A few weeks ago I switched from client and began a new mission at an International Bank. They have big SharePoint Platform with 2 DMZ zones. Here is the technical overview of the SharePoint Platform.
DMZ Zone
Clients, members and other people can connect to the public SharePoint Internet sites.
People connecting from the public cloud have to pass the firewall and they are going to be routed by the F5 (Physical Load Balancer) to the DMZ zone so they can check the internet site. The sites who are being hosted on the DMZ zones are all anonym sites and visitors don’t have to use a username or password to check the site.
-
What is F5? F5 delivers world-class performance, security, and cloud solutions for top global websites, enterprises, and service providers. F5 Networks’ flagship product, the BIG-IP network appliance, was originally a network load balancer but today also offers other functionality such as access control and application security. Add-on modules to F5′s BIG-IP family of products offer email filtering and intelligent compression to allow for lower bandwidth and faster downloads in addition to load balancing and local traffic management capabilities.
-
What is DMZ? In computer security, a DMZ (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to a larger untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term “demilitarized zone”, an area between nation states in which military action is not permitted.
But Site Administrators or Persons who fill data on the site have to connect to the site; so basically they have to get access so they can authenticate.
But we had a problem to authenticate peoples coming from the public cloud and also contributors from other Active Directory’s.
-
What is Public Cloud? A public cloud is one based on the standard cloud computing model, in which a service provider makes resources, such as applications and storage, available to the general public over the Internet. Public cloud services may be free or offered on a pay-per-usage model. The main benefits of using a public cloud service are:
-
Easy and inexpensive set-up because hardware, application and bandwidth costs are covered by the provider.
-
Scalability to meet needs.
-
No wasted resources because you pay for what you use.
-
-
What is Active Directory? An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user.
Problem 1: We search for a user from another Active Directory and we have to wait more than 1 minute before the user is displayed in the people picker or getting a user is not found. Normally with this little PowerShell script you can tell the People Picker to search multiple domains. If you have a 2-way trusted domains
Stsadm -o setproperty -pn peoplepicker-searchadforests -pv “domain:Hades.Corp.Pegasus;domain:Poseidon.Corp.Perseus” -url http://publicinternetsite/
Even when I executed this little PowerShell command I couldn’t find my user. So I had to check the SharePoint Logs but even there not an explicit error. Only one solution left and this was to use WireShark to sniff the network protocol.
WireShark SharePoint 1
You will notice that for the first time when you will begin capture all the traffic a million of record will be appearing and you can normally not follow. We have authentication errors so we have to search on query who’s containing LDAP. So on the Filter text box you can hit LDAP so only traffic about LDAP will appear.
WireShark SharePoint 2
-
What is WireSHARK? Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.
-
What is LDAP? The Lightweight Directory Access Protocol is an application protocol for accessio only traffic about LDAP will appear.
WireShark SharePoint 2
-
What is WireSHARK? Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project wang and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number. LDAP is specified in a series of Internet Engineering Task Force (IETF) Standard Track Request for Comments (RFCs), using the description language ASN.1. The latest specification is Version 3, published as RFC 4511
The next step is to create LDAP traffic. Therefore open any SharePoint Site. Just go to the site actions menu and select Site Permissions. Try to search a user in the new AD. As an example I search a user with the login name “Gokan Ozcifci”.
You will see now some traffic in the WireShark. Click on stop monitoring.
WireShark SharePoint 3
Click on Edit Menu and then on “Find Packet”. Give the login name you searched for into the search box.
WireShark SharePoint 4
WireShark SharePoint 5
In my case, by inspecting the LDAP query I found out that we had a very long filer. By removing the filter everything worked fine.
Now I could authenticate my users coming from the public cloud or other domains. The question was I want to make changes on the Master Page without having design skills or even the capacity to use Design Manager on SharePoint 2013. I want to hide some parts of my page.
-
What is MasterPage? Master pages provide the look and feel that you want for all of the pages in your site. By changing the styles or content of the master page, you can quickly customize the appearance of an entire site.
-
What is Design Manager? Design Manager in SharePoint 2013 provides a new approach for designing websites. Several new branding and design-based capabilities available in Design Manager enable you to create a compelling look, feel, and behavior for your SharePoint 2013 site. Design Manager also supports importing and exporting a visual design, and can help you ensure a consistent visual experience across all device platforms in your organization.
Actually it’s pretty simple; if you can use JavaScript you can directly make changes on the MasterPage without changing anything on the Website.
Therefor you need to know that there is something called “Developer tools” on Internet Explorer that helps and leads you to get the name of each part on a SharePoint Site.
Hit F12 on a SharePoint Site and select “Select element by click”
Developer Tools 1
So when I click the Quick launch of our SharePoint Website
Developper Tools 2
I got every information on the Developper tool. I even can manually made changes here a get a little preview on the SharePoint Site.
Developper Tools 3
Now you can take each information that you want and use it.
A little example I want to hide my #s4-bodyContainer. Only thing to do is to edit the SharePoint Site and add a Content Query Web Part and paste this little code:
#s4-bodyContainer{
display:none
}Just do not forget to place your web part hidden; and you made directly changes on your website without affecting your MasterPage.
More information
-
