Yeah, I knew this would be the case:  I was just waiting for the other shoe to drop, and via the SharePoint PG’s Tweets, it was confirmed earlier today.  So here’s the juicy bit from the PG Blog:

Please note the important change from the 3:06PM update to this blog post.  We originally stated that SharePoint Server 2007 and Windows SharePoint Services 3.0 did not require the workaround to be applied, however, we have recently discovered through testing that a variant of the issue does affect SharePoint Server 2007 and Windows SharePoint Services 3.0 and also requires extra steps in the workaround for SharePoint Server 2010 (Steps 5-9).  Customers with these versions should refer to the relevant workaround below.  We will continue to keep this post updated with the latest guidance.

The workaround involves changing your error page .aspx and your web.configs and for 2007 an httpHandler.  Pretty serious stuff – ultimately, it’s about configuring your sites and farms correctly.

For more information:

Microsoft Security Advisory (2416728) - Vulnerability in ASP.NET Could Allow Information Disclosure

Security Advisory 2416728 Released – Microsoft Security Response Center Blog

Understanding the ASP.NET Vulnerability – Microsoft Security Research & Defense Blog

Important: ASP.NET Security Vulnerability – Scott Guthrie’s Blog

Frequently Asked Questions about the ASP.NET Security Vulnerability – Scott Guthrie’s Blog

Absolutely fantastic resource that I just stumbled upon a little while ago that cobbles together all the SharePoint 2007 and SharePoint 2010 version numbers according to applied Service Packs and Cumulative Updates.  It’s part of a SharePoint site that was set up to support the book, SharePoint Designer – Step-by-Step:

How to find the level of SharePoint you are running?

And here’s the ironic part:  The book is published by Microsoft Press.  I seriously wonder if they ever get the left and right hands talking to each other, as this would be a rather smart page to have front-and-center on the Update Resource Center for SharePoint Products and Technologies.  This is asked so often in most SharePoint shops that I’m amazed this hasn’t been assembled by MSFT earlier.  It’s *vital* when you’re trying to align your DEV, STAGING and PROD boxes to a common patch level.

I had to post this as I know that it’s been a burning issue for developers and admins who have tried, as per the directions of many web casts and promises from MCS types like myself, to change a “classic” authentication web app into a “claims based authentication” web app after creation.  Typically, after you’ve created the web app in classic mode, the radio button to change it to Claims is greyed out:

So the UI is a bust, however I’ve suspected that there is an easy way to get around this through PowerShell – via Chun Liu’s post, Forms-based Authentication on a Claims-based Web App, we have an answer.  Well, at least the start of an answer.  I had to do some minor tweaks to his script – here’s what you’d need to enter on the command line:

> [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
> $webapp = [Microsoft.SharePoint.Administration.SPWebApplication]::Lookup("http://mywebapp")
> $webapp.UseClaimsAuthentication = ‘True’;
> $webapp.Update()
> $webapp.ProvisionGlobally()

Do this on one of your classic auth web apps, and when you load up the Authentication Providers in Central Administration, it will now be Claims enabled.  Ta-da!

Please enjoy responsibly.

Update:  Of course, if you use the SharePoint 2010 Management Shell you can use the abbreviation $webapp = Get-SPWebApplication(http://mywebapp) instead of the long-hand I've used above.

One of the top questions SharePoint developers and consultants are asked by their customers is for a list of real-world deployments - either as examples of what can be done with the platform or because they feel more secure in their decision to deploy SharePoint when a lot of other people have done so before them.

Whatever the reason, you want to have some samples to draw on or point folks toward.  The standard canon has been compiled by Ian Morrish over at WSSDemo.com since WSS v2.0 was new.  Ian's since upgraded his site with each release of the platform and has one of the definitive lists of sites around - over 1,500.  However, I just came across another site earlier tonight called Top SharePoint that also has an impressive array (over 1,000) of SharePoint deployments that are apparently rated and ranked by site visitors.  Entries are searchable and feature screen captures and brief descriptions - and as a bonus for we Canucks, they include some prime examples.

What's not clear from TopSharePoint is the version of SharePoint each site is deployed on - keen eyes will be able to discern clues from URLs and navigating the sites, however, it is possible to have 2007 sites upgraded to 2010 with the original look and feel retained.  Nevertheless, these two sites should be kept in your kit for quick reference - sooner or later you'll be asked for them!

Via Todd Baginski’s recent post (Which SharePoint 2010 site is right for me?) this fantastic list of “hidden” site templates which were to be officially retired from the final release of SharePoint 2010.  Todd notes that these have been marked as obsolete but some can be created programmatically.

And here I thought all the “fun” of hacking SharePoint was going to be lost with this release.

Fantastic find, especially for those situations where customers lament the passing of their favourite site template.  This also goes a long way to explaining why the Fab-40 won’t easily migrate away from SharePoint 2007 to 2010.