Solution to stop unecessary calls to SharePoint Server from Microsoft Office applications

Published Links are the addresses of SharePoint sites/libraries which are available to user as a destination to save the document from Office Application. User can add additional sites/libraries by clicking on Connect To Office button on SharePoint Document Library ribbon.

Microsoft Office Applications e.g. Word and Excel try to sync information for all Published Links of SharePoint when a user opens “Save As” dialogue. This call is necessary to ensure that Office application has the latest list of sites which a user has selected by using “Connect to Office” option. Office applications gets the latest list by calling a SharePoint out of the box webservice  available at following server relative address:

/_vti_bin/publishedlinksservice.asmx

Problem:

If Office application unable to access this address, it will display the login prompt. This will quickly become a nuisance, if you no longer use that SharePoint (e.g. you have left organisation, SharePoint address has changed etc.)

Resolution:

Remove the following two Registry entries as follows:

1. Remove all unncessary sub-keys from HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Portal\Link Providers
2. Remove all unnecessary sub-keys from HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Server Links\Published

Above two keys store the SharePoint site addresses to retrieve latest SharePoint locations. Office applications use these registry keys to find SharePoint site addresses and try to connect to SharePoint and shows Sign-in prompts, if unable to connect.

How to receive latest updates in O365 Developer Tenant As Soon As Possible?

Microsoft contniously updates Office 365 with new features and experiences and releases them to the users as per release preference selected by customer.

If you have a Developer Tenant account and want to receive updates as soon as possible, you will need to swicth your Release Preference  to First release track.

Following is the step by step procedure to switch the release preference. Please note these action can only be performed by Office 365 Admin. In Developer tenant, you are the Admin 🙂

1. Sign in to your Office 365 account;
2. Click Admin tile;
3. Under Settings, click Organization profile;
4. Click Release preferences;
5. In newly opened Release preferences blade, click First release for everyone;
6. click Next;
7. Click Yes;
8. Click Close

How to enable new User Experience for SharePoint Online Document Libraries and Lists

Microsoft is rolling out new user experience for Document Libraries and Lists in SharePoint Online. If you are a SharePoint Online tenant user and want to test new User Experience for your Document Library and/or SharePoint Lists then perform following steps:

Document Library:

1. Open Library Settings
2. Click Advanced Settings
3. Scroll to bottom of the page, you will see a new setting called List Experience, similar to following:
4. 
5. Click New experience
6. Click OK

SharePoint List:

You can try the same steps for SharePoint Lists also but if they do not work, here is another trick:

1. Navigate to your desired list
2. Append a QueryString parameter TryNewExperience=true in your url and refresh the page
3. Example:
   1. Original List Url: https://yourdomain.sharepoint.com/Lists/Test%20List/AllItems.aspx
   2. After QueryString parameter:  https://yourdomain.sharepoint.com/Lists/Test%20List/AllItems.aspx?TryNewExperience=true

What is a SharePoint Farm?

It is a common question asked by many users that what exactly we mean by SharePoint Farm? The answer is

A SharePoint Farm is a collection of all those SharePoint servers that share the same SharePoint configuration database.

By Default, configuration database name is SharePoint_Config. As per Microsoft TechNet article here, configuration database is the fundamental SharePoint database and used for following:

• Contains data about all SharePoint databases,
• all Internet Information Services (IIS) Web sites or Web applications,
• Trusted solutions,
• Web Part Packages,
• Site templates,
• Web application and farm settings specific to SharePoint 2013, such as default quota and blocked file types.

Requirements:

• Must be co-located with Central Administration Content database
• Only one Configuration database is supported per farm.
• Scale up only, significant growth is unlikely.

Step-by-Step SharePoint Online Authentiaction Process via HTTP Protocol

Here is the step-by-step, behind the scene, authentication process of SharePoint Online. You can use it to connect to SharePoint Online from any Microsoft or Non-Microsoft technology.  It gives you an idea of how things work at the very basic level of HTTP protocol, while authenticating a user in SharePoint Online.

Assumption:

• User is trying to access a SharePoint resource (e.g. File, list Item) by code, but does not have valid authenticated session.
• Code needs to authenticate the user to SharePoint Online and needs to receive authentication cookie for future requests.

Process:

Note
Replace “yourdomain.com” with your actual domain as registered on sharepoint.com.
Replace “username” with full username e.g. paul.brooks@mycompany.com

1. Try to access a resource on your SharePoint Online by sending GET e.g.
   1. GET https://yourdomain.sharepoint.com/
   2. Set Header X-IDCRL_ACCEPTED: t
2. SharePoint Online server will reply with error
   1. 401 Unauthorized along with following header
   2. WWW-Authenticate: IDCRL Type=”BPOSIDCRL”, EndPoint=”/_vti_bin/idcrl.svc/“, RootDomain=”sharepoint.com”, Policy=”MBI”
3. The above response means, SharePoint Online is challenging you to first authenticate yourself by a trusted AD (Federation Provider) and then come back again, to provided EndPoint (i.e. /_vti_bin/idcrl.svc) , to get authentication Cookie for future session requests.
4. Now, to get authenticated, you need to send POST request with your username to https://login.microsoftonline.com/getuserrealm.srf?login=username@yourdomain.com&xml=1
5. SharePoint Online web server will reply with XML similar to following:

<?xml version="1.0"?><RealmInfo Success="true">
	<State>3</State>
	<UserState>2</UserState>
	<Login>username@yourmain.com</Login>
	<NameSpaceType>Federated</NameSpaceType>
	<DomainName>yourdomain.com</DomainName>
	<FederationGlobalVersion>-1</FederationGlobalVersion>
	<AuthURL>https://sts.yourdomain.com/adfs/ls/</AuthURL>
	<IsFederatedNS>true</IsFederatedNS>
	<STSAuthURL>https://sts.yourdomain.com/adfs/services/trust/2005/usernamemixed</STSAuthURL>
	<FederationTier>0</FederationTier>
	<FederationBrandName>yourdomain.com</FederationBrandName>
	<AllowFedUsersWLIDSignIn>false</AllowFedUsersWLIDSignIn>
	<Certificate>Very Long String Containing your Certificate Information</Certificate>
	<MEXURL>https://sts.yourdomain.com/adfs/services/trust/mex</MEXURL>
	<SAML_AuthURL/>
	<PreferredProtocol>1</PreferredProtocol>
	<EDUDomainFlags>0</EDUDomainFlags>
</RealmInfo>

6. Retrieve STSAuthURL value in above XML
7. POST the following XML to above retrieved STSAuthURL e.g. https://sts.yourdomain.com/adfs/services/trust/2005/usernamemixed
   This will contain your username and password for authentication

<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
	<s:Header>
		<wsa:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
		<wsa:To s:mustUnderstand="1">https://sts.yourdomain.com/adfs/services/trust/2005/usernamemixed</wsa:To>
		<wsa:MessageID>GUID in this format 7f60eeb9-db69-4411-b600-b6570dfb0ddf</wsa:MessageID>
		<ps:AuthInfo xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" Id="PPAuthInfo">
			<ps:HostingApp>Managed IDCRL</ps:HostingApp>
			<ps:BinaryVersion>6</ps:BinaryVersion>
			<ps:UIVersion>1</ps:UIVersion>
			<ps:Cookies/>
			<ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams>
		</ps:AuthInfo>
		<wsse:Security>
			<wsse:UsernameToken wsu:Id="user">
				<wsse:Username>username@yourdomain.com</wsse:Username>
				<wsse:Password>Password of the user</wsse:Password>
			</wsse:UsernameToken>
			<wsu:Timestamp Id="Timestamp">
				<wsu:Created>2016-03-18T16:26:35.0709397Z</wsu:Created>
				<wsu:Expires>2016-03-18T16:36:35.0719398Z</wsu:Expires>
			</wsu:Timestamp>
		</wsse:Security>
	</s:Header>
	<s:Body>
		<wst:RequestSecurityToken Id="RST0">
			<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
			<wsp:AppliesTo>
				<wsa:EndpointReference>
					<wsa:Address>urn:federation:MicrosoftOnline</wsa:Address>
				</wsa:EndpointReference>
			</wsp:AppliesTo>
			<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType>
		</wst:RequestSecurityToken>
	</s:Body>
</s:Envelope>

8. Server will reply with the following XML, if you have valid username and password. Following contains the SAML security token

You will note that <a:RelatesTo> node contains the same GUID which you passed as MessageID in the Request

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
	<s:Header>
		<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
		<a:RelatesTo>7f60eeb9-db69-4411-b600-b6570dfb0ddf</a:RelatesTo>
		<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
			<u:Timestamp u:Id="_0">
				<u:Created>2016-03-18T16:27:39.529Z</u:Created>
				<u:Expires>2016-03-18T16:32:39.529Z</u:Expires>
			</u:Timestamp>
		</o:Security>
	</s:Header>
	<s:Body>
		<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
			<t:Lifetime>
				<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-03-18T16:27:39.523Z</wsu:Created>
				<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-03-18T17:27:39.523Z</wsu:Expires>
			</t:Lifetime>
			<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
				<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
					<wsa:Address>urn:federation:MicrosoftOnline</wsa:Address>
				</wsa:EndpointReference>
			</wsp:AppliesTo>
			<t:RequestedSecurityToken>
				<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_b73fceb0-XXXX-4f70-98e0-ad664d27afc9" Issuer="http://yourdomain.com/adfs/services/trust/" IssueInstant="2016-03-18T16:27:39.529Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
					<saml:Conditions NotBefore="2016-03-18T16:27:39.523Z" NotOnOrAfter="2016-03-18T17:27:39.523Z">
						<saml:AudienceRestrictionCondition>
							<saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
						</saml:AudienceRestrictionCondition>
					</saml:Conditions>
					<saml:AttributeStatement>
						<saml:Subject>
							<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">yFcXXXXC9kS3vGXgpnSyNw==</saml:NameIdentifier>
							<saml:SubjectConfirmation>
								<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
							</saml:SubjectConfirmation>
						</saml:Subject>
						<saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims">
							<saml:AttributeValue>username@yourdomain.com</saml:AttributeValue>
						</saml:Attribute>
						<saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
							<saml:AttributeValue>yFcXXXXC9kS3vGXgpnSyNw==</saml:AttributeValue>
						</saml:Attribute>
					</saml:AttributeStatement>
					<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2016-03-18T16:27:39.520Z">
						<saml:Subject>
							<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">yFcXXXXC9kS3vGXgpnSyNw==</saml:NameIdentifier>
							<saml:SubjectConfirmation>
								<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
							</saml:SubjectConfirmation>
						</saml:Subject>
					</saml:AuthenticationStatement>
					<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
						<ds:SignedInfo>
							<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
							<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
							<ds:Reference URI="#_b73fceb0-c9e9-XXXX-98e0-ad664d27afc9">
								<ds:Transforms>
									<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
									<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
								</ds:Transforms>
								<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
								<ds:DigestValue>NK0XXXXapBi+LwTyIXiicj5rfsc=</ds:DigestValue>
							</ds:Reference>
						</ds:SignedInfo>
						<ds:SignatureValue>Very long string as Signature</ds:SignatureValue>
						<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
							<X509Data>
								<X509Certificate>Very Long String as Certificate Data</X509Certificate>
							</X509Data>
						</KeyInfo>
					</ds:Signature>
				</saml:Assertion>
			</t:RequestedSecurityToken>
			<t:RequestedAttachedReference>
				<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
					<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_b73XXXX0-c9e9-4f70-98e0-ad664d27afc9</o:KeyIdentifier>
				</o:SecurityTokenReference>
			</t:RequestedAttachedReference>
			<t:RequestedUnattachedReference>
				<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
					<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_b7XXXeb0-c9e9-4f70-98e0-ad664d27afc9</o:KeyIdentifier>
				</o:SecurityTokenReference>
			</t:RequestedUnattachedReference>
			<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
			<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
			<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
		</t:RequestSecurityTokenResponse>
	</s:Body>
</s:Envelope>

9. Extract saml:Assertion node from t:RequestedSecurityToken
10. POST following XML to https://login.microsoftonline.com/RST2.srf

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
	<s:Header>
		<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
		<a:RelatesTo>7f6XXXb9-db69-4411-b600-b6570dfb0ddf</a:RelatesTo>
		<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
			<u:Timestamp u:Id="_0">
				<u:Created>2016-03-18T16:27:39.529Z</u:Created>
				<u:Expires>2016-03-18T16:32:39.529Z</u:Expires>
			</u:Timestamp>
		</o:Security>
	</s:Header>
	<s:Body>
		<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
			<t:Lifetime>
				<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-03-18T16:27:39.523Z</wsu:Created>
				<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2016-03-18T17:27:39.523Z</wsu:Expires>
			</t:Lifetime>
			<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
				<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
					<wsa:Address>urn:federation:MicrosoftOnline</wsa:Address>
				</wsa:EndpointReference>
			</wsp:AppliesTo>
			<t:RequestedSecurityToken>
				<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_b7XXXeb0-c9e9-4f70-98e0-ad664d27afc9" Issuer="http://yourdomain.com/adfs/services/trust/" IssueInstant="2016-03-18T16:27:39.529Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
					<saml:Conditions NotBefore="2016-03-18T16:27:39.523Z" NotOnOrAfter="2016-03-18T17:27:39.523Z">
						<saml:AudienceRestrictionCondition>
							<saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
						</saml:AudienceRestrictionCondition>
					</saml:Conditions>
					<saml:AttributeStatement>
						<saml:Subject>
							<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">yFcXXX6C9kS3vGXgpnSyNw==</saml:NameIdentifier>
							<saml:SubjectConfirmation>
								<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
							</saml:SubjectConfirmation>
						</saml:Subject>
						<saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims">
							<saml:AttributeValue>username@yourdomain.com</saml:AttributeValue>
						</saml:Attribute>
						<saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
							<saml:AttributeValue>yFcXXXXC9kS3vGXgpnSyNw==</saml:AttributeValue>
						</saml:Attribute>
					</saml:AttributeStatement>
					<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2016-03-18T16:27:39.520Z">
						<saml:Subject>
							<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">yFcXXXXC9kS3vGXgpnSyNw==</saml:NameIdentifier>
							<saml:SubjectConfirmation>
								<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
							</saml:SubjectConfirmation>
						</saml:Subject>
					</saml:AuthenticationStatement>
					<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
						<ds:SignedInfo>
							<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
							<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
							<ds:Reference URI="#_b73XXXb0-c9e9-4f70-98e0-ad664d27afc9">
								<ds:Transforms>
									<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
									<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
								</ds:Transforms>
								<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
								<ds:DigestValue>NKXXXXsapBi+LwTyIXiicj5rfsc=</ds:DigestValue>
							</ds:Reference>
						</ds:SignedInfo>
						<ds:SignatureValue>Very long string as Signature</ds:SignatureValue>
						<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
							<X509Data>
								<X509Certificate>Very Long String as Certificate Data</X509Certificate>
							</X509Data>
						</KeyInfo>
					</ds:Signature>
				</saml:Assertion>
			</t:RequestedSecurityToken>
			<t:RequestedAttachedReference>
				<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
					<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_b7XXXeb0-c9e9-4f70-98e0-ad664d27afc9</o:KeyIdentifier>
				</o:SecurityTokenReference>
			</t:RequestedAttachedReference>
			<t:RequestedUnattachedReference>
				<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
					<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_b7XXXeb0-c9e9-4f70-98e0-ad664d27afc9</o:KeyIdentifier>
				</o:SecurityTokenReference>
			</t:RequestedUnattachedReference>
			<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
			<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
			<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
		</t:RequestSecurityTokenResponse>
	</s:Body>
</s:Envelope>

11. Server Returns following XML and sets following Cookies
    1. SASession=; expires=Thu, 30-Oct-1980 16:00:00 GMT;domain=login.microsoftonline.com;secure= ;path=/;HTTPOnly= ;version=1
    2. x-ms-gateway-slice=orgidprod; path=/; secure; HttpOnly
    3. stsservicecookie=orgidprod; path=/; secure; HttpOnly
    4. Compact Policy token is present. A trailing ‘o’ means opt-out, a trailing ‘i’ means opt-in.
    5. P3P Header is also sent as follows CP=”DSP CUR OTPi IND OTRi ONL FIN”

<?xml version="1.0" encoding="utf-8" ?>
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing">
 <S:Header>
 <wsa:Action xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Action" S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</wsa:Action>
 <wsa:To xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="To" S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
 <wsse:Security S:mustUnderstand="1">
 <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TS">
 <wsu:Created>2016-03-18T16:27:40Z</wsu:Created>
 <wsu:Expires>2016-03-18T16:32:40Z</wsu:Expires>
 </wsu:Timestamp>
 </wsse:Security>
 </S:Header>
 <S:Body>
 <wst:RequestSecurityTokenResponse xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
 <wst:TokenType>urn:passport:compact</wst:TokenType>
 <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
 <wsa:EndpointReference>
 <wsa:Address>sharepoint.com</wsa:Address>
 </wsa:EndpointReference>
 </wsp:AppliesTo>
 <wst:Lifetime>
 <wsu:Created>2016-03-18T16:27:40Z</wsu:Created>
 <wsu:Expires>2016-03-19T00:27:40Z</wsu:Expires>
 </wst:Lifetime>
 <wst:RequestedSecurityToken>
 <wsse:BinarySecurityToken Id="Compact0">Very Long String to represent Binary Security Token</wsse:BinarySecurityToken>
 </wst:RequestedSecurityToken>
 <wst:RequestedAttachedReference>
 <wsse:SecurityTokenReference>
 <wsse:Reference URI="OaBXXXX6kZOe7k9C3MR1SdlN/x0="/>
 </wsse:SecurityTokenReference>
 </wst:RequestedAttachedReference>
 <wst:RequestedUnattachedReference>
 <wsse:SecurityTokenReference>
 <wsse:Reference URI="OaXXXX46kZOe7k9C3MR1SdlN/x0="/>
 </wsse:SecurityTokenReference>
 </wst:RequestedUnattachedReference>
 </wst:RequestSecurityTokenResponse>
 </S:Body>
</S:Envelope>

12. Extract the value of

    wsse:BinarySecurityToken [ Id=Compact0 ]

    from above returned XML response

13. Send following GET request to

    https://yourdomain.sharepoint.com/_vti_bin/idcrl.svc

    after setting following Request Header X-IDCRL_ACCEPTED: t

    1. Authorization: BPOSIDCRL Add the above extracted value of  wsse:BinarySecurityToken [ Id=Compact0 ]
14. Server will respond to set the special cookie called SPOIDCRL along with P3P policy header. This is the cookie which SharePoint Online will check in all requests, to make sure that your request is coming from an authenticated client. Sample raw response response is as follows:

HTTP/1.1 200 OK

 Cache-Control: private

 Server: Microsoft-IIS/8.5

 X-SharePointHealthScore: 0

 X-AspNet-Version: 4.0.30319

 Set-Cookie: SPOIDCRL=Base64 Encoded String containing membership info and some other information; path=/; secure; HttpOnly

 SPRequestGuid: a9cb699d-60de-2000-1f64-ddad45389266

 request-id: a9cb699d-60de-2000-1f64-ddad45389266

 Strict-Transport-Security: max-age=31536000

 X-FRAME-OPTIONS: SAMEORIGIN

 SPRequestDuration: 132

 SPIisLatency: 0

 X-Powered-By: ASP.NET

 MicrosoftSharePointTeamServices: 16.0.0.5104

 X-Content-Type-Options: nosniff

 X-MS-InvokeApp: 1; RequireReadOnly

 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

 Date: Fri, 18 Mar 2016 16:27:39 GMT

 Content-Length: 0

15. Send this Cookie with all other future SharePoint requests.

Quickly find the current used storage of your site collection by using REST

If you want to find out how much storage your SharePoint site collection is currently using then you can use the following REST url in your browser

://<Replace your Site Collection Url>/_api/site/Usage/Storage

http://sp/_api/site/Usage/Storage

You will get response similar to following. Please note SharePoint report storage in bytes so to get the size in MB you need to divide it by 1048576 .

In following example: storage in MB will be 8038715 / 1048576 = 7.67 MB

All possible ways to find SharePoint Version and Build number

If you are trying to find exact Version and Patch level of your SharePoint installation, then use one of the following methods

Method 1 : Using Service.cnf url

1. Navigate to following url in your browser  <Your SharePoint Site>/_vti_pvt/Service.cnf
2. You will a response similar to following

vti_encoding:SR|utf8-nl
vti_extenderversion:SR|14.0.0.4762 

Check the number shown in your response at SharePoint Build Numbers

Method 2 : Using Central Administration Site

1. Launch SharePoint Central Administration site
2. Under Upgrade and Migration, click Check product and migration status
3. You will get screen similar to following

Method 3 : Using PowerShell

1. Launch SharePoint 2010 Management Shell
2. Enter PowerShell command Get-SPFarm | Select BuildVersion
3. You will get screen similar to following

Method 4 : Checking Registry setting

1. Launch Registry Editor on your SharePoint web front end
2. Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\14.0
3. Check the value of BuildVersion as shown in following screen

Method 5 : Checking HTTP Header

1. Launch Fiddler or any other Proxy traffic inspector on any client computer which can access a SharePoint site
2. Navigate to any page of your SharePoint site on client computer
3. Check MicrosoftSharePointTeamServices response header in Fiddler, as shown in screen below

Solution for “SharePoint Designer cannot display the item” error to edit workflow

If you are unable to edit workflows in SharePoint 2013 after upgrading from 2010 and getting following error then perform  the steps mentioned below to resolve this issue.

SharePoint Designer cannot display the item

1. Make sure you have uninstalled SharePoint Designer 2010
2. Close SharePoint Designer 2013
3. On the local computer, browse to the following folder:
   • C:\Users\<Replace Your User Name>\AppData\Local\Microsoft\WebsiteCache
   • Example: C:\Users\mark.lee.contoso\AppData\Local\Microsoft\WebsiteCache
4. Delete everything in WebsiteCache folder.
5. On the local computer, browse to the following folder:
   • C:\Users\<Replace Your User Name>\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache
   • Example: C:\Users\mark.lee.contoso\AppData\Roaming\Microsoft\SharePoint Designer\ProxyAssemblyCache
6. Delete everything in ProxyAssemblyCache folder.
7. Done.
8. Open SharePoint Designer 2013 and make the changes to your site as needed.

This happens due to cached .NET assemblies in above mentioned folders. These cached files confuses  SPD2013 to use older .NET code which is not compatible with SP2013.

Current Item Url in SharePoint Workflow

If you want to embed a link to current item in your SharePoint Workflow email or in any other action then use

Workflow Context -> Current Item Url

Exam 70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions Format

If you are preparing for the SharePoint 2013 certification 70-489 i.e. “Developing Microsoft SharePoint Server 2013 Advanced Solutions” then following will be helpful for you with regards to exam format:

• Exam will consist of total 46 questions
• Minimum passing score is 700
• Exam questions will be either multiple choice or scenario based drag and drop code exercises.
• Exam is divided into multiple sections; you can not go back to a completed section once you have marked it completed.
• There are two categories of exam sections,
  • Section of general SharePoint 2013 questions (Total 1 section of 20 questions)
  • Section of Case Study based questions (Total 4 sections of 6 to 8 questions per section)

For exam content details, skills measured and how to prepare, please refer to the certification page

http://www.microsoft.com/learning/en-us/exam-70-489.aspx