CKS - Dev for VS 2012 Auto GAC Not Work

CKS - Dev for VS 2012 Auto GAC Not Work

Solution:

Use "CKS - Development Tools Edition (Server)" instead.

BIMonitoringAuthoringServiceProxy, BIMonitoringServiceApplicationProxy and SPDataStore

BIMonitoringAuthoringServiceProxy, BIMonitoringServiceApplicationProxy and SPDataStore

To do custom development against SharePoint 2010 PerformancePoint services, there are three sets of API you can use.

1. BIMonitoringAuthoringServiceProxy
2. BIMonitoringServiceApplicationProxy
3. SPDataStore

1. BIMonitoringAuthoringServiceProxy

This one is the least documented but the most useful one. According to http://msdn.microsoft.com/en-us/library/ee556849(v=office.14).aspx , BIMonitoringAuthoringServiceProxy is an internal class that shouldn't be used.

Actually BIMonitoringAuthoringServiceProxy is a public class and according to book such as Microsoft SharePoint 2010 PerformancePoint Services Unleashed, this is the API should be used when program against PerformancePoint servcies.

The is the API that can create and reretrieve all of the PerformancePoint objects through web servcies calls. SPDataStore API can do the extactly same things too but its calls are not remote calls and must be made on the same the server that PerformancePoint service is deployed.

This is an important difference, since PerformancePoint service is not necessarily deployed to the web front end server where the application will run. PerformancePoint service could run on an application server which is different from the WFE. In this case, your custom BI applications which could be an application page, web parts, or feature activation which usually run from WFE will not be able to use SPDataSource API. For this reason, only BIMonitoringAuthoringServiceProxy should be used to make reliable calls to PerformancePoint servcie.

The syntax to use BIMonitoringAuthoringServiceProxy is

string webServiceUrl = "/_vti_bin/pps/PPSAuthoringService.asmx";

IBIMonitoringAuthoring biService = BIMonitoringAuthoringServiceProxy.CreateInstance(siteUrl + webServiceUrl);

biService.CreateDataSource(SiteServerRelativeUrl + connectionListUrl, dataSource);

CreateInstance returns object of type IBIMonitoringAuthoring. However if you search for IBIMonitoringAuthoring, you won't find any documentation about it. Since it implements IBIMonitoringStore, you can find the API documentation at
http://msdn.microsoft.com/en-us/library/microsoft.performancepoint.scorecards.ibimonitoringstore_members.aspx

2. BIMonitoringServiceApplicationProxy

BIMonitoringServiceApplicationProxy is similiar to BIMonitoringAuthoringServiceProxy as a web service API but unlike BIMonitoringAuthoringServiceProxy, BIMonitoringServiceApplicationProxy is well documented by MSDN. It seems this API is the recommended API to use by MS but it lacks many of the functionalities of BIMonitoringAuthoringServiceProxy.

Also BIMonitoringServiceApplicationProxy requires running in the context of SharePoint such as running from a SharePoint page, if you use BIMonitoringServiceApplicationProxy from a console app without SharePoint context, you will get error "The SharePoint Service context is not known".

3. SPDataStore

As described above, this API is a server side object model and can only be used when PerformancePoint service is deployed to the server which may not always be the case. For reliability, the web servcie API should be used instead.

As an example to show that in some cases all three API can achieve the exact same thing, please see the next three methods

BIMonitoringServiceApplicationProxy.CreateDataSource Method
http://msdn.microsoft.com/en-us/library/microsoft.performancepoint.scorecards.bimonitoringserviceapplicationproxy.createdatasource(v=office.14).aspx

SPDataStore.CreateDataSource Method
http://msdn.microsoft.com/en-us/library/microsoft.performancepoint.scorecards.store.spdatastore.createdatasource(v=office.14).aspx

IBIMonitoringStore.CreateDataSource method
http://msdn.microsoft.com/en-us/library/microsoft.performancepoint.scorecards.ibimonitoringstore.createdatasource.aspx

They all have the exact same API

public DataSource CreateDataSource(string listUrl, DataSource dataSource)

A few useful links for PerformancePoint development

http://blogs.msdn.com/b/performancepoint/
http://msdn.microsoft.com/en-us/library/bb848116(v=office.14).aspx
http://msdn.microsoft.com/en-us/library/ee559635.aspx
http://msdn.microsoft.com/en-US/office/bb660518

Unattended service account and SSS in PerformancePoint and Excel Services

Unattended Service Account and SSS in PerformancePoint and Excel Services

References

Plan Excel Services authentication (SharePoint Server 2010)
http://technet.microsoft.com/en-us/library/ee662541(v=office.14).aspx
 
Create a connection from Dashboard Designer to an Analysis Services data cube by using PerformancePoint Services
http://technet.microsoft.com/en-us/library/ff191198.aspx

When creating data connections in either PerformancePoint Dashboard Designer or Excel, there are three options.

For Excel, the three options are

1. Windows Authentication
2. SSS
3. None

For Dashboard Designer, the three options are

1. Unattended Service Account
2. Use a store account (SharePoint 2013. SP2010 is different).
3. Per-user identity

The equivalence among these options are

1. Windows Authentication = 3. Per-user identity
2. SSS = 2. Use a store account
3. None = 1. Unattended Service Account

Use Windows Authentication to external data will require Kerberos authentication which can do the double-hop authentication among servers.

Since configuring either SSS or Unattended Service Account will use "Secure Store Service", there is big confusion about what user account will be mapped to the external account. Even many of the published the book cannot get this right.

When using "Unattended Service Account" in either PerformancePoint or Excel Service, this means that application pool's service account should be mapped to the external account. By mapping application pool's service account to external account, all users in the farm who have access to the application pages will have access to the data.

From MSDN

Unattended Service Account: The unattended service account is an account that is used by Excel Services to provide broad database access to all users in the farm. Use the unattended service account for accessing data that is not considered sensitive or where you do not want to restrict access to a certain group of users. For information about how to configure this scenario, see Configure Excel Services data refresh by using the unattended service account (SharePoint Server 2010).
(http://technet.microsoft.com/en-us/library/ff191191(v=office.14).aspx)

Unattended Service Account: The unattended service account is an account that is used by PerformancePoint Services to provide broad database access to all users in the farm. Use the unattended service account for accessing data that is not considered sensitive or where you do not want to restrict access to a certain group of users. For information about how to configure this scenario, see Configure the unattended service account for PerformancePoint Services (SharePoint Server 2013).
(http://technet.microsoft.com/en-us/library/jj819321.aspx)
 
When using "SSS" in either PerformancePoint or Excel Service, the current user's account/group needs to be mapped to the external account. This is different from the "Unattended Service Account" which use the application pool's account. Only the users who are mapped in the "Members" in the SSS configuration will have access to the data. This adds another layer of security.

The mistake I had seen (in the books) is that when configuration "Unattended Service Account", the SharePoint user's account is used in the "Members" of SSS instead of the application pool's account.

Another note about next

When SSS connecting the external data, it could pass the credential in two ways: one is the credential in the connection string. One is the "impersonation".

The data provider will determine which credentials will use.

None

When you select the None option, no credential retrieval occurs and no special action is taken for authentication for the connection. Excel Services does not try to delegate credentials, and it does not try to retrieve credentials that are stored for the user from the Secure Store database. Instead, Excel Services impersonates the unattended service account and passes the connection string to the data provider that handles authentication.
The connection string may specify a user name and password to connect to the data source or it may specify that the Windows identity of the user or computer that is issuing the request be used to connect to the data source. In either case, the unattended account is impersonated first and then the data source connection is made. The connection string and the provider determine the authorization method. Additionally, authorization can be based on either the credentials found in the connection string or the impersonated unattended account's Windows identity. For more information, see Unattended service account.

Unattended service account

Excel Services runs under a highly privileged account. Because Excel Services has no control over the data provider and does not directly parse provider-specific connection strings, using this account for the purposes of data access would be a security risk. To lessen this risk, Excel Services uses an unattended service account. This is a low-privileged account that is impersonated by Excel Services if either of the following conditions are true:

• Any time that it is trying a connection where the None authentication option is selected.
• Whenever the SSS (Secure Store Service) option is selected and the stored credentials are not Windows credentials. (This means that the call to the external data will have impersonated credential AND user name, password in the connection string).

 

Reset the Farm Passphrase in SharePoint 2010

Reset the Farm Passphrase in SharePoint 2010

Reference:

http://techtrainingnotes.blogspot.com/2009/12/sharepoint-2010-change-passphrase.html
http://sharepointadam.com/2010/01/21/reset-the-farm-passphrase-in-sharepoint-2010/
http://blah.winsmarts.com/2013-2-SharePoint_2010_and_PowerShell_30.aspx

Use PowerShell

PS C:\Users\Administrator> $passphrase = ConvertTo-SecureString -asPlainText -Force
cmdlet ConvertTo-SecureString at command pipeline position 1
Supply values for the following parameters:
String: hello,world555
PS C:\Users\Administrator> Set-SPPassPhrase -PassPhrase $passphrase -Confirm
cmdlet Set-SPPassPhrase at command pipeline position 1
Supply values for the following parameters:
ConfirmPassPhrase: ********
Confirm
Are you sure you want to perform this action?
Performing operation "Set-SPPassPhrase" on Target "SPPassPhrase".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y
PS C:\Users\Administrator>

PowerShell Error

If you see this error

Set-SPPassPhrase : Microsoft SharePoint is not supported with version 4.0.30319.18034 of the Microsoft .Net Runtime.
At line:1 char:1
+ Set-SPPassPhrase -PassPhrase $passphrase -Confirm
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (Microsoft.Share...etSetPassPhrase:SPCmdletSetPassPhrase) [Set-SPPassPhrase], PlatformNotSupportedException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletSetPassPhrase

Reference
http://blah.winsmarts.com/2013-2-SharePoint_2010_and_PowerShell_30.aspx

and change the SharePoint PowerShello target to (Add -Version 2.0)

C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -Version 2.0 -NoExit " & ' C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\CONFIG\POWERSHELL\Registration\\sharepoint.ps1 ' "