2 = (SPFieldUserValueCollection)configurationListItemForDocLib["Group 2"];

  28:                 roleType = configurationListItemForDocLib["RoleType"].ToString();

  29:  

  30:                 applySecurity = true;

  31:             }

  32:             else

  33:             {

  34:                 applySecurity = false;

  35:             }

  36:         }

  37:  

  38:         #endregion

Now we have a customizable list and a connection for this list. The next post will show the ways to apply the security to the individual documents.

I’ll review the basic steps on creating a SharePoint custom event handler.

You begin by opening up Microsoft Visual Studio 2005 and create a new class project. Reference the Microsoft.SharePoint assembly and then rename the default.cs class to the name that you want to give to your event handler. Also, remember to add your using statement for Microsoft.SharePoint.

Depending on which type of event handler you are wanting to write, will determine the proper SharePoint class to derive from. A breakdown of the available SharePoint classes to derive from are as follows:

• List Items – SPItemEventReceiver
• List Columns – SPListEventReceiver
• Site – SPWebEventReceiver
• Email - SPEmailEventReceiver

At this point, you need to make a decision on whether you want to use Asynchronous or Synchronous events in your event handler. In order to determine which one you want, first decide if you want the event to fire before or after the event.

Asynchronous calls occur after the event, and do not block any code being executed in SharePoint. On the flipside, synchronous calls occur before the event, will block code being executed in SharePoint until your custom event handler is completed.

For a list of the available methods for each class, refer to Microsoft’s site:

SPItemEventReceiver Methods
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spitemeventreceiver_methods.aspx

SPListEventReceiver Methods
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.splisteventreceiver_methods.aspx

SPWebEventReceiver Methods
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spwebeventreceiver_methods.aspx

SPEmailEventReceiver Methods
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spemaileventreceiver_methods.aspx

Once you make your decision on what type of event receiver and also what type of method call you will be using, write out the override method . I will discuss further on manipulating particular methods.

Creating a Strong Name Key
After completing your method, you will need to sign the assembly. You can do this by going into solution explorer and right clicking your project and selecting properties. Then, click the Signing tab, then select Sign the Assembly, then select Choose a strong name key file and click “<New…>”. Type a name into the Key file name box (usually the name of your project). It needs to be in the format of xxxxxx.snk. You can set a password if you want, and click OK.

Creating Event Receiver to be installed as a Feature
Right click on your event handler project and select Add / New Folder. Name the folder as the same name as the project or similar. Add to blank XML files under the folder. Name the XML files as elements.xml and the other feature.xml.

In the feature.xml file, it should follow the following format:

<Feature Scope="Web"

    Title="My Event Handler"

    Description ="Description goes here."

    Id="F141E5EA-796E-4807-AB86-43F5DC560371"

    xmlns="http://schemas.microsoft.com/sharepoint/">

    <ElementManifests>

        <ElementManifest Location="elements.xml"/>

    </ElementManifests>

</Feature>

For further explanation, refer to the Microsoft site for all the available nodes.
http://msdn.microsoft.com/en-us/library/ms436075.aspx

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">

    <Receivers ListTemplateId="101">

        <Receiver>

            <Name>MyEventHandler</Name>

            <Type>ItemAdded</Type>

            <SequenceNumber>10000</SequenceNumber>

            <Assembly>MyEventHandler, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1cd942f82aed8c82</Assembly>

            <Class>MyEventHandler.EventHandler</Class>

            <Data></Data>

            <Filter></Filter>

        </Receiver>

    </Receivers>

</Elements>

In the elements.xml, the ListTemplateId refers to which list to associate the event handler. 101 = document library. For a description of the available id, see here: http://msdn.microsoft.com/en-us/library/ms462947.aspx

The <Type> node refers to the method that will be raised when the action takes place. For multiple methods, you will need multiple <Receiver> nodes. <SequenceNumber>node refers to the order of execution.

Add a text file to the root of the project and rename it to cab.ddf and input the following:

;** MyEventHandler.wsp **

.OPTION EXPLICIT

.Set CabinetNameTemplate= MyEventHandler.wsp

.Set DiskDirectoryTemplate=CDROM

.Set CompressionType=MSZIP

.Set UniqueFiles="ON"

.Set Cabinet=on

.Set DiskDirectory1=Package

;**************************************************

manifest.xml manifest.xml

MyEventHandler\elements.xml MyEventHandler \elements.xml

MyEventHandler \feature.xml MyEventHandler \feature.xml

bin\debug\ MyEventHandler.dll MyEventHandler.dll

Then add another text file and rename that one to installer.bat. The following should be inputted:

makecab /f cab.ddf

Add a new xml file to the root of the project and rename it to manifest.xml and input the following:

<?xml version="1.0" encoding="utf-8" ?>

<Solution xmlns="http://schemas.microsoft.com/sharepoint/" SolutionId="BF2A762B-A158-456c-BCA5-38120E87D982">

    <FeatureManifests>

        <FeatureManifest Location="MyEventHandler\feature.xml"/>

    </FeatureManifests>

    <Assemblies>

        <Assembly DeploymentTarget="GlobalAssemblyCache"  Location="MyEventHandler.dll">

        </Assembly>

    </Assemblies>

</Solution>

Save all your work and build your project.

When attempting to install applications on Windows Server 2008, even though the user account is part of the administrator group, you will receive an error stating as follows: