Wednesday, January 28, 2009

Custom Smart Card Authentication and SharePoint

One of the great new features of SharePoint 2007 was the ability to utilize multiple means of user authentication: Active Directory, LDAP, SQL, and more. This is nothing new, and since the advent of MOSS 2007/WSS 3.0 the use of non-AD authentication via Membership Providers has been well documented.

What if you need to use PKI (Public Key Infrastructure) certificates and/or Smart Cards (like Common Access Cards, aka CAC)? There are a few ways to do this, depending on how the user certificates need to map to your account store. If you use Active Directory, there are built in ways to map certificates to users and have IIS handle the handshake. Or you can use a third-party system or SSO. This assumes you have a defined user directory and pre-defined certificate mappings.

But what if you need to accept PKI/Smart Cards, but do not have a master user directory (AD, LDAP) of everyone who will attempt to access the site?

The Concept:
  • Use a custom ASP.NET Membership provider to accept and read PKI certificates (using IIS)
  • Create and login to a NEW account (AD, LDAP, SQL)
  • Forward the user to the SharePoint site.
Very similar to this idea from Adam Buenz.

Easy? We shall see.

Monday, January 12, 2009

Opening PowerPoint Slideshows

Scenario: Users want to store files in SharePoint and open them from another website. The users are on a network with Internet Explorer (IE) 6 or 7 and Office 2007. This should not be an issue.

However, files of type .pps (PowerPoint slideshows) were opening in a undesirable manner.

Instead of opening in full-screen slideshow mode, the PPS files were opening in Edit mode inside of PowerPoint.

After doing a bit of research and testing, I believe this is the only solution that will allow PPS files to open in slideshow mode when using Internet Explorer and Office 2007. This site talks about it too. In a nutshell, it requires a client side configuration. Nothing on the server side can do the trick if the user is on Internet Explorer and Office 2007. It's not even an issue with SharePoint. It happens on non-SharePoint sites too.

This solution references this Microsoft KB article:

Basically, each computer needs to have its registry changed:

  1. Start Registry Editor (Regedt32.exe).
  2. Locate and click the following key in the registry:
  3. Edit or add the following registry value:
    Value name: BrowserFlags
    Data type: REG_DWORD
    Radix: click Hexadecimal
    Value data: (see below)

It appears that Office 2007 changes the default value to "a", which means PPS files open in Edit mode. You can change the value to 8 (open in a new window in show mode) or 0 (open in the browser window in show mode), but this is a local computer change that would need to be done on each PC. Not realistic. :-(

Accessing the files in Firefox works fine: PPS files open as slide shows, no problem.