SharePoint 2013 App: Handling App Install, Un-Install retry mechanism

Building SharePoint provider hosted apps we often come across scenario which require to provision SharePoint artefacts to host web and clean up once app is un-installed, obvious choice is to go with App events. I'm not going to bore your with how to create it there are tons of documentation available out there. Before we talk about "retry mechanism" let's do a quick re-cap so that we all are on same page.

App Event Receivers are implemented as WCF service deployed to remote web-application (ASP.NET MVC/Forms) which are called by SharePoint when app is installed/un-installed/upgraded. Imagine you have to provision quite a lot of artefacts perform certain validations this is quite a bit of task, and remember we are communicating back to SharePoint Host Web using Managed Client Object Model which is again a REST call under the hood, so all operations are happening asynchronously.

You implement all the logic and configure required permissions for App to create artefacts on Host Web while debugging App Installation you notice that App Install event is called repeatedly and it again attempts to create the same artefact you already created, don't think that you forgot to configure you app properly or your app install event is behaving in weird fashion, its actually by design (read: Installing apps for SharePoint : Notes Section)

Note

Sometimes a temporary loss of a network connection can block installation. If installation fails for any reason, the installation infrastructure will retry three times. If it does not succeed, an indication of the failure appears in the UI. Users can retry the installation later.

 

Cool, now that you know the reason behind "retry" let's discuss the probable solutions to handle this. The obvious way would be to keep a track of installation/un-install progress is to make use of persisted store and check the next time the "Installation Infrastructure retries". Let's explore the options for persisted store.

1. App Web Property Bag
   
2. List
   
3. Cache
   
4. SQL Store
   
5. File System
   

App Web property bag is a decent store, since during install event you have access to App Web Property bag (note: you cannot make changes to host web property bag (Tried With SiteCollection Manged rights)), this is still decent but not optimal as you have to make additional REST call to App Web which to perform CRUD operation on Web Property bag. This technique works fine when you work with Install Event, but as you apply the same technique to Un-Install event your code will *break* because by design when the app is removed it deletes the associated App Web and hence you don't have the App Web Property Bag to store the un-install progress information.

So what next, SharePoint List is again a decent option but it has to be on Host Web and will not be fast and high performing.

As we talk about performance "Caching" comes to our mind, but before you start using your favourite search engine, please read (Caching Support for WCF Web HTTP Services). I attempted to configure the Basic Web Http Service Caching and I was not able to deploy my App. So I had to rule out this option and had to fall back on App Web Property Bag, but was a partial implementation.

Later I thought of configuring external Caching and utilize Azure Managed Cache Service this gives a flexibility to come around the situation to Configure my WCF service for Caching and utilize external store. By this mechanism I was able to properly keep track progress of Install/Un-Install events.

Azure Managed Cache Service is great, but I wanted something really simple coz I don't need a full blown distributed caching service just to keep progress!!!!

This is great but my quest for making it lighter and configuration free made me to look out for another optimized cache store, and finally my search ended at "ObjectCache and MemoryCache" these master pieces resides in "System.Runtime.Caching.dll" a quick note below (taken from links)

 

Note

The MemoryCache class is similar to the ASP.NET Cache class. The MemoryCache class has many properties and methods for accessing the cache that will be familiar to you if you have used the ASP.NET Cache class. The main differences between the Cache and MemoryCache classes are that the MemoryCache class has been changed to make it usable by .NET Framework applications that are not ASP.NET applications. For example, the MemoryCacheclass has no dependencies on the System.Web assembly. Another difference is that you can create multiple instances of the MemoryCache class for use in the same application and in the same AppDomain instance.

 

System.Runtime.Caching.dll allows you to cache across all .Net apps, not just the IIS worker process.The highlighted point gave me a hint and I thought of trying it out and guess what it worked flawlessly it was eureka moment for me trust me.I did bit more study as I didn't new much about it and found it is quite performing (StackOverflow: here, here).

So the ultimate winner is "MemoryCache".

Stay tuned, I'll shortly post the link to a sample code, but its cake walk just use your favourite search engine and you should be good to go.

A quick one: http://www.allinsight.de/caching-objects-in-net-with-memorycache/

I didn't get any post talking about the retry mechanism so thought of putting it up. This is one of the problem to solve during SharePoint App Development.

Thanks for being so patience as it was quite a theoretical article.

If you have any comment, reach me at @AkhileshN

Thanks

/a/

 

SharePoint 2013: Require JS + SharePoint Hosted Apps

During my early days I was bit scared writing JavaScript applications since I was so use to C# that I always try to find similar feature or offerings in JavaScript, I must say it took me sometime to really grasp the concepts because there are different ways to do a single task e.g. creating an object. I wanted to apply the basic principles of SOLID and found myself nowhere near to adhering to it.

SOLID:

Single responsibility (SRP)

Open Close (OCP)

Liskov substitution principle (LSP)

Interface segregation principle (ISP)

Dependency inversion principle (DIP)

 
Well I'm too young in JavaScript still to apply all the principles but have at-least I now able to partially apply SRP, DIP up to a certain extent.
Mostly I've seen in SharePoint Hosted apps developers writing a big fat JavaScript file which contains all the business logic and it becomes hard to read and debug (really I mean it).
Modular programming helps a lot here but to achieve one must need to understand modules (class) and how they can be defined in JavaScript, splitting your logic in modules certainly helps you to achieve SRP but that still doesn't solves the root problem as you are still loading the entire module at once which doesn't gives you much benefit in terms of performance. Well loading individual modules can be loaded but you need a solution, and the answer to that is Require.JS, it's an AMD (Asynchronous Module Definition implementation)
Well if you are SharePoint developer then you'll argue that why we need another framework for loading individual module which is already provided by SharePoint via SP.SOD (Script on Demand).
A quick comparison between both approaches

Require JS	SOD (Script On Demand)
Highly Configurable	No Configurations
Support to External Libraries	No Exports for External Libraries
Inject, Exports, Shim	No exports or injection support (natively loads the plugin)
Cleaner Dependency construct and resolution	Complex construct to write dependencies within external libraries

 
I won't go in detail of how to setup require.js the documentation is itself self-explanatory trust me It took me a while to get this up but now it's a piece of cake !!!
I'll talk about some important part of the configuration which is required so that a SharePoint developer can leverage functionality and get benefitted from best of both worlds
The key aspect in require.js is configuration which is very powerful important attribute

 


 
Above is my simple configuration for require.js 

Please focus on deps and paths property

#1 Paths : The SharePoint JSOM runtime and main js to be loaded.
#2 Deps : Deps setting causes the runtime and sp.js file to be loaded before any module is loaded, thus making required core and necessary classes available for developer to program.

 

The Module

I've created two module which fetches the current user display name from web and user profile

// Module for Web

 

 

// Module for User Profile

User Profile Code : http://www.vrdmn.com/2013/02/sharepoint-2013-working-with-user.html @vrdmn

 


 

 

The Start-up Module

SP.SOD.loadMultiple(['sp.js', 'userprofile'], ShowUserName);

#1 The responsibility of ensuring that sp.js and sp.userprofile.js has been loaded is delegated to native SharePoint SOD module, the trick is to use SP.SOD.loadMultiple() which loads multiple modules and triggers the final function to be loaded.
Note: Here you can see the difference in the way require.js works and SOD works, require.js injects the dependencies as a parameters and SOD doesn't which gives more clear understanding of what to expect.


I've already published the sample at github: https://github.com/akhileshnirapure/sp_hosted_app_requirejs

Feel free to fork and if you have any question the reach me at Twitter: @AkhileshN

Thanks

Akhilesh Nirapure

SharePoint 2013 Client Side People Picker + SharePoint Hosted Apps + Knockout

It’s been quite a while playing with knockout, and trust me a great learning, every framework especially JavaScript has a stiff learning curve so as with knockout. Working on SharePoint Hosted App came across a valid use case of having a people picker to be part of application, integrating it using jQuery and as per Microsoft’s guideline it’s a cake walk (here). Well as I mentioned using with knockout was a bit of challenge, dealing with some really simple requirement can be scary sometime. So let’s look at it.

Requirement: User should be able to lookup user and also the control should be pre-populated initially if data exists.

Well I’m not going to go in details every bits of the code, I assume you already have some idea about how knockout works if not then a good starting point knockoutjs.com.

Okay enough talk, in a nut shell what you need is a custom binding handler to work with.

Before we get started, just a quick note, there is no one-size which fits all so the code which I’m going to show you will not suffice all the requirement, so my suggestion get inspiration and tweak as you need J

ko.bindingHandlers.kopeoplepicker = {
        init: function (element, valueAccessor, allBindingsAccessor) {
 
            var schema = {};
            schema['PrincipalAccountType'] = 'User';
            schema['SearchPrincipalSource'] = 15;
            schema['ShowUserPresence'] = true;
            schema['ResolvePrincipalSource'] = 15;
            schema['AllowEmailAddresses'] = true;
            schema['AllowMultipleValues'] = false;
            schema['MaximumEntitySuggestions'] = 50;
            schema['Width'] = '280px';
            schema["OnUserResolvedClientScript"] = function (elemId, userKeys) {
                //  get reference of People Picker Control
                var pickerElement = SPClientPeoplePicker.SPClientPeoplePickerDict[elemId];
                var observable = valueAccessor();
                observable(pickerElement.GetControlValueAsJSObject()[0]);
                console.log(JSON.stringify(pickerElement.GetControlValueAsJSObject()[0]));
            };
 
            //  TODO: You can provide schema settings as options
            var mergedOptions = allBindingsAccessor().options || schema;
 
            //  Initialize the Control, MS enforces to pass the Element ID hence we need to provide 
            //  ID to our element, no other options
            this.SPClientPeoplePicker_InitStandaloneControlWrapper(element.id, null, mergedOptions);
 
            //  Force to Ensure User
            var userValue = ko.utils.unwrapObservable(valueAccessor());
            var pickerControl = SPClientPeoplePicker.SPClientPeoplePickerDict[element.id + "_TopSpan"];
            var editId = "#" + pickerControl.EditorElementId;
            jQuery(editId).val(userValue);
 
            // Resolve the User
            pickerControl.AddUnresolvedUserFromEditor(true);
            
        }
    };

Microsoft’s Client Side People picker relies heavily on ID of element for the implementation of its controls (editor, hidden fields, etc.) so we have to work with it in our custom binding handler I wanted to highlight this point because most of the examples you see with KO is able to work with the element property itself)

#1 here we are initializing the People Picker Control.

 

#2 here we are looking for People Picker control using a special suffix which helps us in grabbing the control and then finding out the Editor element id (which actually has the value) and then making use of AddUnresolvedUserFromEditor(true) to resolve the user passed in a value. E.g. akhilesh.nirapure@zevenseas.com.

 

#3 here I’m providing my own implementation of what to do when we have a resolved user (from server) by using “OnUserResolvedClientScript” event. Again we here need to make use of People Picker control (we have to again find out by its id) and make use of GetControlValueAsJSObject() method which gets us the result as JSON.

 

Well the above implementation is not full blown code with exceptional handling it can be used as a reference point of how we can work with various event.

 

I’ve uploaded my sample code on GitHub (https://github.com/akhileshnirapure/sp13peoplepickerko) please feel free to fork it and extend it as you want.

 

Akhilesh Nirapure (@AkhileshN)

Specification Pattern & Client Object Model in SharePoint 2013

 

Hi, well if you guys are really wondering what does this mean and what problem it solves, let checkout the Google’s definition of it what it says

 

But still you must be thinking as to where does this fits in our day to day work?

All business problem comes with a detailed specification, but when we have to translate that into code, we often don’t do a good job in crafting them, we tend to ignore a repetitive pattern which can solve handling such specification in much nicer and cleaner way.

Let’s take a simple example,

We have a requirement where we need to verify if a List has following property set Title, Description

At simplest we would write a simple query

 

…..

Context _context = new Context(“Your_SharePoint_Site_Url”)

var result = _context.LoadQuery(_context.Web.Lists.Where(p=>p.Title == “SomeTitle”);

_context.ExecuteQuery();

 

well next day the requirement changes and you’ve been asked to write the similar condition for another module in project, what would u do, go and write a utility class copying over the above code and what !!! job done .

and now you again get a requirement to validate Description property of the List, what would you do, simple copy over the function written in utility class change the where clause and you are done. Smart right? Well yes it really depends on the demand of situation how clean you really want the code.

According to me you are violating following principle from SOLID, like Single responsibility principle, Open Close Principle.

So how can we write the above specification so that we don’t violate SRP and OCP. Well the answer is Specification Pattern

Enough talk let get to code

We define abstract specification class with an abstract method

 public abstract class SpecificationBase<TEntity>
 {
        public abstract Expression<Func<TEntity, bool>> Predicate { get; }           
 }

Next we define concrete implementation of specification to which has single responsibility of defining the condition of one business problem.

public class ByListTitle : SpecificationBase<List>
{
        private readonly string _title;

        public ByListTitle(string title)
        {
            _title = title;
        }

        public override Expression<Func<List, bool>> Predicate
        {
            get
            {
                return p => p.Title == _title;
            }
        }
}

Thus now we have a single class which know how to handle a where condition to find title.

Note this is very simple example, think of situation where your business requirement demands to get its data from various sources, so this class can explicitly request that dependencies for the condition to be formulated.

Lets go back and change our initial code to work with the specification pattern.

 

var titleSpecification = new ByListTitle();

var result = _context.LoadQuery(_context.Web.Lists.Where(new ByListTitle("Class").Predicate));

_context.ExecuteQuery();

 

Note the above highlighted lines this is what usually your Where Clause takes a predicate.

 

Cool, well we haven’t done anything fancy here finding a title by explicitly writing additional classes makes no sense, but i just want to remind you this is just a very simplistic example, but the concept can be equally applied with similar codebase to any such business validation component.

 

Let say now we again got requirement to build a complex logic (calling a web-service and some additional regular expression classes) to validate the Description of the List and at the same time we would need to validate the Title. So what’s your take now, will you still say this is easy? i don’t think so, i think you’ll end up cluttering your code with all the logic required to make web-service call and calling the Regx utility.

Indeed, we must strive to stick to SRP and OCP and would not again want to violate such principle. So what would we do, create another specification class this now adheres to SRP and OCP.

public class ByListDescription : SpecificationBase<List>
    {
        private readonly string _description;

        public ByListDescription(string description)
        {
            _description = description;
        }

        public override Expression<Func<List, bool>> Predicate
        {
            get
            {
                //  Code to Call WebService 
                //  Code to call RegX Utility
                return p => p.Description == _description;
            }
        }
    }

Now its so easy to add the code logic of calling web-service call and regx utility without cluttering up the code.

But wait we haven’t finished its just one part of requirement covered, we also wanted to combine both the specifications so that 

we can validate both Title and Description at the same time.

Which essentially means we need to supply some kind of “And” logic here. Not to worry you don’t have to write additional code to set it up.

there is already a Predicate Builder present which can simplify and make your life easier 

So how does our code now look like

var predicates = PredicateBuilder.True<List>();
predicates = predicates.And(new ByListTitle("SomeTitle").Predicate)
                       .And(new ByListDescription("Some Des").Predicate);

_context.LoadQuery(_context.Web.Lists.Where(predicates));

_context.ExecuteQuery();

Let me take some time to explain the above code using PredicateBuilder

with predicate builder, if you want to build “And” condition then you would need to specify the object, with True extension which in our case “List”. and then wire-up the predicates (i.e. specifications) with “And” extension. which builds a predicate chain.

That’s it, now you have written a clean code adhering to SOLID principle and testable, extensible and maintainable code.

Any new specification can be easily handled just by adding a new class and you are good to go.

 

One more additional helper method if you would like to build such numerous predicates then you can make use of a simple method which can allow you to aggregate all the specifications.

protected bool Validate(params SpecificationBase<T>[] specificationsBase)
{
            var pred = PredicateBuilder.True<T>();
            pred = specificationsBase.Aggregate(pred, (current, specificationBase) => current.And(specificationBase.Predicate));
            var result = _context.LoadQuery(_objectCollection.Where(pred));
            _context.ExecuteQuery();
            return result != null && result.Count() == 1;
}

Thanks

Akhilesh Nirapure

SharePoint 2013: SharePoint:AspMenu Styling (Quick Guide)

Quick note on how would you provide custom css to your Global Navigation in SharePoint 2013

You need to set following properties to provide custom CSS to Menu Item otherwise they won’t be picked up by SharePoint ASP Menu Control

1. UseSimpleRendering = False

2. RenderingMode = List

and then for your SharePoint AspMenu should look something like this

<SharePoint:AspMenu 
    runat="server" UseSeparateCss="false" 
    AdjustForShowStartingNode="False" StaticDisplayLevels="2" 
    AccessKey="1" SkipLinkText="" EnableViewState="False" 
    MaximumDynamicDisplayLevels="0"  
    DataSourceID="topSiteMap" Orientation="Horizontal" 
    RenderingMode="List" 
    UseSimpleRendering="False"
    ID="TopNavigationMenu">

      <StaticMenuItemStyle CssClass="custom_class_1" />
      <StaticSelectedStyle CssClass="custom_class_2" />

</SharePoint:AspMenu>

Also if you want more control over how your Global Navigation should render then make use use of 

1. <DynamicItemTemplate></DynamicItemTemplate>
2. <StaticItemTemplate></StaticItemTemplate>

 

Example

 <SharePoint:AspMenu 
    runat="server" UseSeparateCss="false" 
    AdjustForShowStartingNode="False" StaticDisplayLevels="2" 
    AccessKey="1" SkipLinkText="" EnableViewState="False" 
    MaximumDynamicDisplayLevels="0"  
    DataSourceID="topSiteMap" Orientation="Horizontal" 
    RenderingMode="List" 
    UseSimpleRendering="False"
    ID="TopNavigationMenu">
    
    <StaticItemTemplate>
     <li class="someclass">
          <asp:HyperLink runat="Server" CssClass="SomeClass" ID="c_menuitem" NavigateUrl='<%# Eval("DataPath")%>' Text='<%# Eval("Text")%>' />
     </li>
    </StaticItemTemplate>
    
 </SharePoint:AspMenu>

 

Again if this doesn’t suits your requirement then get your navigation built using repeater control, Bhavin has an excellent example

 

http://sharepoint2010customnavigation.blogspot.in/

With repeaters you will need to enable code blocks for master-page, here is how you do it

 

http://blog.shutupandcode.net/?p=646

http://blog.technock.net/2013/03/code-blocks-are-not-allowed-in-this.html

 

Hope this Helps !!!

Akhilesh Nirapure

 

SharePoint 2013 : Service Account & Permissions required for Search Service Application

 

Following Least Privilege Principle, i always wanted to nail down on permissions required to setup, manage and administer SharePoint, recently working quite a lot on ensuring how important it is working with a close environment which mimics Production environment which makes you sleep as you code won’t fail in such environment as you already tested and built code to very similar environment.

There has been good documentation on setting up SharePoint environment with detail account permission on Servers and SQL Server

Account permissions and security settings in SharePoint 2013

I found it really hard to nail down for Search Service Application, People have done quite a lot work to get the PowerShell scripts to deploy different search topology but i couldn’t find one where they are talking about very specific permissions required.

So i just wanted to document what I've experienced and got the search service application working without issues.

I already have my SharePoint Farm Build with best Practice and followed Least Privilege Principle.

Note: As per Microsoft documentation the Farm Account doesn’t need to be a local administrator, but it is required when you need to perform User Profile Synchronization. With such exception I’ve tried to get very similar workaround working for search. I’m going to setup default search topology as this is my development environment but still wanted to keep it inline with Least Privilege Principle.

Current environment

DC Server : Windows 2012, Hosting Active Directory Domain Service, DNS

APP Server : Windows 2012, SharePoint 2013, SQL Server 2012, all the service Applications.

For search Service Application, i created following Accounts and added them as Managed account.

ACCOUNT	Comments
WS_SEARCH_CRAWL	Windows Service OSearch15 / SharePoint Server Search 15
WS_SEARCH_HC	Windows Service SPSearchHostController / SharePoint Search Host Controller
AP_SEARCH_QSS	App pool for Query Site and Settings Web Service
AP_SEARCH_AWS	App pool for Search Admin Web Service
SP_SEARCH_DC	Service Account for Default Content Access

I like prefixing the accounts for what they are used for

Following is the step i performed for setting up Search Service Application.

1. Logged in as Farm account, note: my farm account is added to local admin group as it is needed for profile synchronization.

2. Assigned

WS_SEARCH_HC to Windows Service - Search Host Controller Service

WS_SEARCH_CRAWL to Windows Service - SharePoint Server Search

CA—> Security –> Configure Managed Accounts.

3. Started following services from

CA –> System Settings –> Mange Services on Server

Search Host Controller Service

Search Query and Site Settings Service

SharePoint Server Search

4. Created Search Service Application and assigned respective service accounts (domain accounts) as below.

Search Service Account : WS_SEARCH_CRAWL

Application Pool for Search Admin Web Service : AP_SEARCH_AWS

Application Pool for Search Query and Site Settings Web Service : AP_SEARCH_QSS

5. Restarted my App Server.

6. Started getting error in log as access denied for Search Host controller not able to access Search_Service_Application_DB_{guid} so explicitly added the login rights for WS_SEARCH_HC –> Search_Service_Application_DB_{guid} and also gave SPSearchDBAdmin role

7. Restarted the server again to ensure things are smooth, again got errors, and it happened to be WS_SEARCH_CRAWL account doesn’t have SPSearchDBAdmin role on all the four search database, so gave/added the role.

8. Again started getting error in ULS log which was not quire really sure why but was related to gatherer and this was only solved by giving WS_SEARCH_CRAWL Account giving Local Admin access. Note once you give local admin rights to any account you need to restart/log-in/log-off once to take it into affect, so i again i restarted.

9. Well till now i was not getting any error in my ULS log, so i thought of changing my default content access account to SP_SEARCH_DC from WS_SEARCH_CRAWL which has higher rights now.

10. slowly after sometime i started getting error in ULS where the WS_SEARCH_HC service was not able to login on Search_Service_Application_DB_{GUID} which i gave along with SPSearchDBAdmin role.

11. I also need to give WS_SEARCH_HC permission on Search_Service_Application_LinksStore_{guid} with SPSearchDBAdmin role.

12. Again i restarted, and did a full crawl i don’t see a single error in my event log and search is working absolutely fine.

Hope to get more granular permission details from MS Documentations with proper justification soon so that should fix this workaround.

Thanks

Akhilesh

 

SharePoint Hosted App, App Part, Document Library Upload.aspx / EditForm.aspx and “X-Frame-Options”

 

Before we drill and talk further would like to take sometime to explain different pieces in the topic. Lets first look at X-Frame-Options.

X-Frame-Options : In a simplest way this is a response header which tells browser (client) that the Website doesn’t want its page (which is currently being accessed) to be shown in a IFrame so as to prevent Clickjacking (Wikipedia : http://en.wikipedia.org/wiki/Clickjacking).

So how do X-Frame-Options related to SharePoint App’s. Well every app developer in SharePoint 2013 is now familiar with the App Model Concept, it has its own App Web and isolated domain which is different then Hosting Web.

To enhance security in SharePoint 2013 by default the “X-Frame-Options” header is sent back with response If you open up SPRequestModule in your fav decompiler you’ll find below statement written in PreSendRequestHeaders method, which gets added to every response if the AllowFraming Flag is not found in the current context items collection.

   1:  if (!httpContext.Items.Contains(SPRequestModule.AllowFramingFlag) && SPRequestModule.ContextCompatibilityLevel != 14)

   2:                         

   3:   {

   4:                              

   5:     httpContext.Response.AddHeader("X-FRAME-OPTIONS", "SAMEORIGIN");

   6:                          

   7:   }

Wait a minute what does that mean, so can we override this and make these line skip for those pages which explicitly marks and request for exception? yes this can be done simply by adding AllowFraming WebPart on to the page which you want to be able to be accessed from within IFrame.

"AllowFraming” Webpart does nothing but adds a simple statement in on load.

protected override void OnLoad(EventArgs e)

{

    base.OnLoad(e);

    if (this.Context != null && !this.Context.Items.Contains(SPRequestModule.AllowFramingFlag))

    {

        this.Context.Items.Add(SPRequestModule.AllowFramingFlag, "1");

    }

    if (this.Visible)

    {

        this.Visible = false;

    }

}

Consider a requirement, you have to upload a document to Document library which is in App, and this App is hosted in an App Part on some page, sound pretty simple.

Just as expected you’ll just point to upload.aspx page of App Document Library which will look something like http://your-fancy-appurl/SomeApp/Lists/Documents/Forms/Upload.aspx and using SP.UI.ModalDialog.showModalDialog you can open the page Upload page in SharePoint dialog box, but you’ll be presented with  annoying error message that you cannot do that it’s because of X-Frame-Options header instructed the browser to do so.

Load denied by X-Frame-Options: http://your-fancy-app-url/_layouts/15/Upload.aspx?List={guid}&IsDlg=1 does not permit cross-origin framing.

Take a pause and you’ll be thinking is where did that _layout/15/Upload.aspx page came in picture (this I’ll explain in later post) and what it has to do with X-Frame-Options.

Investigating further, I opened Upload.aspx under layouts folder and had a look if it has got AllowFraming webpart added to it or not, and i couldn’t locate so i added that entry manually and again gave a try and voila it worked !!!! because now the SPRequestModule –> X-Frame-Options won’t get executed. Next moving further after uploading document i was redirected to EditForm.aspx and i was again shown the same error (highlighted above) but this time instead of Upload.aspx it was EditForm.aspx, so where do you find this now, its actually stored in DataBase and not in layouts which you can just go and make an entry and make it work.

Hold you horses dude, get back to basics, how does this EditForm.aspx gets created? If you look at the schema.xml file of document library the below section where it is all written

<Forms>

      <Form Type="DisplayForm" SetupPath="pages\form.aspx" Url="Forms/DispForm.aspx" WebPartZoneID="Main" />

      <Form Type="EditForm" SetupPath="pages\form.aspx" Url="Forms/EditForm.aspx" WebPartZoneID="Main" />

      <Form Type="NewForm" Url="Forms/Upload.aspx" WebPartZoneID="Main" />

</Forms>

These forms are generated based on forms.aspx a template page which is in pages folder under 15/Template. Well now i again had a look to form.aspx and i again couldn’t locate the AllowFraming webpart, so i added one there again. So in order to regenerate my EditForm.aspx from the same form.aspx i need to re-deploy my app and now everything worked in my App in an App Part.

But is it a good practice No !!!  you shouldn’t be modifying these pages to make these solution work, so what’s next

A more elegant approach would be to use HttpModule and trap BeginRequest Event and make it work.

   1:      public class ZSFramingModule : IHttpModule

   2:      {

   3:          public void Dispose()

   4:          {

   5:          }

   6:   

   7:          public void Init(HttpApplication context)

   8:          {

   9:             context.BeginRequest += OnBeginRequest;

  10:              

  11:          }

  12:   

  13:          private void OnBeginRequest(object sender, EventArgs e)

  14:          {

  15:              HttpApplication l_application = (HttpApplication)sender;

  16:   

  17:              if (l_application.Request.Url.ToString().ToLower().Contains(@"/_layouts/15/upload.aspx")

  18:                                                  ||

  19:                  l_application.Request.Url.ToString().ToLower().Contains(@"editform.aspx"))

  20:              {

  21:                  HttpContext.Current.Items.Add("AllowFraming", "1");

  22:              }

  23:   

  24:          }

  25:      }

Hope this helps someone  

 

Happy SharePointing !!!