Configuring a SharePoint website to allow SSL connections

This is the second in a series of posts on securing mixed SSL sites in SharePoint. This post will cover how to configure a SharePoint forms based web application to allow SSL/HTTPS connections. The process involves setting up an SSL certificate and configuring IIS and SharePoint to allow requests over HTTPS.
The following steps assume that you have a SharePoint web application already set up using forms based authentication. If you need details on how to do this see the article on Technet titled “Forms Authentication in SharePoint Products and Technologies”. We will be using IIS 7 in this example but a similar process can be followed using IIS 6 using the SelfSSL utility. As mentioned in the previous article this will differ if you are using off-box SSL termination and/or already have a registered SSL certificate.

Architectural overview

The following diagram shows the logical architecture for the setup that will be covered. The default web application is configured at www.company.com and uses forms based authentication with a SQL database to store membership and role information. This web application allows anonymous access and is exposed to the public over the internet. The default web application has been extended onto a second IIS web site at author.company.com that is configured to use Windows authentication. This is a simple configuration that allows internal users to enter content on a separate site that is not available externally. Other configurations are possible (including using content deployment) but aren’t in the scope of this article.

The first step we will cover is shown on the right of the diagram and involves adding an additional binding to the www.company.com web site in IIS and adding an alternate access mapping to the web application in SharePoint.

Associate an SSL certificate with the IIS website

On a production environment you will obviously need to purchase a SSL certificate for the domain that you wish to secure but on a development environment an easy way to mimic this is to create a self signed certificate.
Create a new Self Signed Certificate for the existing web application
1. Click on the root node in IIS 7 Manager and select the “Server Certificates” icon in the feature pane on the right:

2. Click the “Create Self-Signed Certificate…” link on the right hand side of the page

3. Enter a name (I’m using www.company.com in this example) and click OK. You should see your certificate appear in the list of server certificates.

4. Select the IIS site that is running the SharePoint application and click on the “Bindings…” link on the right hand side of the page
5. To enable SSL click “Add”, select “https” and select the SSL certificate we created earlier:

6. Click OK. At this point we have configured IIS to allow connections to this site over SSL but we need to let SharePoint know to map these requests to the correct web application.

Configure SharePoint to accept requests over HTTPS

7. Navigate to Central Administration > Operations, select “Alternate Access Mappings” and click “Edit Public URL’s”

8. Select the Alternate Access Mapping Collection for the FBA web application and enter the relevant HTTPS address (e.g. My FBA site is located at http://www.company.com as an example so I would enter https://www.company.com). It is up to you which Zone you put the URL in as this doesn’t affect anything and is just there to help you remember what they are each used for.

9. That’s it! You should now be able to browse to your site using SSL. If you are using a self signed certificate you will first be presented with a certificate warning so click on the “Continue to this website (not recommended)” link and your site will be displayed.

Now we can browse to our site over HTTP and HTTPS but will need to do some more work to ensure that the right protocol is used for each page. We need to ensure that pages displaying or sending sensitive information like passwords and/or address details are delivered over HTTPS, but pages such as the homepage are delivered via HTTP to avoid the additional processing encrypting and decrypting these non-sensitive pages.

Additional Resources:

• MSDN covers the process of setting up a forms authenticated site in their article “Forms Authentication in SharePoint Products and Technologies (Part 1): Introduction”
• The SharePoint Team blog covers Alternate Access Mappings in more detail in their article “What every SharePoint administrator needs to know about Alternate Access Mappings (Part 1 of 3)”
• Scott Guthrie has a more detailed explanation of how to enable self signed certificates using IIS 7.0

How to Configure SSL Certificate for the Central Administration Web Site of SharePoint Server 2010

Introduction

In this article, I will explain how to install and configure self-signed SSL certificate for the central administration web site in SharePoint Server 2010. This procedure is also applicable for any other web applications for both SharePoint 2007 and SharePoint 2010.
Follow the steps below to configure SSL certificate for central administration web site:

Create Self-Signed SSL Certificate

1. Log into the web server by using the SharePoint Set up account.
2. Open IIS Manager. Click on the IIS Server and then double click Server Certificates.
3. Click Create Self-Signed Certificate link as shown in the figure below:
4. Enter the name of the SSL certificate that you want to associate with the central administration web site.
5. SSL certificate is created.

Bind Self-Signed SSL Certificate with the Central Administration Web Site

6. Right-click Central Administration web site. On the context menu, click Edit Bindings.
7. A windows dialogue box will appear.
8. Click Add to create a new binding for central administration web site.
9. On the Add Site Binding window, select https from the Type dropdown and select SSL certificate from SSL certificate dropdown. Click OK to save changes.
10. Click Remove button to remove default http binding as shown in the figure below:
11. Now we have only https binding left for the central administration web site.

Update SSL Settings for the Central Administration Web Site

12. Select SharePoint Central Administration v4. Double-click SSL Settings to open SSL Settings page.
13. Configure the following options and click Apply to save settings.
    • Require SSL (checked)
    • Require 128-bit SSL (checked)
    • Client certificate: Ignore (selected)
    

Execute STSADM Command to Update Registry Settings on the SharePoint Farm

14. Open command prompt and execute the following statement:
    Collapse | Copy Code

    STSADM -o setadminport -port 443 -ssl

    
15. Now open SharePoint Central Administration Website.
16. As you see in the screenshot above, Internet Explorer is showing SSL certificate error. Now to browse to alternate access mapping page and specify fully qualified domain name for the central administration web site. i.e. ServerName.DomainName. Once the alternate access mapping settings are updated, close your browser and open the central administration web site again.

I do hope that you will find this article useful, when using SSL certificate for the SharePoint web applications. Please leave your valuable comments.

How to Enable Anonymous access to sharepoint site?

Enable anonymous access for a zone of a Web application

1. From Administrative Tools, open the SharePoint Central Administration Web site application.
2. On the Central Administration home page, click Application Management.
3. On the Application Management page, in the Application Security section, click Authentication providers.
4. On the Authentication Providers page, make sure the Web application that is listed in the Web Application box (under Site Actions) is the one that you want to configure. If the listed Web application is not the one that you want to configure, click the drop-down arrow to the right of the Web Application drop-down list box and select Change Web Application.
5. In the Select Web Application dialog box, click the Web application that you want to configure.
6. On the Authentication Providers page, click the zone of the Web application on which you want to enable anonymous access. The zones that are configured for the selected Web application are listed on the Authentication Providers page.
7. On the Edit Authentication page, in the Anonymous Access section, select Enable Anonymous Access, and then click Save.

At this point, the Web application zone has been enabled for anonymous access.

Enable anonymous access for individual sites

Now you need to enable anonymous access for individual sites in the site collection.

Enable anonymous access for individual sites

1. Go to the site on which you want to enable anonymous access and click the Site Actions menu.
2. On the Site Actions menu, click Site Settings.
3. On the Site Settings page, in the Users and Permissions section, click Advanced Permissions.
4. On the Permissions page, on the Settings menu, click Anonymous Access. The settings for anonymous access lists three options:
   
   • Entire Web site   Select this option if you want to enable anonymous access for the entire Web site.
   • Lists and libraries   Select this option if you want to limit anonymous access to only the lists and libraries on your site.
   • Nothing   Select this option if you want to prevent anonymous access from being used on your site.
5. Click OK.

At this point, your site is configured for anonymous access based on the options that you have selected.

Enable anonymous access for individual lists

If you select Lists and libraries, enable anonymous access for individual lists.

Enable anonymous access for individual lists

1. Go to the home page of your Web site and, in the left navigation pane, click View All Site Content.
2. Click the list on which you want to enable anonymous access.
3. On the Settings menu, click List Settings.
4. On the Customize List page, in the Permissions and Management section, click Permissions for this list.
5. On the Permissions page, on the Actions menu, click Edit Permissions. A dialog box is displayed informing you that you are about to create unique permissions for this list. Click OK.
6. On the Settings menu, click Anonymous Access.
7. Select permissions for users who have anonymous access to the list, and then click OK.

At this point, users have anonymous access to the list you have configured. You can control whether users have anonymous access to other lists, the home page, or other pages on this site.

Steps To Install WSP file using STSADM

1. Add the solution
stsadm -o addsolution -filename {WSPFILENAME}
2. Deploy the solution
stsadm -o deploysolution -name {WSPFILENAME} -url {SITEURL}
3. Install the feature
stsadm -o installfeature -filename {FeatureFolder}\feature.xml
4. Activate the feature
stsadm -o activatefeature -id {FEATUREID} -url {SITEURL} -force
5. Deactive the feature
Stsadm.exe -o deactivatefeature -filename “C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\FEATURES\ViewFormPagesLockDown\feature.xml” -ur http://servername/
6.Uninstall the feature
stsadm -o uninstallfeature -filename
7.Retract Solution
stsadm -o retractsolution
-name
[-url]
[-allcontenturls]
[-time]
[-immediate]
8.Delete Solution
stsadm -o deletesolution
-name

To Remove a solution type the following

1.  Log into your Sharepoint Server and open command prompt as administrator.
2. Type: stsadm -o restractsolution -name YourWebPart.wsp -immediate -allcontenturls
3. stsadm -o deletesolution -name YourWebPart.wsp.

Creating batch file and scheduling it for backup ssp

Create a batch file

1. Click Start, and then click Run.
2. Type notepad, and then click OK.
3. In Notepad, type the following text:
   
   Copy Code

   @echo off
   echo ===============================================================
   echo Back up sites for the farm to C:\backup
   echo ===============================================================
   cd \Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN
   @echo off
   stsadm -o backup -directory <\\server name\folder name> -backupmethod full -item <database name> 
   echo completed

   where \\server name\folder name is the UNC path to the backup folder and where SSP name is the name of the SSP that you want to back up, for example: SharedServices1.
4. In Notepad, on the File menu, click Save As.
5. In the Save As box, select the folder where you want to keep your batch file.
6. Using the ".bat" file name extension, type the name of the file in the File name box, for example, backup_batch.bat.
7. In the Save as type box, click All files.
8. Click Save.

Schedule a backup

1. Start the Scheduled Task Wizard, and then click Next. ( To open Scheduled Tasks, click Start, click All Programs, point to Accessories, point to System Tools, and then click Scheduled Tasks.)
2. Click Browse, navigate to the batch file that you just created, and then click Open.
3. Type a name for your task, for example, backup_batch.
4. Select the frequency of this task (for example, weekly), and then click Next.
5. To automatically perform this backup periodically, select an interval such as Weekly or Monthly. To perform this backup one time, or to delay a single backup, select One time only.
6. Choose a time and start date for your backup.
7. Type a name and password for a user, and then click Next. This task will run as if it were started by that user.
8. Click Finish.
   To configure advanced settings for the task, select the Open advanced properties for this task when I click Finish check box in the final page of the wizard. This opens the properties dialog box for the task when you click Finish. You can then change the program being run on the Task tab, fine-tune the schedule on the Schedule tab, customize settings on the Settings tab, or set user and group permissions on the Security tab.

To view the current location of the content index

View the current location of the content index on the index server

1. In Central Administration, in the Quick Launch, click Shared Services Administration.
2. On the Manage this Farm’s Shared Services page, point to the appropriate SSP, click the arrow, and then click Edit Properties.
3. In the Index Server section, in the Path for index file location box, you can view the current content index location.
4. To return to the Manage this Farm’s Shared Services page, click OK.

Change the content index location for an index server (Office SharePoint Server 2007)

When deploying Microsoft Office SharePoint Server 2007, you can choose to specify the location where you want to store the index files, also referred to as the content index, on the index server or accept the default setting which is drive:\Program Files\Microsoft Office Servers\12.0\Data\Office Server\Applications\
where drive is the drive partition on which Office SharePoint Server 2007 is installed.
After the index file is created at the location you chose, you might later decide to change the location of the file for one of the following reasons:

• You forgot to specify the location you wanted during deployment or you performed a basic installation, so the default index file location was used.
• You have added an additional hard drive or storage area network (SAN) to your index server to store the index file.
• You have discovered that the location you chose does not have enough available disk space.

Regardless of the reason for changing the location, you can use the following procedures in the order shown to change the location of your index file. You can use these procedures in a production environment. Note that these procedures not only assign a different file location for the content index but also copy the content index to the new location that you specify.

Warning:

If an index server is also configured as a query server, users will be unable to get search results from their queries while the index is being moved to the new location. This is because when one server is used as both an index server and query server the index is not propagated to other servers. If an index server is also a query server, we recommend that you schedule the index file location change for a time that will be least disruptive to your end users.

Prerequisites

To perform the procedures shown in this article, you have to be a Search Service administrator, and a member of the Administrators group on the index server.

Do not allow crawls to occur during the change

We recommend that do not change the index location while content is being crawled. Otherwise, you might have to perform a full crawl of the content sources that were crawling during the move. To ensure that crawls do not occur during the file location change, do the following:

• Pause all content sources that are currently crawling content. After the index has been moved to the new location you will resume the crawls that you paused. We recommend that you do not stop crawls because the next time you crawl the affected content source, the system will force a full crawl of that content source even if an incremental crawl is requested. For more information about stopping crawls, see Pause and resume a crawl (Office SharePoint Server 2007).
• Remove all crawl schedules that might start a crawl while the index file location is being changed. You do not need to remove crawl schedules for crawls that are paused.

 

Remove a crawl schedule for a particular content source

Perform the following steps on content sources that have scheduled crawls that might start while the content index location is being changed. Note that you do not need to perform these steps for content sources that are paused.

1. Complete one of the following steps depending on the status of your installation.
   
   • If the Infrastructure Update for Microsoft Office Servers is installed, in Central Administration, on the Quick Launch, in the Shared Services Administration group, click the shared service you want to configure.
     On the Shared Services Administration page, in the Search section, click Search administration.
     On the Search Administration page, in the Crawling section of the Quick Launch, click Content sources.
     

     Note:
     For more information, see Description of the Microsoft Office Servers Infrastructure Update (http://go.microsoft.com/fwlink/?LinkID=121886).

   • If the Infrastructure Update for Microsoft Office Servers is not installed, in Central Administration, on the Quick Launch, in the Shared Services Administration group, click the shared service provider you want to configure.
     On the Shared Services Administration page, in the Search section, click Search settings.
     On the Configure Search Settings page, in the Crawl settings section, click Content sources and crawl schedules.
2. On the Manage Content Sources page, point to the content source for which you want to remove a crawl schedule, click the arrow, and then click Edit.
3. On the Edit Content Source page, in the Crawl Schedules section, if the Full Crawl list is set to None or set to a schedule that will not start during the time that the index location is being changed, proceed to step 7. Otherwise continue to step 4.
4. In the Crawl Schedules section, below the Full Crawl list click Edit schedule.
   The Manage Schedules dialog box appears.
5. Write down the settings of the crawl schedule and the content source for which it is configured so that you can recreate this crawl schedule after the index file location has been changed. Click Cancel to close the Manage Schedules page.
6. Select None in the Full Crawl list.
7. On the Edit Content Source page, in the Crawl Schedules section, if the Incremental Crawl list is set to None or set to a schedule that will not start during the time that the index location is being changed, proceed to step 11. Otherwise, continue to step 8.
8. In the Crawl Schedules section, below the Incremental Crawl list click Edit schedule.
   The Manage Schedules dialog box appears.
9. Write down the settings of the crawl schedule and the content source for which it is configured so that you can recreate this crawl schedule after the index file location has been changed. Click Cancel to close the Manage Schedules page.
10. Select None in the Incremental Crawl list.
11. Click OK to close the Edit Content Source page.
12. Repeat steps 2 through 11 for each remaining content source that is not paused.

Ensure delete crawls are not taking place

Delete crawls occur when a search service administrator deletes a content source or a start address from a content source. When either of these actions occurs, the system deletes the items associated with the affected URLs from the index.
We recommend that you verify whether delete crawls are taking place, and if they are, wait for them to complete before you move the index file location.

Verify whether delete crawls are taking place

1. In Central Administration, on the Quick Launch, in the Shared Services Administration group, click the shared service provider that you want to configure.
2. On the Shared Services Administration page, in the Search section, click Search settings.
3. On the Configure Search Settings page, in the Crawl Settings section, verify that the Indexing status is Idle.
   

   Tip:
   If a delete crawl is taking place, the Indexing status row displays “Deleting content from the index“.

4. If a delete crawl is taking place, wait for it to stop before proceeding to the next step. We recommend that you refresh the page periodically to ensure that you are viewing the latest status.

Back up the Shared Services Provider

Before you change the index file location, we recommend that you create a full backup of the Shared Services Provider that hosts the index for which you are changing the location. Doing so backs up the following items that are related to search:

• Search data, including the search database
• Content index that is in the file system of the index server.

For more information, see Back up and restore SSPs (Office SharePoint Server 2007).

Change the location of the index file

Use the following procedures to change the location of the index file.

Verify the name of the shared services provider

Note:
You must be a farm administrator to perform the following steps.

1. In Central Administration, on the Application Management tab, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.
2. On the Mange this Farm’s Shared Services page, in the SSP and associated Web applications column, you can see the name of the shared services provider. Write this name down – you will need it in a later step.

Change the index file to a new location

Note:
You must be a member of the Administrators group on the index server to perform these steps.

Perform the following steps to change the index file location. Note that this procedure copies the index to the new location – it does not delete the content index in the original location. You can choose to delete the files in the original location later in this article.

1. Log on to the index server as a member of the Administrators group.
2. Open a command prompt.
3. Type the following and then press ENTER to go to the folder that contains the stsadm.exe command-line utility.
   cd %COMMONPROGRAMFILES%\Microsoft shared\Web server extensions\12\bin
4. Type the following and then press ENTER to move the content index to the new location.
   stsadm –o editssp –title sspname -indexlocation drive:\folder
   where sspname is the name of the shared services provider that is associated with the content index.
   drive:\folder is the new location to which you want to move the content index.
   

   Important:
   The –indexlocation property must refer to an NTFS partition on a hard drive or SAN that is attached to the index server.

5. After the command prompt displays "Operation completed successfully" proceed to the next step.

(Optional) Delete the content index from the original location.

You can choose to delete the content index from the original location. To do so, use Windows Explorer to delete the original file location.

Resume crawls and restore

If you paused crawls earlier, you can now resume those crawls. For more information, see Pause and resume a crawl (Office SharePoint Server 2007).

Note:
When resuming a crawl, if the “Crawling might be paused because a backup or an index move operation is in progress” dialog box appears, click OK to continue.

Restore crawl schedules

If you removed any crawl schedules earlier, you can recreate them now. For more information, see Crawl content (Office SharePoint Server 2007).
You can start new incremental crawls after the index is moved. You are not required to perform full crawls.

How to redirect form one site to distination site using java Script, Content editor webpart

Write below code on Content Editor Webpart
<script language="javascript">
location.replace("http://servname:9999/sites/abc/123");
</script>

With message

<html>

 <body>
<h1 style="color:red">This site has been moved to "http://servname:9999/sites/abc/123". Please Update on your Favorites.</h1>
   </body>


   <head>
         <script type="text/javascript">
         <!--
            function Redirect() {
               window.location="http://servname:9999/sites/abc/123";
            }
         
            document.write("You will be redirected to new site in 10 sec.");
            setTimeout('Redirect()', 10000);
         //-->
      </script>

   </head>
 
  </html>