This article can also be found in the Premium Editorial Download "SharePoint Insider: Top five SharePoint challenges and solutions."
Download it now to read this article plus other related content.
SharePoint is generally considered a robust platform for collaboration. However, like any complex tool, there can be challenges for those who work with it and manage it.
Below is a list of five common SharePoint challenges and various approaches to overcome them. Keep in mind that your top five may be different than what’s been presented here.
1. Consume SharePoint RSS feeds inside of SharePoint
Microsoft has provided SharePoint with an out-of-the-box RSS Reader Web part. This Web part natively allows you to include external RSS feeds, such as Google News in your SharePoint site. Unfortunately, because many SharePoint sites require authentication, the out-of the-box RSS Web part is not compatible with SharePoint RSS feeds unless you have Kerberos implemented in your organization.
To solve this problem, you can use one of the two methods listed below. Keep in mind that even though I am mentioning these tools, I am not necessarily endorsing them.
- Enable anonymous access for the lists you want to distribute via RSS. This may be an option for non-secure content within your intranet and will enable the out-of-the-box Web part to consume and display the feeds.
- If enabling anonymous access isn’t an option, you can leverage one of a few open source or free Web parts. Here are some examples:
2. Double authentication prompts in Office or Internet Explorer
If you’ve ever been prompted more than once to enter your credentials when trying to download or update a document inside of SharePoint, you’re familiar with this challenge. Interestingly, Microsoft states that this “problem” is “by design.” In other words, the second authentication you might receive while retrieving a document in Microsoft Office—or any other application—even after you authenticated in Internet Explorer is on purpose.
The root of the problem is security context. When you authenticate in Internet Explorer, you are
providing your credentials within the context of a single application—namely Internet
When you click on a document and Word appears, you’ve just created another security context. When Word tries to open the document over WebDav, it needs credentials and will prompt you again. To fix this problem, do one of the following:
- Implement Kerberos in your environment.
- Require all PCs participating in a SharePoint site to be on the same domain and all users in the same Active Directory domain as SharePoint.
- Ensure that there aren’t any network devices, like firewalls or proxy servers, stripping off the authentication information from the network communications between your PC and the SharePoint server.
3. Enabling forms-based and Windows authentication for the same site
Often you need to allow two different communities of users to access your SharePoint. However, not all of the users will have identities in your Active Directory. The solution? Use forms-based authentication for external users and Windows authentication for your internal users. To enable both authentication types, follow these steps:
- Create your primary SharePoint application in Central Administration using the Create option for applications. When creating your new application, enter a unique host header to differentiate this application like: internal.companyname.com.
- Create your root site collection in the newly created SharePoint application.
- Create a new SharePoint application using the EXTEND option for creating new applications. For this new collection, select your previously created application, but supply a unique host header like: external.companyname.com.
- Open up Windows Explorer and navigate to the directory for the new application and edit the web.config. Add the updates from the Microsoft SharePoint Team Blog to the <system.web> section.
- Go to the Application Management section of Central Administration and click on Authentication Providers.
- Select the primary SharePoint application you created in Step One.
- Click on the secondary application from the list of applications.
- Select Forms authentication.
- Provide the name of the Membership provider and Role provider you configured in Step Four.
- Navigate to Alternate Access Mappings in the Operations tab of Central Administration.
- Ensure that there are two entries for the new application you created in
- Default Zone:
- Extranet Zone:
- Default Zone:
Remember, you must create a .NET membership database in your SQL Server using the .NET utility on your SQL Server: aspnet_regsql.exe -E –S local host -A m. For more information, go to the MSDN Patterns and Practices page.
4. Access denied for portions of central administration
Many SharePoint administrators have navigated to their SharePoint environment’s Central Administration site and then have only been able to access certain portions of the site. Interestingly, global Central Administration rights are not automatically granted to all users, let alone administrators of the SharePoint servers. To ensure you don’t receive an “access denied” message, check out the following:
- Central Administration, along with Shared Services, are separate site collections and potentially separate applications from your main applications. You must have both permissions to the application and be a Site Collection Administrator for all collections to access the functionality.
- Even if you have access to Shared Services, portions of Shared Services require additional permissions. Click on the Personalization Services Permissions in the User Profiles and Properties section to ensure the user ID has all permissions listed.
- Change permissions in Central Administration through the Application Management tab (SharePoint Site Management). Following those steps should eliminate most permission challenges in accessing Central Administration.
5. Enabling SSL certificated on SharePoint
Enabling SSL on SharePoint does not really take much more than enabling SSL on any other ordinary website on IIS. If you need to enable SSL, just follow these simple steps:
- Generate the certificate request with your preferred certificate authority (CA).
- Follow the CA’s instructions for downloading your new certificate.
- Complete the certificate installation on your IIS server for the website where you want to apply the certificate.
- Ensure the site is set up to accept traffic over the 443 port by modifying the website settings through the IIS MMC.
- Navigate to your SharePoint farm’s Central Administration.
- Choose the Operations tab.
- Click on Alternate Access Mappings from the list of options in the Global Configuration section.
- Click EDIT PUBLIC URLs.
- Type in the fully qualified URL to your site, being sure to specify HTTPS:// before the address in the CUSTOM zone text box, although you could also use any open zone.
- Click OK.
About the Author
Shawn Shell is the founder of Consejo Inc., a consultancy based in Chicago that specializes in Web-based applications, employee and partner portals as well as enterprise content management solutions. He has spent more than 20 years in IT, with the last 10 focused on content technologies. Shell is also author of Microsoft Content Management Server2002: A Complete Guide (Addison-Wesley), and he is the lead analyst/author on the CMSWatch SharePoint Report.
This was first published in October 2009