Monday, April 15, 2019

How and Why to use an Account Name or an Email Address as a Username when using ExCM


Extranet Collaboration Manager (ExCM) is used by many organizations as a tool to provide the best extranet security possible when collaborating with suppliers and clients. Because of this, we are frequently asked by our customers if they should use a unique username or an email address as the username, and what are the advantages and disadvantages of doing this? Below you will find some of the most common pros and cons for using an email for a username verse using a unique user supplied username.

Emails vs Usernames

Pros
·        Emails by design are unique like a username
·        Emails in many cases are easy to remember
·        When setting up a new account you can bypass having to ask for the email               address if it is also the username

Cons
·        People do sometimes change their email addresses
·        Email addresses can be exposed publicly
·        In some rare cases, people share an email address and would need separate             usernames
·        When using a mobile device typing a username can be easier depending on the         number of characters being used

So, you have weighed the pros and cons and have decided that your organization would be better served by using a user-supplied username instead of an email address, but now you need to know how to change the ExCM settings to allow the new format.
Here are the directions for making the update to the username from an email address. First, you will need to go to the content site web.config file and search for the attribute that reads:
useEmailAsUsername="true"

You can simply change this to "false" and have separate usernames and e-mail addresses.







Now you have a Username and E-mail Address field in the registration form.

Note: Existing users will still need to use their e-mail address to authenticate...this will only affect users created after you make the web.config edit.   


Now that you have decided to keep the default settings and use the user's email address as the username, you notice that the default ExCM sign-in screen shows “User Name:” instead of “Email:”. What if you want to change the verbiage on the sign-in screen to show “Email”?


To do this you will need to browse out to "C:\inetpub\wwwroot\wss\VirtualDirectories\COMPANYURL\App_GlobalResources" and open the excm.en-US file and make the appropriate change.













Once you have opened the file you can run a search for “User Name”, then look for the "<value> User Name: <value>" and change “User Name” to “Email”. Next, save the file, and run an IIS reset.























Refresh your browser and you should see that the sign-in page now shows “Email:”, which will hopefully make things less confusing for the end user.



Tuesday, April 02, 2019

What To Know When Migrating Extranet Collaboration Manager (ExCM)


With SharePoint 2019 on the horizon, you may be considering upgrading. If you are using ExCM for your extranet needs, then you may wonder about the process and how involved it is. Hopefully, with the help of this guide, you will see that the ExCM migration may be the easiest part of your upgrade! If you are still leery, contact us about our migration assistance package and let us walk you through migrating ExCM.

Whether you are going to follow Microsoft’s detach/attach method for migrating, or you will be using a tool such as Metalogix or Sharegate, the process is mostly the same… there are just a few extra steps with Microsoft’s path.



















The first step of your migration is to build out your new SharePoint environment. When building the new environment, you will use the same web app name, URL, database name, role and role provider, etc. Basically the same structure, just a different version of SharePoint. While you will have the same names, the content will be empty. For example; If you have an extranet at www.mycompany.com/site/home, the page will still exist, but there will not be any subsites or content on the site. At this point, you should be able to browse out to the root site collection and a page should load.




















When you have the new version of SharePoint installed and looking like your old SharePoint environment, The next step is to install the correct version of ExCM in your new environment. Once installed, configure ExCM with the same settings as your previous version. If your new environment is using a new SQL server, name the database created during the setup Wizard the same as the old database. This way, once you have tested the installation of ExCM, you can simply delete this blank database and migrate the previous database containing all your extranet users over.

If you are not using a new SQL database, you will need to name your database something similar to the original database name (ex. Instead of ExtranetDirectory you may use ExtranetDirectory1) This way, once you have tested your new environment to ensure the install was a success, you can delete the ExtranetDirectory1 database and change your web.config file so that all references to ExtranetDirectory1 now point to ExtranetDirectory.


We have had many customers that have migrated from 2010 or 2013 to 2016 and whether they are using the detach/ attach method or a migration tool the biggest issue we have seen them run into seems to be an issue with the transfer of registration fields from the old ExCM to the new ExCM. This can be caused by having the wrong settings in the migration tool that prevent the content database from fully transferring the correct data. Whatever the reason the fix is pretty easy. After transferring the content data to your new ExCM environment you can delete the registration and then recreate it.


To help lead you in the right direction we have provided a couple of links to PremierPoint Solutions documentation on migrating from SharePoint 2010 to 2013 and SharePoint 2013 to 2016.

The primary thing to remember when migrating is to have a plan laid out and always make backups when possible.


Wednesday, March 06, 2019

Extranet Collaboration Manager (ExCM) Best Practices


When using SharePoint as an Extranet, you will have many options and decisions to make and we hope to share some insights that we have seen from several years of working on SharePoint Extranets day in and day out. Can you ignore some of these suggestions? Probably, but we only do this for a living… what do we know?

So, with that being said here is a list of our recommended best practices for installing and using ExCM. 

Separate Extranet Web Application

If your extranet will be hosted on the same SharePoint Farm as your Intranet, we recommend a separate web app for extranet. This is one of the first steps in creating a secure extranet that is also easy to use. You can follow our documentation on Setting up a Web Application for your Extranet.


Use SSL Certificate

An SSL certificate, commonly known by the name Secure Sockets Layer, is a standard security protocol that’s used to ensure the safety of transmitted data over the Internet. Basically, when you use SSL certificates, an encrypted link is created that protects the connection between a browser and a web server, or between computer systems. This means that your external user can type in a password and know that it is securely being transmitted. You would think this step would be self-explanatory, but we are including it as it has come up before. Why you should use an SSL.


Remove Intranet-related UI Elements from Extranet Sites

Not all of the out-of-the-box features of SharePoint are intended to be used in every use case. For Extranet use cases, there are several user interface (UI) elements and features that are primarily intended for Intranet use cases and therefore we recommend removing them from your Extranet web applications.

The Intranet-intended features that we recommend that you remove from your extranet web applications are:
       
* Links to Newsfeed, OneDrive, and Sites
* User Profile Service
* Links for Sharing, Following, and Client Synchronization
   
Below are some links to help you accomplish this in your environment.


Extranet Web Application

When implementing Extranet Calibration Manager (ExCM) 2016, 2013 or 2010, we recommend using an extranet web application that is configured to use multi-mode authentication (as opposed to using an extended web application, as was the common practice with SharePoint 2007/2010). Active Directory is used as the authentication provider for internal users (your employees) and the ASP.NET SQL Membership Provider is used for external users (your customer, vendor, or other collaboration business partners).


Where to install Extranet Collaboration Manager

Install and deploy ExCM 2016 or 2013 R2 on your Central Administration server AND the Microsoft SharePoint Foundation Web Application service must be started on that server and remain started.

Best Practices After Installing ExCM

·    Create a Root site collection as a general information site collection and a landing page
·    Create a separate site collection per external engagement (subsites for separate interaction with external engagement)
·    Turn on invitations





Applying Master Pages with Extranet Collaboration Manager 2016


Extranet Collaboration Manager 2016 (ExCM) is a SharePoint add-in developed by PremierPoint Solutions that streamlines SharePoint extranet collaboration and simplifies SharePoint extranet administration. In ExCM, a master page can be applied to the anonymous pages (registration, sign-in, and password reset) to achieve the desired look and feel.  There are three options when selecting a master page:
  • ExCM anonymous master page (vanilla)
  • Site default master page
  • Custom master page

You should consider two factors when choosing the master page for your site:  branding and anonymous access.  You also need to take into account the anonymous access configuration of your Web Application and the site that will run the anonymous pages.


Option 1 – Web Application with No Anonymous Access
In this configuration, the anonymous master page provided by ExCM will be applied.  This page has a very “vanilla” look as you can see from the screenshot below.   Anonymous Access is not enabled on either the Web Application or the IIS site itself.
































Web Application





















IIS Manager

















Option 2 – Web Application with Anonymous Access (Site Default)
In this scenario, the site default master page will be used.  To make this work, Anonymous Access must be enabled on both the Web Application and the IIS site.  In addition, you will need to set up Anonymous Access on “Lists and Libraries” at the top level or root site to allow the master page to function properly.  This can be found under the “Site Permissions” menu:

Web Application

IIS Manager                             


























Notice how the sign in page now takes the look of the Team Site template which was used when this Web Application was created.  This was achieved without any extra configuration:

































In addition, if a subsite or subsite collection is using a separate master page, each page will inherit the same look and feel (registrations that occur at the http://extranet.awbikes.com/sites/acme  site will use the AWBikes master page).
The drawback to this configuration is that each subsite will need to have the appropriate anonymous access level set up to function properly (Lists and Libraries).


Option 3 – Web Application with Custom Master Page
The last option is to create a custom master page for use with your site.  This is done with SharePoint Designer and requires a little more work.  However, the page would be applied to all of the sites in the Web Application, thus preventing any further configuration.
You can either edit an existing master page or start from scratch.  If you chose to start with the master page provided by ExCM, then you would not need to enable Anonymous Access and would configure it like Option 1.  You can find our master page at the following location:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\TEMPLATE\LAYOUTS\SPSolutions\ExCM















Otherwise, you would need to use the Anonymous Access levels outlined in Option 2.
Information for creating a custom master page with SharePoint Designer can be found on the Microsoft Office website here:

In summary, Extranet Collaboration Manager 2016 provides multiple options with regard to the master page you can use.  The best solution for your deployment will depend on your specific needs with regard to the overall look and feel of your site, as well as the requirements for Anonymous Access.

Wednesday, November 14, 2018

Video Demo: Implementing and Configuring FBA in SharePoint 2016 - Part 4 - Importing Users


PremierPoint Solutions Software Support Engineer and resident extranet guru, Mark Lewis, demonstrates the final phase in SharePoint 2016 Forms-based Authentication implementation: importing users:




Video Demo: Implementing and Configuring FBA in SharePoint 2016 - Part 3 - Editing the web.config file


PremierPoint Solutions Software Support Engineer and resident extranet guru, Mark Lewis, demonstrates the third phase in SharePoint 2016 Forms-based Authentication implementation: editing the web.config files:




Video Demo: Implementing and Configuring FBA in SharePoint 2016 - Part 2 - Create a SQL DB for FBA users


PremierPoint Solutions Software Support Engineer and resident extranet guru, Mark Lewis, demonstrates the second phase in SharePoint 2016 Forms-based Authentication implementation: creating a SQL database in which to store FBA users:




Video Demo: Implementing and Configuring FBA in SharePoint 2016 - Part 1 - Configuring the Web Application


PremierPoint Solutions Software Support Engineer and resident extranet guru, Mark Lewis, demonstrates the first phase in SharePoint 2016 Forms-based Authentication implementation: creating and configuring the web app:



Thursday, November 08, 2018

Create Nested Sub-site With ChangeBot (Relative URL)


We always recommend you create a site collection for every extranet site you create. There are many reasons why this is the preferred method, however, some of our customers have found that multiple levels of sub-sites are best for their environment. These customers still want to use ChangeBot to automatically create sites, add users, and other general maintenance items on these nested sub-sites but run into an issue with how to populate the URL. Do you allow your users to manually enter it and possible have a typo?

Below are the steps for setting up your ChangeBot Request Profile so that you can successfully build your Relative URL and provision a site at a subsite level. In the steps below, we have two variables that can be populated with a drop down box (Inputs.Subsite and Inputs.SiteTitle) and the key to making it work correctly is in Step 10... using $inputs.Subsite/$Inputs.SiteTitle to define our Subsite and sub-subsite title to form the URL.


Example Usage:





  1. Create an Input Property cooresponding to the subsite name
  2. Generate site collection property output through Create Site Collection Activity
  3. Create a new activity in the execution plan of your request profile
  4. Set the Activity Type to Create Site
  5. Click the function button next to the Site Collection box
  6. Click the Property Group drop down and select Execution Properties
  7. Click the Property drop down and select the Properties.[SiteCollectionProperty] that was previously defined