SPSecurityEventReceiver – The Missing Technical Reference

SPSecurityEventReceiver
Recently I needed to know a lot about SharePoint 2013′s SPSecurityEventReceiver, and the MSDN/TechNet information was sparse. So I did what any thorough (obsessive) developer would do and attached all the relevant methods to multiple SPobjects (SPSite, SPWeb, SPList) to see what happens; then I wrote this blog for future reference.

SPSecurityEventReceiver

“Provides methods to trap events that are raised for security. A customer security event receiver class must derive from this class and overrides the methods for the event types it handles.” – MSDN.

That’s all the explanation you get on MSDN. Clearly this does not do justice to the awesomeness of this Event Receiver. A more thorough description would be “[This Server Side and Remote Event Receiver] Provides methods [in 5 main categories: 1. Group Events, 2. User Events, 3. Inheritance Events, 4. Role Assignment Events, and 5. Role Definition Events] to trap events [Adding/Added/Updating/Updated/Deleting/Deleted/Breaking/Broken/Reset/Resetting] that are raised [at the Site Collection or Site level] for security.“.

When working with Event Receivers you need to know two things right up front: 1. What objects can you attach them to and 2. What exactly do they do. To answer the first question refer to the chart below. Through thorough testing (but by no means exhaustive) I have found this to only work on SPSite and SPWeb objects. Note: testing was only done via Server Side code in Farm Solutions. (If anyone can show more, please let me know!)

Role Definition Events fire when attached to SPWeb only when that object is the root web of a site collection.

The rest of this blog post answers the second question in detail. I have broken out the important methods into five groups/categories.

1. Group Events

  • SPSecurityEventReceiver.GroupAdded
  • SPSecurityEventReceiver.GroupAdding
  • SPSecurityEventReceiver.GroupDeleted
  • SPSecurityEventReceiver.GroupDeleting
  • SPSecurityEventReceiver.GroupUpdated
  • SPSecurityEventReceiver.GroupUpdating

Group Events only occur when you add, update, or delete groups at the site or site collection level from the master Groups list. This is not for events when you add/update/delete them from existing groups or from sites/lists directly. Those are covered via User Events and Role Assignment Events respectively. If you are using a site collection event receiver (SPSite) then anytime you update this list from any site or sub site this will fire. If you are using a site event receiver (SPWeb) then this will only fire if you navigated to this list via that site (even though it updates the same list). It does not fire if attached directly to a list (SPList) and I speculate this will be true for list items (SPListItem).

Click to enlarge.

To test the Group Events, navigate to the Site Settings page of the root site in the Site Collection then click the People and Groups link in the Users and Permissions section of links. From there click the Groups link in the left navigation menu. You can navigate there directly by using this link (_layouts/15/groups.aspx). On this page you can Add/Update/Delete groups which will cause the event receiver to fire.

2. User Events

  • SPSecurityEventReceiver.GroupUserAdded
  • SPSecurityEventReceiver.GroupUserAdding
  • SPSecurityEventReceiver.GroupUserDeleted
  • SPSecurityEventReceiver.GroupUserDeleting

User Events occur when you add or delete a SharePoint user or SharePoint group or Active Directory (AD) user or AD security group from an existing SharePoint group such as Owners, Members, or Visitors. This happens for all existing groups in the entire site collection (all sites and sub sites) whether local to one list or global to all. If you deploy at the SPWeb level then it will only fire for events on that site or sub site. It does not fire if attached directly to a list (SPList) and I speculate this will be true for list items (SPListItem).

Click to enlarge.

To test the Group User Events create a new group or navigate to another group contained within the People and Groups (Owners, Members, Visitors, etc.). Add or delete a user or group to/from this group and you will cause the event receiver to fire.

3. Inheritance Events

  • SPSecurityEventReceiver.InheritanceBreaking
  • SPSecurityEventReceiver.InheritanceBroken
  • SPSecurityEventReceiver.InheritanceReset
  • SPSecurityEventReceiver.InheritanceResetting

Inheritance Events occur when you break inheritance or reset inheritance (re-inherit) on lists, libraries, sites, etc. This works on at both the site collection level (SPSite) and site level (SPWeb). It does not fire if attached directly to a list (SPList) and I speculate this will be true for list items (SPListItem).

Click to enlarge.

To test the Inheritance Events create or navigate to a list or sub-site that inherits permissions from the parent site. Then simply navigate to the permissions page for the list from the list settings page and break (Stop inheriting Permissions) and reset (Delete unique permissions) inheritance.

4. Role Assignment Events

  • SPSecurityEventReceiver.RoleAssignmentAdded
  • SPSecurityEventReceiver.RoleAssignmentAdding
  • SPSecurityEventReceiver.RoleAssignmentDeleted
  • SPSecurityEventReceiver.RoleAssignmentDeleting

Once you break inheritance, for example on a site or list, Role Assignment Events occur when you add or delete users or groups directly via the permissions page for that site/list/etc. This works on at both the site collection level (SPSite) and site level (SPWeb). It does not fire if attached directly to a list (SPList) and I speculate this will be true for list items (SPListItem).

Click to enlarge.

To test Role Assignment Events use a list or site that you previously created and break permission inheritance. Then click Grant Permissions to add a user or group. You could also select an existing group and remove it (Remove User Permissions).

5. Role Definition Events

  • SPSecurityEventReceiver.RoleDefinitionAdded
  • SPSecurityEventReceiver.RoleDefinitionAdding
  • SPSecurityEventReceiver.RoleDefinitionDeleted
  • SPSecurityEventReceiver.RoleDefinitionDeleting
  • SPSecurityEventReceiver.RoleDefinitionUpdated
  • SPSecurityEventReceiver.RoleDefinitionUpdating

Role Definition Events occur when you add, update, or deleted Role Definitions such as Design, Contribute, or Read. These events only fire when attached at the site collection (SPSite) level or on the  on the root site of the site collection as a web (SPWeb) event receiver. It does not work for any sub site or non root site. Role Definition Events can not be fired from a sub site because these are inherited from the parent site; however, once inheritance is broken they can not be changed either. Also, it does not fire if attached directly to a list (SPList) and I speculate this will be true for list items (SPListItem).

Click to enlarge.

To test Role Definition Events navigate to the site collection settings page. Click Site permissions then click Permission Levels. On this page add/update/delete Role Definitions to fire the event receiver.

 

Please comment with any incorrect information or to provide updates. I will update this blog post as a reference. Thanks!

Tim Ferro

SharePoint Saturday DC Chevy Chase 2014

Click image for PowerPoint

Click image for PowerPoint

Visual Studio 2013 is a monumental leap forward for Microsoft development. There are so many useful enhancements and features that each could be their own session. This session will give an overview of the new features then focus on those related to Application Lifecycle Management, Mobile, Team Foundation Server 2013, and SharePoint. From project planning, to mobile testing, to inline enhancements from CodeLens, this session will show developers and team leads why Visual Studio 2013 is worth upgrading to immediately!

SharePoint 2013 New Event Receivers In A Nutshell

As a developer, knowing how to utilize event receivers is a must have skill in your toolbox. In SharePoint 2013 there were three major changes to Event Receivers and two minor ones. This blog post is an overview of what’s new.

The Evolution of SharePoint Event Receiver Type Enumeration

The chart below shows the progression of additions to the event receiver options in SharePoint. So far nothing has been deprecated, so each progressive release includes all the previous ones.

 

1. Remote Event Receivers
“Remote event receivers handle events that occur on an item in the app, such as a list, a list item, or a web. These events resemble those in a traditional SharePoint solution, except that they can work with the remote components of the app for SharePoint.” – http://msdn.microsoft.com/en-us/library/office/dn456315.aspx

Here are the key takeaways for remote events.

  • They can only handle a subset of events which have been traditionally available.
  • They are now available for Apps.
  • Because they call an external web service, they are only available in Auto-hosted and Provider-hosted Apps. They do not work with SharePoint-hosted Apps.

2. App Event Receiver
Now that you are familiar with Remote Events, we can now discuss App Events. These special events allow developers some control during the App lifecycle process. They are raised in the following three instances.

  1. After an App is installed.
  2. After an App is upgraded.
  3. While and App is uninstalling.

They are set in Visual Studio in the properties for the App, shown here.

Note:

 

3. Entity Instance Events
Basically this is an event receiver that gives you developer access to three events which occur when External Content Types (registered in BCS) are added, updated, or deleted. Unfortunately there is almost no information regarding this that I can find.

4. Security Event Receiver
I have briefly covered this topic before and now it is being discussed in the larger context of all the event receiver updates to SharePoint 2013. This server side only event receiver (SPSecurityEventReceiver) has received almost no fanfare since SharePoint 2013 was released. It can; however, be utilized in a variety of fashions that are extremely useful. The following are the list of events available to developers in the SPSecurityEventReceiver.

  • GroupAdded – Specifies an event that occurs after a security group is added.
  • GroupAdding – Specifies an event that occurs before a security group is added.
  • GroupDeleted – Specifies an event that occurs after a security group is deleted.
  • GroupDeleting – Specifies an event that occurs before a security group is deleted.
  • GroupUpdated – Specifies an event that occurs after a security group is updated.
  • GroupUpdating – Specifies an event that occurs before a security group is updated.
  • GroupUserAdded – Specifies an event that occurs after a user is added to a security group.
  • GroupUserAdding – Specifies an event that occurs before a user is added to a security group.
  • GroupUserDeleted – Specifies an event that occurs after a user is deleted from a security group.
  • GroupUserDeleting – Specifies an event that occurs before a user is deleted from a security group.
  • InheritanceBreaking – Specifies an event that occurs before an inheritance is broken.
  • InheritanceBroken – Specifies an event that occurs after an inheritance is broken.
  • InheritanceReset – Specifies an event that occurs after the role inheritance is restored.
  • InheritanceResetting – Specifies an event that occurs before the role inheritance is restored.
  • RoleAssignmentAdded – Specifies an event that occurs after a role assignment is added.
  • RoleAssignmentAdding – Specifies an event that occurs before a role assignment is added.
  • RoleAssignmentDeleted – Specifies an event that occurs after a role assignment is deleted.
  • RoleAssignmentDeleting – Specifies an event that occurs before a role assignment is deleted.
  • RoleDefinitionAdded – Specifies an event that occurs after a role definition is added.
  • RoleDefinitionAdding – Specifies an event that occurs before a role definition is added.
  • RoleDefinitionDeleted – Specifies an event that occurs after a role definition is deleted.
  • RoleDefinitionDeleting – Specifies an event that occurs before a role definition is deleted.
  • RoleDefinitionUpdated – Specifies an event that occurs after a role definition is updated.
  • RoleDefinitionUpdating – Specifies an event that occurs before a role definition is updated.

http://msdn.microsoft.com/en-us/library/sharepoint/microsoft.sharepoint.spsecurityeventreceiver_members.aspx

5. List Item Version Events
Lost in all this, is a small update to the SPItemEventReceiver class. There is now a way to handle events when an item or file version is deleted (ItemVersionDeleted) or is being deleted (ItemVersionDeleting). This can be helpful for records management or archival purposes.

Conclusion
The evolution of event receivers patterns the overall evolution of SharePoint itself. There are some “under the hood” (server side) enhancements but the biggest features are App related and cloud compatible. There are many positives to this evolution, my personal favorite is the emergence of the “bring your own web service” architecture. Please leave comments for discussion, any good links, or a reference for the Entity Instance events.

Tim Ferro

SharePoint 2013 SP1 Changelog

SharePoint 2013 SP1 Changelog (Source)

SharePoint 2817429​ Metadata is lost when documents that use a custom content type with a “Description” field are opened for editing.
SharePoint 2817429​ When an item is deleted, restored from recycle bin, and then deleted again, there is a primary key constraint error.
SharePoint 2817429​ An error occurs when files are moved between document libraries and the web time zone is behind that of the server.
SharePoint 2817429​ Metadata filtering at list level always lists all metadata terms.
SharePoint 2817429​ The hyperlink popup window drops the selected word to be linked when there is a delay of more than one second in opening the window.
SharePoint 2817429​ Multiple-column, SummaryLinkWebParts with a group heading style of “Separator” are rendered incorrectly.
SharePoint 2817429​ A hash tag that contains a full width space does not get created successfully.
SharePoint 2817429​ Search schema compression is now enabled by default to allow larger search schemas.
SharePoint 2817429​ Highlighting for FQL queries is now enabled for FQL as well as KQL.
SharePoint 2817429​ Opening a custom SharePoint list in datasheet view and applying multiple custom filters, where each filter has more than one condition, can result in an incomplete set of list items.
SharePoint 2817429​ When the “Export to Excel” button is clicked in a SharePoint document library that has the Content Type field displayed, the Content Type field does not appear in the Excel workbook.
SharePoint 2817429​ An error occurs after changing the “Manager” property in EditProfile.aspx page when the My Sites WebApp is not in the same farm as the UPA.
SharePoint 2817429​ SharePoint REST API does not return a well-defined error response for a duplicate key exception.
SharePoint 2817429​ Developers are unable to specify a Content Type ID when creating Content Types in the client object model.
SharePoint 2817429​ On list views in SharePoint sites, the Connect to Outlook button in the ribbon may be erroneously disabled.
SharePoint 2817429​ In some non-English languages of SharePoint, the text displayed in the callout UI for a document or list item, describing who last edited the item, may not be grammatically correct.
SharePoint 2817429​ Copy and Paste in a datasheet does not work correctly with Internet Explorer 11.
SharePoint 2817429​ Pages do not render in Safari for iPad when private browsing mode is used.
SharePoint 2817429​ When editing rich text fields in SharePoint, if the editing session exceeds 30 minutes, the edits may not be saved.
SharePoint 2817429​ An error that says “SCRIPT12004: An internal error occurred in the Microsoft Internet extensions” may occur intermittently when users visit their SkyDrive Pro or other pages on their personal site.
SharePoint 2817429​ InfoPath may crash when a form that points to a SharePoint list, with a lookup to another SharePoint list, is opened.
SharePoint 2817429​ An InfoPath form with extended characters in its name fails to open.
SharePoint 2817429​ An error that says “Security Validation for the form has timed out” may occur when an InfoPath form is digitally signed and hosted in a SharePoint site collection that uses the SharePoint version 2010 user experience.
SharePoint 2817429​  ”Show document icon” remains unchecked and the document icon does not show in Edit Properties for a list item.
SharePoint 2817429​ A “Failed tagging this page” error occurs when the “I like it” button is clicked.
SharePoint 2817429​ The wrong term is removed when manually editing a multi-valued taxonomy field.
SharePoint 2817429​ When tagging list items using a language that is different from the term store default language, suggestions for labels are offered in multiple languages. The suggestions appear confusing because both language suggestions are listed without any identification of the language.
SharePoint 2817429​ An error that says “There was an error processing this request” may appear when editing the user profile.
SharePoint 2817429​ Times are missing from Date/Time results in certain filtered list web service calls.
SharePoint 2817429​ Minimal and no metadata are now enabled as supported JSON formats.  
SharePoint 2817429​ Actions4 schema workflow actions can’t be deployed to SharePoint.
SharePoint 2817429​ Using Client Object Model, Stream.Seek() to seek to a particular position doesn’t seek at the proper offset.
SharePoint 2817429​ Refreshing a workflow status page generates the following error: “System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.”
SharePoint 2817429​ Setting custom, non-English outcomes in web pages on tasks in a workflow fails to set the value.
SharePoint 2817429​ Configurations of SharePoint using Azure Hybrid mode and Workflow Manager together can cause workflow callbacks to fail.
SharePoint 2817429​ Workflow task processes on wiki pages won’t start.
SharePoint 2817429​ Workflows won’t wait for changes to content approval status fields.
SharePoint 2817429​ E-mails generated by workflow cannot be disabled for approvals in SharePoint workflows.
SharePoint 2817429​ Workflows may fail to send an e-mail or send too many e-mails.
SharePoint 2817429​ Association variables do not update correctly for auto-start workflows.
SharePoint 2817429​ A KeyNotFoundException error may occur in a workflow when the associated task list uses unique permissions.
SharePoint 2817429​ Incomplete tasks are deleted when workflow task activities complete.
SharePoint 2817429​ Task activity is suspended when the task is completed using app-only credentials.
SharePoint 2817429​ An error that says “This task could not be updated at this time” occurs when trying to complete a workflow task using the “Open this task” button in Outlook.
SharePoint 2817429​ A workflow doesn’t respond properly when waiting for changes in specific types of list columns, such as Boolean, Date Time, and User.

Tim Ferro

Booz Allen Insights: Geolocation White Paper Released

By Walton Smith and Tim Ferro

By Walton Smith and Tim Ferro

Now officially on the Booz Allen website in the Ideas and Insights section, I am the most recent published white paper! Check out the Latest Insights section!

This whitepaper addresses integrating geo-location services with the SharePoint platform to provide visualizations based on information housed within a SharePoint system.

Tim Ferro

Microsoft Releases Visual Studio 2013 Update 1

VS2013U1

On January 20th, Microsoft released Update 1 for Visual Studio 2013. It is mainly minor updates and bug fixes with no update to TFS (Full details here). According to Somasegar (Corporate Vice President of the Developer Division at Microsoft):

This is a targeted update, addressing some key areas of customer feedback since the Visual Studio 2013 release. For example, we heard your feedback about running Visual Studio in environments without IE10+, and have made several improvements to this experience in Update 1.

So what about TFS and Update 2? According to Brian Harry, Microsoft Technical Fellow working as the Product Unit Manager for Team Foundation Server:

Update 2 is very close behind Update 1 and there will be a new version of TFS released for Update 2.

He went on to say:

We’re just wrapping up feature work on Update 2 this week and will soon be releasing our first CTP. We’re just beginning the process of polishing, bug fixing, etc. to release a solid Update.

So what is coming out with Update 2? Brian gave a sneak peek at that as well saying:

Our two biggest areas of investment in this release (2013.2) have been Agile Project Management (and general work tracking) and the next increment of Git tooling.

There you go developers! All the latest regarding Visual Studio 2013 Update 1 and 2

Tim Ferro

CapArea .Net SharePoint SIG 2014 – Visual Studio 2013 for ALM and SharePoint

VS_ALM_SP

Click image for PowerPoint

Visual Studio 2013 is a monumental leap forward for Microsoft development. There are so many useful enhancements and features that each could be their own session. This session will give an overview of the new features then focus on those related to Application Lifecycle Management, Mobile, Team Foundation Server 2013, and SharePoint. From project planning, to mobile testing, to inline enhancements from CodeLens, this session will show developers and team leads why Visual Studio 2013 is worth upgrading to immediately!

SPSVB 2014 – Visual Studio 2013 for ALM and SharePoint

VS2013_ALM_SharePoint_SPSVB

Click image for PowerPoint

Visual Studio 2013 is a monumental leap forward for Microsoft development. There are so many useful enhancements and features that each could be their own session. This session will give an overview of the new features then focus on those related to Application Lifecycle Management, Mobile, Team Foundation Server 2013, and SharePoint. From project planning, to mobile testing, to inline enhancements from CodeLens, this session will show developers and team leads why Visual Studio 2013 is worth upgrading to immediately!

IT Predictions for 2014

Below are my three IT predictions for 2014. Please comment with your thoughts on them!

Refocus on SharePoint On-Premise
Rising from the ashes like a Phoenix, SharePoint On-Prem will reemerge in 2014 with renewed focus and an announcement of the next version from Microsoft. Main reasons include: distrust of cloud (thanks NSA), failure to catch on in government space, and complex custom solutions with local infrastructure connections.

DevOps Rises then Plateaus
I really like the technologies and capabilities surrounding DevOps these days. I think that it will continue to gain momentum in 2014 but then plateau off because a lot of organizations are not ready for continuous updates. Places where uptime and stability are paramount will not fully embrace this. They will benefit from all the new enhancements supporting DevOps but will land somewhere between Agile and DevOps. I’m calling this Enterprise DevOps (blog to follow).

Big Data Analytics Dashboards
Here is a massive growth area that I have had on my backlog to explore. Big Data is now mainstream and catching on more and more. The next step is to easily get data out to decision makers. APIs for both .Net code and JavaScript need to be enhanced for easy dashboading of this data. We need the SPServices of Big Data to be invented or a Hadoop webpart for SharePoint.

Tim Ferro

SharePoint Developer Tips #3

SharePoint Developer Tips #2 and SharePoint Developer Tips #1

SPPersistedObject Class

The SPPersistedObject class provides a base class for all administration objects. It serializes all fields marked with the Persisted attribute to XML and writes the XML blob to the configuration database. The SPPersistedObject class contains code to serialize all its members that are base types, other persisted objects, and collections of persisted objects. Configuration data that is stored in persisted objects is automatically made available to every process on every server in the farm. – MSDN

That’s the technical definition but Charlie Holland says it much better here with a great code example as well. Add this to your SharePoint developer bag of tricks.

WebPartVerbCollection

Web Parts verbs are interactive user interface (UI) elements that are displayed in a menu or title bar of a Web Parts control. A Web Parts zone provides to a Web Parts control a standard set of verbs that are rendered in the Web Parts verb menu. A custom Web Parts zone or a Web Parts control can add additional verbs to this menu.

ASP.NET provides several standard verbs by default to all controls in a Web Parts zone, including the close and minimize verbs. There are standard verbs for opening, closing, editing, and minimizing a control, and other verbs for exporting a definition for the control or loading a Help file. – MSDN

Donut Caching
This has been around for many years but seems to be a relatively unknown feature. Scott Guthrie says it best:

Output Cache Substitution – This nifty feature enables you to implement what I sometimes call “donut caching” — where you output cache everything on a page except for a few dynamic regions that are contained within cached regions. This enables you to implement full page output caching more aggressively, and not have to split your pages into multiple .ascx user control files to order to implement partial page caching. – http://weblogs.asp.net/scottgu

Full article with code here: http://weblogs.asp.net/scottgu/archive/2006/11/28/tip-trick-implement-donut-caching-with-the-asp-net-2-0-output-cache-substitution-feature.aspx

Tim Ferro