ASP.NET is a hugely popular server-side web application framework, based on Microsoft .NET, which you use to create fast, dynamic, and robust web applications. ASP.NET applications are typically hosted on the Windows Server operating system in IIS. One IIS website can contain one or more ASP.NET applications, each one hosted in a virtual directory, and the virtual directories are hierarchal, located within the IIS website. Each virtual directory is usually mapped to the physical path of the web server. The name of the virtual directory becomes a part of the URL of the site. Typically, all virtual directories share the same application pool. An application pool is the process that executes the code (the w3wp.exe process). The IIS website can also contain an application, which is a special form of virtual directory in which a separate or dedicated application pool is used, usually to ensure process isolation. Several IIS websites can share the same application pool and still have application isolation thanks to the .NET AppDomain provided by the .NET Framework.

The configuration for an ASP.NET application is stored in the configuration file called Web.config. This configuration file is very much like any other .NET application .config file, but it contains specific settings for ASP.NET. By default, each virtual directory or application in IIS can have its own Web.config file to override or set location specific settings. You learn more about the Web.config file and SharePoint in just a bit.

There are multiple ways to use ASP.NET to serve content and respond to requests. The most conventional way is by using .aspx pages, which is what SharePoint uses, but there are a plethora of alternatives, such as using ASP.NET MVC or the new ASP.NET Razor view engine. In the past, most SharePoint development focused on .aspx pages and the concept called Web Forms. Web Forms are composed of two components: the UI and the code-behind. Each component typically resides in two different files. The UI resides in the .aspx file, and the code-behind resides in .aspx.cs when working with C#, or .aspx.vb when working with Microsoft Visual Basic. The code-behind class contains the implementation of the object for the page, inheriting from the System.Web.UI.Page class.

The UI component of a Web Form consists of typical HTML controls (or tags) and Web Forms controls, also called server-side controls. Example 7-1 shows a typical ASP.NET .aspx page.

<%@ Page Language="C#" AutoEventWireup="true"
   CodeBehind="MyWebForm.aspx.cs" Inherits="Pages.ASPNET.MyWebForm" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
   <title></title>
</head>
<body>
   <form id="form1" runat="server">
   <div>
       <asp:Label ID="theLabel" runat="server" />
   </div>
   </form>
</body>
</html>

The .aspx page contains a combination of traditional HTML tags and Web Forms controls. The first line contains the page directive, which tells the compiler that this is an ASP.NET page and should be compiled. It also tells the parser the name of the code-behind file and what Page class this file should inherit from.

The elements within the page marked with the attribute runat=“server” are processed and parsed on the server before being sent to the client. In Example 7-1, the Web Forms control asp:Label represented a simple label control. To write dynamic content to this label, you can use the Page object of the page, implemented in the code-behind shown in Example 7-2. The code-behind file is a C# file with the extension .aspx.cs.

namespace Pages.ASPNET
{
   public partial class MyWebForm : System.Web.UI.Page
   {
       protected void Page_Load(object sender, EventArgs e)
       {
           theLabel.Text = "Hello ASP.NET!";
       }
   }
}

The code-behind contains a class for the specific page referenced in Example 7-2, inheriting from System.Web.UI.Page. In this case you use a method—the Page_Load method—to set the value of the label control. This method is added by Microsoft Visual Studio 2012 when you create the page, and is executed when the page is loaded.

If this Web Form was a part of a Visual Studio solution and you chose to publish it, Visual Studio would compile the .aspx.cs file into a .NET assembly. To run the Web Form, you would need to deploy the .aspx file to an IIS site and the assembly file into a folder called /bin on that IIS site. When a user requested this Web Forms .aspx page, the ASP.NET parser would read the .aspx file parse and convert the HTML and Web Forms controls into a control-tree, which represents the hierarchy of the controls. Next, it would create a source file with a new class that derived from the class specified in the page directive. Then it would compile this source file to an in-memory assembly that would be used to execute requests for this specific Web Form. The in-memory assembly lives as long as the IIS application pool is running or until the .aspx file is changed. If the file is changed, or rather the date and time stamp on the file is changed, the ASP.NET runtime will notice that, causing a recompile of the page.

To create a consistent look, feel, and behavior for all the pages in your web application, ASP.NET uses a concept called master pages. A master page defines the outline of a page and contains placeholder controls. These placeholder controls are then used by the pages that are using the master page (known as content pages) to build the complete page. For instance, the master page can define the navigation of the website, the footer, and other common features, whereas the content page defines the actual content and logic for the particular page.

A master page is very similar to a standard .aspx page. Instead of having the .aspx file name extension, however, a master page uses the .master extension. The page directives are replaced by a master directive, which contains one or more content placeholders. Suppose you converted the .aspx page in Example 7-2 to one master page and one content page. Example 7-3 shows the implementation of the master page and Example 7-4 shows the content page.

<%@ Master Language="C#" AutoEventWireup="true"
   CodeBehind="MyMaster.master.cs" Inherits="Pages.ASPNET.MyMaster" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
   <title></title>
</head>
<body>
   <form id="form1" runat="server">
   <div>
       <asp:ContentPlaceHolder ID="mainContentArea" runat="server">
       </asp:ContentPlaceHolder>
   </div>
   </form>
</body>
</html>

Example 7-3 and Example 7-4 have two main differences from the original .aspx page in Example 7-1. First, there is a master directive at the top instead of a page directive. A master directive works in the same way as the page directive for the .aspx page, and in this case, the master page also has a code-behind page with the extension .master.cs. The second difference is the area in which the label control previously was located. This is now replaced by a ContentPlaceHolder control with the name mainContentArea.

To use this master page file on your Web Form, you need to add a new attribute to the page directive, clear out the redundant controls, and add a Content control, in which you place the label control. Example 7-4 shows the result of the content page.

<%@ Page Language="C#"
   MasterPageFile="~/MyMaster.master" AutoEventWireup="true"
   CodeBehind="MyWebForm.aspx.cs" Inherits="Pages.ASPNET.MyWebForm" %>
<asp:Content ID="Content1" ContentPlaceHolderID="mainContentArea" runat="server">
   <asp:Label ID="theLabel" runat="server" />
</asp:Content>

In the page directive, you added the MasterPageFile attribute and pointed it to the master page in the ASP.NET application root; the rest of the attributes are left intact. All the HTML and ASP.NET controls are replaced by a single content control, in which you added the label control.

You just read a quick introduction to how ASP.NET pages work and how master pages are used to separate the UI from the page logic. SharePoint relies on this ASP.NET Web Forms concept, and it is very important that you understand Web Forms before you develop pages for SharePoint.

A page is called uncustomized, or ghosted, when the actual file (the template file) resides in the file system and is referenced from a site. For instance, when you create a new site collection, a set of files are added to it. One file that is always provisioned is the master page. Because this file is provisioned to every site collection you create, you could have thousands of these; it would be a bad idea to create a new copy of the file and its contents into every site collection. Thus, SharePoint creates a reference in the site collection and the virtual file system that points to the file on the disk. An uncustomized file does not have to be an .aspx file; it can be any kind of file type.

An uncustomized file gives you several benefits, both from a development perspective and from a farm maintenance perspective. As long as the page is uncustomized, any updates in the file on the file system are reflected in the site collections. Assume the opposite: if you had a copy in every site collection or site, any update to that file would have to be done in all the sites, requiring you to create either Feature upgrades or Windows PowerShell scripts, introducing upgrade complexity. Because the file resides only in the file system, the content databases contain fewer BLOBs, which saves you space in the content databases. Uncustomized .aspx pages also have the benefit of being compiled at the first request time, compared to customized pages, which aren’t. Historically, this has been a point of performance discussions, but with current hardware and compilers, this is less of an issue.

Worth noticing here is that uncustomized pages can be created only by using full trust solutions. If you are building a sandboxed solution or SharePoint app, all pages you provision will be customized. Only full trust solutions have access to the file system.

When a page is provisioned from a SharePoint app or a sandboxed solution, or when it is uploaded to SharePoint by the user or programmatically, that page and its contents are stored only in the content database. These pages are called customized (or unghosted). If you modify an uncustomized page, for example, you modify the uncustomized master page of a site collection, and the file becomes a customized page; its contents are from now on stored only in the content database. When building SharePoint apps or sandboxed solutions, all of the assets in your solution will be customized.

Even though it has been changed, a previously uncustomized page will always keep a reference to its template file. As a site owner, you always have the possibility of reverting the page to its original state and discarding all customizations.

Restoring a customized page that has a template file to its uncustomized state can be done programmatically, and you can check the customization status of a page at any time. You can do it by using SharePoint Designer 2013 or by using the server-side API. To revert the file to its uncustomized state by using SharePoint Designer, you select the file, right-click it, and then select Reset To Site Definition. Figure 7-2 shows a file that has been modified from its uncustomized state.

Figure 7-2. A page that is customized from its uncustomized state displays a blue information icon in SharePoint Designer 2012.

To check a file’s customization state and eventually restore it to its uncustomized state by using the server-side API, you use the following code—for example, in a Web Part or the code-behind of the page:

SPFile file = SPContext.Current.Web.GetFile("SitePages/Home.aspx");
if (file.CustomizedPageStatus == SPCustomizedPageStatus.Customized)
{
   file.RevertContentStream();
}

On the first line of the preceding code, you grab the file from the current SPWeb instance, using the site relative URL. On the second line of the code, the CustomizedPageStatus property is evaluated to determine whether the retrieved page has the status set to Customized. If it does, the RevertContent-Stream method is called on the file object to restore its state to uncustomized. All customizations in the file are lost, and the file contents of the template file are now to be used instead.

Note that the SPCustomizedPageStatus enumeration actually has three values: Uncustomized, Customized, and None. At this point, you might know what the first two enumeration values mean, but what does the third one None mean? A file or page with the CustomizedPageStatus set to None implies that the file has been created dynamically or uploaded to SharePoint and does not have any corresponding template file. This file or page cannot be reverted to its original state. A page added by using SharePoint apps or sandboxed solutions always has this status set to None. For instance, the pages that you dynamically created in Example 7-6 do not have a template file and thus cannot be restored.

Earlier in this chapter, you learned that uncustomized pages are compiled the first time they are used, whereas customized pages are not. Recall from the discussion of ASP.NET basics that one of the core features of ASP.NET is that pages are compiled at the first request to improve performance and resource utilization. Uncustomized pages are parsed and compiled in direct mode by the standard ASP.NET parser. The benefit of this is, of course, performance, and only one compiled copy is needed because uncustomized files share the same template file. However, what happens to customized pages then?

You can have hundreds of thousands, if not millions, of customized pages in SharePoint. Compiling every single one of them would cause a huge memory footprint. SharePoint has a concept called Safe Mode parsing, which is used for customized pages or pages without a template file, such as pages supplied by a SharePoint app. These pages are not compiled but instead parsed on every request. They are parsed in Safe Mode, as opposed to direct mode. Customized pages are not required to be compiled because there are a couple of restrictions set on them:

The Safe Mode parsing not only protects your servers from running out of memory but also serves as a security barrier. Only code admitted to the servers by the farm administrators are allowed to run in compiled or direct mode. A site owner cannot upload a file through the UI or modify a file with inline code by using SharePoint Designer and have that file execute on the server. SharePoint Designer is so smart that it does not allow you to save pages containing inline code. However, users can add controls that are registered as safe in these customized pages.

By default, most of the ASP.NET and the SharePoint controls and Web Parts are registered as safe. All controls that are registered as safe can be found in Web.config under the SafeControls element in the SharePoint section. If you’re building your own farm solution and add custom controls or Web Parts, these custom controls or Web Parts must be registered as safe. Visual Studio 2012 will do the work for you in most cases, such as add a Web Part. But if you’re creating a custom control, you need to make sure that it is registered as safe. There are two ways to do this. The preferred option is to either use an existing SharePoint Project Item or add a new empty SharePoint Project Item and then modify its properties. In the SharePoint Project Item Properties window is a collection called Safe Control Entries. To add a new safe control registration, click Add, and then modify the Namespace property of that new safe control, as shown in Figure 7-3. All added safe controls will then be added to the solution manifest file.

Figure 7-3. You can use Visual Studio 2012 to add custom safe control entries by modifying the Safe Control Entries property of the SharePoint Project Item.

You can also add your safe controls directly to the solution manifest file by using the Package Designer in Visual Studio 2012. Open the Manifest tab, and then expand the Edit Options at the bottom. Example 7-7 shows how you can edit the solution manifest file XML to create a custom safe control entry.

<Solution xmlns="http://schemas.microsoft.com/sharepoint/">
 <Assemblies>
   <Assembly
     Location="$SharePoint.Project.AssemblyFileName$"
     DeploymentTarget="GlobalAssemblyCache">
     <SafeControls>
       <SafeControl
         Assembly="$SharePoint.Project.AssemblyFullName$"
         Namespace="Pages.CustomControls"
         TypeName="*"/>
     </SafeControls>
   </Assembly>
 </Assemblies>
</Solution>

The package manifest modification in Example 7-7 adds a new SafeControl entry to the Web.config file for the current project assembly and for all controls existing under the namespace called Pages.CustomControls. Note how the Visual Studio 2012 replaceable tokens are used to avoid entering the full name of the assembly, and also note the option to modify the assembly name and versions without making changes to the package manifest modification.

All custom-added safe control entries are merged with the ones created by the SharePoint Project Item into the solution manifest file. After the solution package is deployed to a web application, the entries are merged with the Web.config. When the solution package is retracted, the retraction process makes sure that any safe control entries in the Web.config file are removed. You do not need to change this manually in the Web.config file.

SharePoint 2013 comes with a set of master pages; some are new to the 2013 version, and some are in the product for compatibility with previous versions. There was a huge difference in the master pages between SharePoint 2007 and SharePoint 2010, and the SharePoint 2010 master pages (v4.master) were built specifically to handle the visual upgrade scenario in which the sites were updated from SharePoint 2007 to SharePoint 2010, but the SharePoint 2007 UI was used. In SharePoint 2013, this visual upgrade option is no longer available. The upgrade mechanism is far better, and you can actually run the whole site collection in SharePoint 2010 mode instead of just emulating the 2010 UI. You can create trial site collections, which essentially are an exact copy of your site collections, and test how they look when upgraded to SharePoint 2013. This allows you to fix the UI and other issues before upgrading the original site to SharePoint 2013.

In SharePoint 2013, two new master pages are provisioned in addition to those provided by SharePoint 2010. These are the default master pages provisioned in sites in SharePoint 2013:

The main differences between the master pages seattle.master and oslo.master are that when you’re using oslo.master, the top navigation pane is replaced with the left navigation pane, and the side bar on the left disappears, giving you more real estate for content on the page. The built-in feature called Change The Look, or Design Gallery, takes advantage of these two master pages. The design you choose determines which master page is used.

As just described, the default master page in SharePoint 2013 is called seattle.master. The SharePoint 2013 master page is one of the core pieces in the UI and interaction of SharePoint, and you need to understand how it is constructed and works. A poorly crafted custom master page can potentially break the UI in a lot of ways. We recommend that you always start with the seattle or oslo master pages when you’re building a master page that will be used for intranet/collaboration scenarios. If you’re building a public-facing website, it’s a different story—you have much more flexibility.

The best way to understand the SharePoint 2013 master page is by examining it. Example 7-8, which shows parts of seattle.master, highlights some of the features of the master page that you should understand as a SharePoint developer or designer. If you worked with SharePoint 2010, you will find some aspects are familiar and others are new. First, SharePoint 2013 has been built with web standards in mind, and you will find that the generated HTML is much more compliant with modern web browsers. Support for Windows Internet Explorer 7 is not available in SharePoint 2013. But before going further into the details, review the outline shown in Example 7-8.

<%@ Master Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<SharePoint:SPHtmlTag dir=" ID="SPHtmlTag" runat="server">
 <head runat="server">
   <SharePoint:PageTitle runat="server">
     <asp:ContentPlaceHolder id="PlaceHolderPageTitle" runat="server">
       <SharePoint:ProjectProperty Property="Title" runat="server" />
     </asp:ContentPlaceHolder>
   </SharePoint:PageTitle>
   <SharePoint:AjaxDelta ID="DeltaPlaceHolderAdditionalPageHead"runat="server">
     <asp:ContentPlaceHolder ID="PlaceHolderAdditionalPageHead" runat="server" />
       <SharePoint:DelegateControl runat="server"
         ControlId="AdditionalPageHead" AllowMultipleControls="true" />
     <asp:ContentPlaceHolder ID="PlaceHolderBodyAreaClass" runat="server" />
   </SharePoint:AjaxDelta>
 </head>
 <body>
   <SharePoint:SharePointForm runat="server" >
     <asp:ScriptManager ID="ScriptManager" runat="server"  />
     <div id="suiteBar"> </div>
     <div id="s4-ribbonrow"> <div>
     <div id="s4-workspace">
       <div id="s4-bodyContainer">
         <div id="s4-titlerow"> <div>
         <div id="contentRow">
           <div id="sideNavBox"> </div>
           <div id="contentBox">
             <div id="notificationArea"></div>
             <SharePoint:AjaxDelta runat="server">
               <asp:ContentPlaceHolder ID="PlaceHolderMain" runat="server" />
             </SharePoint:AjaxDelta>
           </div>
         </div>
       </div>
     </div>
   </SharePoint:SharePointForm>
 </body>
</SharePoint:SPHtmlTag>

One of the things you might have noticed when looking at the code in Example 7-8 is that the standard HTML tags <HTML>, <TITLE>, and <FORM> that were used in previous master pages for SharePoint (v4.master) are now replaced with SharePoint-specific web controls: SPHtmlTag, PageTitle, and SharePointForm, respectively. The latter two are required because of MDS.

You might also have noticed that the master page contains a lot of content placeholders, which you learned about earlier. The content placeholders are paramount, and there are a total of 34 of them in the seattle.master, though only a few are shown in Example 7-8. When building your custom master page, you must not forget to include all of these content placeholders, because various features in SharePoint are dependent on them, and omitting one might break your whole site. If you do not want to show the content placeholder and its content, just add the Visible attribute to the control and set its value to false, or place the placeholder in a control or an element that has its Visible attribute set to false. The content placeholders make it easy for page developers to insert their own content and controls into the pages.

What if you want to insert something on all pages in the farm or in just one site? SharePoint has the answer for that: delegate controls, which are declared by using the DelegateControl control. Delegate controls allow you to add one or more web controls to a specific location in all pages on a farm, in a web application, in a site collection, and at the site level. Delegate control locations and characteristics are specified in the master page. A delegate control can allow only one control to be rendered or multiple controls to be rendered by using the AllowMultipleControls property. There are several predefined delegate controls in the SharePoint 2013 master pages, some of which existed in SharePoint 2010. SharePoint itself uses delegate controls heavily.

To add a custom control to a delegate control, you need to create a feature in a SharePoint solution, the scope of which determines where the delegate control should be applied. One of the most common delegate control locations to use is the AdditionalPageHead delegate control location. This location is in the head element definition of the master page, and it allows multiple controls. This delegate control could be used to insert a client-side script on all pages, perhaps based on some server-side condition. To understand this, you will build a quick delegate control that shows the name of the current server as a SharePoint notification message. First, you need to create a new Visual Studio SharePoint 2013 farm solution. Note that delegate controls can be used only by farm solutions. The control that you’re going to add is created as an ASP.NET WebControl and is implemented as shown in Example 7-9.

public class ServerNameControl: WebControl
{
 protected override void OnPreRender(EventArgs e)
 {
   string script = string.Format("SP.UI.Notify.addNotification('Current server: {0}'),",
     System.Environment.MachineName);
   ScriptManager.RegisterStartupScript(this.Page, typeof(ServerNameControl),
     "currentServer", script, true);
 }
}

All this custom web control does is create a JavaScript string that uses the SP.UI.Notify.addNotification method to show the name of the current machine. This script is then registered with the ScriptManager. To connect this control to the delegate control AdditionalPageHead in the master page, you need to add an Empty element SharePoint Project Item to the solution and add the following Collaborative Application Markup Language (CAML):

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
 <Control Id="AdditionalPageHead"
   ControlAssembly="$SharePoint.Project.AssemblyFullName$"
   ControlClass="Pages.DelegateControl.DemoControl"
   Sequence="100"/>
</Elements>

This elements manifest contains a Control element that uses the Id attribute to tell SharePoint which delegate control to connect to. In this case, you’re using a web control, and you need to specify the control assembly and class name. Finally, the Sequence attribute is used to tell SharePoint in which order to add the controls. For delegate controls, which allow only one single control, the control with the lowest sequence number is chosen. The Control element also supports using a control template (.ascx file) instead of a web control. To use a control template, you need to specify the ControlSrc attribute instead of the ControlAssembly and ControlClass. When the empty element SharePoint Project Item was added, Visual Studio automatically added a feature to the solution with the scope set to Web. You can change this scope to the scope of your choice.

You need to do one final task before you can deploy and test this delegate control: make the web control a safe control, as discussed earlier in this chapter, in the Understanding Safe Mode parsing section. Right-click the SharePoint Project Item you created, and then click Safe Control Entries. Add a new entry and modify the namespace so that it matches the namespace where you created the control.

Now it’s time to test the delegate control. Deploy the solution and browse to the site where you deployed it. When browsing between pages, you should see a notification message displaying the name of the current server, as shown in Figure 7-4.

Figure 7-4. A notification message from the delegate control that is added to all pages within a site

You’ve learned how to reference master pages in ASP.NET by using the MasterPageFile Page directive and the name of the master page file. If you review the source code of a SharePoint page, you might notice that it is not referencing a master page by its name directly. Instead SharePoint uses dynamic tokens to specify the master page file:

<%@Page MasterPageFile="~masterurl/default.master" %>

The ~masterurl/default.master is a dynamic token that during runtime is replaced with the default master page of the site. The default master page URL is stored in the MasterUrl property of the SPWeb object as a server relative full path to the master page. There is also another secondary master page dynamic token called ~masterurl/custom.master. This token is mapped to the CustomMasterUrl of the SPWeb object. The custom master URL is not used by content pages by default in SharePoint, except when using publishing sites, and you are free to use it if you need an alternative master page for your customizations and pages. Both the MasterUrl and CustomMasterUrl are by default using the seattle.master and have the value of /_catalogs/masterpage/seattle.master.

If you’ve worked with SharePoint 2013, you might have noticed that the page URLs on team sites is very different from page URLs in previous versions of SharePoint. When browsing to a site by using MDS, users are redirected to a page at /_layouts/15/start.aspx:

http://wingtiptoys/_layouts/15/start.aspx

This is a page requiring very few calculations and renders fast. It will, while displaying a friendly “Working on it” message, load the real home page of the site being visited. The Home page is loaded dynamically by using a JavaScript object called the DeltaManager, implemented in start.js. This JavaScript object makes an asynchronous call to the actual page requested by using an extra set of query string parameters. The HTTP request could look like this:

http://wingtiptoys/SitePages/Home.aspx?AjaxDelta=1&isStartPlt1=1365200007233

The AjaxDelta=1 parameter tells SharePoint that this is an MDS request, and only the delta parts of the page should be returned. The second parameter is the current time stamp and indicates that this is the initial MDS request sent. When the result of the MDS request is returned, the DeltaManager updates the delta parts of the page and, at the same time, changes the URL and appends the relative path to the current page:

http://wingtiptoys/_layouts/15/start.aspx#/SitePages/Home.aspx

The DeltaManager not only handles content updates in the delta parts, it also loads and executes any new JavaScripts sent back in the MDS response. The perceived performance by the user is improved because of faster page transitions and because the used bandwidth is reduced as a result of only the deltas sent over the wire. The MDS response could also result in a full reload of the page if any incompatibles with MDS are found in the page, and you learn more details about later in this section.

MDS is implemented as a web-scoped SharePoint Feature and can be enabled or disabled on sites. The Feature is called Minimal Download Strategy, and its folder name is MDSFeature. By default, it is enabled on team sites, wiki sites, blog sites, and elsewhere, as shown in Figure 7-5. It is not enabled and will not work on any publishing sites.

Figure 7-5. MDS is a web-scoped Feature that can be enabled or disabled on demand.

The enabled MDS feature turns on or off a property on the SPWeb object called EnableMinimalDownload. When that property is set to true, SharePoint tries to use MDS when browsing between pages.

You’ve examined the outline of the default SharePoint 2013 seattle.master master page, and you should have seen the presence of the AjaxDelta controls. These controls are one of the requirements for MDS. They mark the areas where content can be changed dynamically—that is, during a page transition, the contents of the AjaxDelta controls can be replaced, whereas the markup that is not in an AjaxDelta control is persistent between page navigations.

All pages that are requested by using MDS must be derived from the SharePoint DeltaPage class. This base class is a requirement for doing the necessary delta calculations, and most of the default SharePoint pages inherit from this class. Pages not inheriting from this class force a full reload of the page. Not only are the pages required to derive from this base class, but all controls present on the requested pages must be MDS-compliant. Being MDS-compliant means that the controls or Web Parts have been explicitly marked with the MdsCompliantAttribute and the IsCompliant property set to true. If the DeltaPage detects any control without this attribute or with the IsCompliant property set to false, it returns a message to the client DeltaManager that a full page reload is required. The MdsCompliantAttribute can be set on classes or on an assembly, making all controls within that assembly compliant or not compliant. The attribute is used as follows:

[MdsCompliant(true)]
public class MdsCompliantWebPart: WebPart {
 ...
}

The client DeltaManager object always sends information about the current master page and its version in the MDS request. The DeltaPage uses this information to determine if the master page has been changed, which requires a full reload of the page.

A special control called PageRenderMode can be inserted on any page to control the MDS status. It can be used to disable MDS for a specific page if required. This control is, for instance, inserted into master pages that are converted as a result of using the Design Manager. To prohibit a page from being rendered by using MDS, insert the following snippet into any page or master page:

<SharePoint:PageRenderMode runat="server" RenderModeType="Standard"/>

You are going to build a simple content page by using the default SharePoint 2013 master page, based on the knowledge you’ve gathered so far. This is how you would create a simple content page by using one of the content placeholders in the master page:

<%@Page MasterPageFile="~masterurl/default.master"%>
<asp:Content ContentPlaceHolderId="PlaceHolderMain" runat="server">
<h1>This is the simplest Content page ever</h1>
</asp:Content>

You specify the default master page dynamic token to give you the default master page on the site, which is seattle.master unless changed. Next, you specify one asp:Content control with the attribute ContentPlaceHolderId set to PlaceHolderMain. This control contains some simple HTML markup that will be replaced in the specified content placeholder in the master page. This page can now be added to a SharePoint site as previously done. You can create the page directly in SharePoint Designer 2013, or you can even create it in Notepad and upload it to a document library. You will also learn how to provision a page by using a SharePoint feature, which is the preferred way of adding content pages.

So far, you’ve learned how to use the server-side API to add a new file, and you’ve learned that pages can be added by using SharePoint Designer 2013 or by uploading them to a library. Most often you will want to package your solution into a SharePoint solution package (a WSP file), or if you’re building a SharePoint app, you will want to create an app package. Both of these ways of packaging solutions use basically the same approach when deploying pages. In this section, you build a WSP package by using Visual Studio 2013, add a custom content page to the solution, and then finally deploy the page to SharePoint. You start doing this by using a farm solution and then later explore what it looks like in a sandbox solution and an app scenario.

Create a new, empty SharePoint 2013 project and choose to deploy it as a farm solution. After the project is created, add a Module SharePoint Project Item and name it Pages. When the Module SharePoint Project Item is added to the project, it includes one elements manifest file (Elements.xml) and one sample file (Sample.txt). You cannot add a content page to a Module SharePoint Project Item with any out-of-the-box feature and template in Visual Studio, but you can either copy the file you created in the previous example into this SharePoint Project Item or just rename the sample file to a desired file name for the content page. For instance, rename it to SimpleContentPage.aspx. Visual Studio displays a warning when you edit the file name extension, but you can ignore this because you want to edit the file name extension. Then all you need to do is copy and paste the contents from the simple page in the previous sample into the file. Note that if you had the file open before changing the extension of the file, you need to close and reopen the file so that Visual Studio can load the correct editor.

Now consider the elements manifest file, which controls how the page should be deployed and provisioned in the site. The manifest file uses CAML to describe what you want to do. In this case, the Module element is used to specify which files to provision to a site, how to provision them, and where they should be provisioned. After adding the simple page or renaming the default sample file, the CAML should look like Example 7-10.

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
 <Module Name="Pages">
   <File Path="PagesSimpleContentPage.aspx"
      Url="Pages/SimpleContentPage.aspx" />
 </Module>
</Elements>

You can tell from the code that Visual Studio has automatically updated the File element with the name of the content page. Also notice that the relative path to the pages contains a reference to a folder with the name of the Module SharePoint Project Item. To change the target location of the deployed file, update the Url attribute of the File element. For instance, to deploy the file to the root of the site, change the File element:

<File Path="PagesSimpleContentPage.aspx" Url="SimpleContentPage.aspx" />

When you added the Module SharePoint Project Item to the Visual Studio project, Visual Studio automatically created a SharePoint Feature for you under the Features node in Solution Explorer. You can rename the Feature name and you can modify the Feature’s properties by double-clicking it. You should give the Feature a more appropriate name than the one generated by default. The default scope of the Feature is Web, which means that this Feature can be enabled on any website and the file will be provisioned on the sites where it’s enabled. For a Module element, you could also set the scope to Site, which allows you to deploy this module only to a site collection and the page to be provisioned on the root web of that site collection. Your Solution Explorer should look something like the one in Figure 7-6 after you rename the Feature.

Figure 7-6. Visual Studio Solution Explorer displays the Module SharePoint Project Item.

If you now deploy this solution to SharePoint either by using the F5 debugging method or the Deploy Solution method, you can browse to the site and the URL you specified as the target URL for the content page, and you should be able to get there. Because this is a farm solution, you can also browse to any other site and enable the Feature and see the page being provisioned. The SharePoint solution that you’ve just built does not contain any artifacts that require server-side code, and you can easily change this solution into a sandboxed solution by selecting the Project node in Solution Explorer and then switching to the Properties Window by pressing F4. In this window, change the Sandboxed Solution property to True to make the project a sandboxed solution, which you can deploy to a specific site collection on your on-premises farms or in a cloud service, such as Microsoft Office 365 and Microsoft SharePoint Online.

When you deployed the solution as a farm solution and activated the Feature on a site, the page was provisioned as an uncustomized page. When you deploy by using a sandboxed solution, the page is provisioned as a customized page. If you’re building a SharePoint app and deploying pages to the app web, the same syntax and methodology is used.

A specific type of content page, called a Web Part page, is perhaps the most common type of content page in SharePoint. The Web Part page allows the users to add content to the pages directly in the web UI. The content can be Web Parts or wiki content. To create a Web Part page, you need to perform some modifications to the page directive. You might have noticed in the previous sample (Example 7-10), that if you browse back and forth between the simple page and other pages in a team site, the simple page does not use MDS and requires a full page reload. This is because the page does not have a base class; specifically, it does not have a base class that derives from the DeltaPage class. To build a Web Part page that can use MDS, you need to choose the correct base class and specify it in the page directive. SharePoint 2013 has two base classes for Web Part pages:

Both of these page classes exist in the Microsoft.SharePoint.WebPartPages namespace. The WebPartPage class is the base class for all content pages. It’s a page type specifically created for hosting Web Parts, which you learn about in Chapter 8. The WikiEditPage inherits from the WebPartPage and has support for handling wiki content. The default team site Start page is based on the WikiEditPage. The WikiEditPage can be used only in libraries that have the content type Wiki Page enabled because it is storing the wiki content in a field called Wiki Content. The WebPartPage is used by the forms for lists and libraries. Both of these two page types inherit from the DeltaPage, which was discussed in the section “Minimal Download Strategy requirements and compliance” earlier in this chapter. There are many more page classes defined in the various SharePoint assemblies that are specifically built to handle different scenarios. Publishing pages are one of those page classes and are discussed later in the chapter, in the Understanding publishing pages section. Depending on your needs, you can also create your own custom page class and make that inherit from any one of these base classes.

If you want to use the WikiEditPage as the base class and the standard SharePoint 2013 master page, the page implementation would look like this:

<% @Page Language="C#" MasterPageFile="~masterurl/default.master" Inherits="Microsoft.SharePoint.WebPartPages.WikiEditPage, Microsoft.SharePoint,
Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<asp:Content ContentPlaceHolderId="PlaceHolderMain" runat="server">
 <h1>This is the simplest MDS Content page ever</h1>
</asp:Content>

You need to deploy this wiki-based Web Part page into a document library with the Wiki Page content type. The default team site template has a library called Site Contents that has this Wiki Page content type enabled by default. To properly deploy the file, you could use an elements manifest like this:

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
 <Module Name="Pages" Url="SitePages">
   <File Path="PagesSimpleContentPage.aspx"
     Url="SimpleContentPage.aspx" Type="GhostableInLibrary" />
 </Module>
</Elements>

In the preceding elements manifest are two changes to the previous sample, which are apparent in Example 7-10. The first change is the addition of a Url attribute to the Module element. This allows you to specify a base URL for all files within that Module, and all Url attributes on the File elements are relative to that base URL. The second change is a new attribute on the File element called Type, with the value GhostableInLibrary. This attribute tells SharePoint that you would like to make the file that is added to the library an uncustomized file.

If you now deploy this solution to a site, you will note that it looks exactly the same as the simple page that was built in the “Deploying a content page” section, but browsing to and from the page reveals that the page uses MDS. This page can’t still be edited in the UI, because there’s just static content within it.

To make the page a real Web Part page that can be edited in the UI, you must add one or more Web Part zones and/or a wiki field. A Web Part zone is a container control that allows users to dynamically add controls into it. These controls must be Web Parts, which are discussed more in Chapter 8 along with the zones. Web Parts are also configurable by the user in the web interface. Each Web Part has a set of properties and optionally a set of custom properties that can be changed. The Web Part zone is responsible for persisting the Web Parts added to a zone and its properties. The wiki zone is a special form of control that allows HTML markup to be mixed with Web Parts. The wiki zone can be used only on pages inheriting from the WikiEditPage because it requires some extra plumbing.

To create a new Web Part page and define two zones, add a new file to the Module element in the previous sample, and make sure that Type is set to GhostableInLibrary and that the new file is deployed to the Site Pages library or to a document library. Example 7-11 shows a page inheriting from the WebPartPage class, which contains HTML markup and two Web Part zones, one on the left side and one on the right side.

<% @Page Language="C#" MasterPageFile="~masterurl/default.master"
 Inherits="Microsoft.SharePoint.WebPartPages.WebPartPage, Microsoft.SharePoint,
   Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="WebPartPages"
 Namespace="Microsoft.SharePoint.WebPartPages"
 Assembly="Microsoft.SharePoint,
 Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<asp:Content ContentPlaceHolderId="PlaceHolderMain" runat="server">
<h1>This is a Web Part page with zones</h1>
<div>
 <div style="float:left;width:50%">
   <WebPartPages:WebPartZone ID="left" Title="Left" runat="server">
   </WebPartPages:WebPartZone>
 </div>
 <div style="float:right;width:50%">
   <WebPartPages:WebPartZone ID="right" Title="Right" runat="server">
   </WebPartPages:WebPartZone>
 </div>
</div>
</asp:Content>

When the updated solution with the new Web Part page is deployed, you can browse to the page and click the Edit button on the ribbon. In edit mode are the two Web Part zones, which can be used to add Web Parts, as shown in Figure 7-7.

Figure 7-7. Web Part pages can be edited directly in the browser and are an easy way for users to customize their sites.

You should now be familiar with the concept of content pages and how you create, package, and deploy them. Most of the methods discussed work in all deployment models: farm solutions, sandboxed solutions, and even SharePoint apps. If you need to further customize the content pages, you can create your own base classes as long as they derive from the WebPartPage class or at least the System.Web.UI.Page class. This option is available only in farm solutions but provides many possibilities for customizing your pages.

For more advanced scenarios, when you require even more control of the content and layout in the pages, you can use the SharePoint Server 2013 set of Features. Use the Publishing Features in SharePoint Server to create content pages, called publishing pages, by using templates, called page layouts. These are more advanced content pages than those discussed earlier in this chapter, but all the content pages share the same base classes—the WebPartPage class and the DeltaPage class. Although the publishing pages inherit from the DeltaPages, they do not take advantage of MDS, because none of the publishing controls are marked as MDS-compliant. In Chapter 15, the Publishing Features of SharePoint are discussed in more detail.

To create a custom master page, you have several options ranging from using a copy of the default master pages to starting with a blank solution and building your own master page. Which approach you take often varies depending on your requirements. For instance, if you’re building a collaborative intranet solution, it is often a good idea to start from one of the default master pages and customize that to your needs, whereas if you’re building a public-facing Internet site, you often start from an HTML mockup and convert that into a master page. SharePoint Server 2013 introduces a new feature called Design Manager that can help you do this automatically. It’s a very interesting feature that allows you to convert an ordinary HTML page into a SharePoint master page.

In the following sample, you deploy a copy of the default seattle.master page. You also create a scoped site collection Feature that modifies the default master page to the custom master page when activated, and then when deactivated, restores the original master page settings.

Start by creating a new farm solution project, and add a Module element named SiteBranding. Visual Studio 2012 automatically creates a Feature for you when the SharePoint Project Item is added, so make sure to change the scope of that Feature from Web to Site. To add the default seattle.master to the module, you copy and paste the original file from the SharePoint root into the SiteBranding SharePoint Project Item, and then rename it to something appropriate. You then need to make sure that this module deploys the files to the Master Page Gallery by setting the Url attribute of the Module element to _catalogs/masterpage. You also need to set some properties of the master page file. To tell SharePoint that it is a master page, you set the content type of the item to the master page content type id, and to make the master page available to the SharePoint 2013 UI, you set the UIVersion to 15. Finally, you set the title of the page by using the Title property. Example 7-12 shows the required modifications to the elements manifest.

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
 <Module Name="SiteBranding" Url="_catalogs/masterpage">
   <File Path="SiteBrandingCustomBranding.master"
     Url="SiteBranding/CustomBranding.master"
     Type="GhostableInLibrary">
     <Property Name="ContentTypeId" Value="0x010105" />
     <Property Name="UIVersion" Value="15" />
     <Property Name="Title" Value="Custom Branding master page" />
   </File>
 </Module>
</Elements>

The project now deploys only the master page to the Master Page Gallery with the correct set of properties, but to make this master page the default master page, you need to write some code. This activation code will be implemented as a Feature receiver on the site collection–scoped Feature. Example 7-13 shows the feature activation, which sets the master page on all the sites within the site collection.

public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
   SPSite site = properties.Feature.Parent as SPSite;
   if (site != null)
   {
       SPWeb rootWeb = site.RootWeb;
       string masterurl = rootWeb.ServerRelativeUrl;
       if (!masterurl.EndsWith("/"))
       {
           masterurl += "/";
       }
       masterurl += "_catalogs/masterpage/SiteBranding/CustomBranding.master";
       // iterate through all the webs in the site collection
       foreach (SPWeb web in site.AllWebs)
       {
           web.Properties["OldMasterUrl"] = web.MasterUrl;
           web.MasterUrl = masterurl;
           web.Update();
           web.Dispose();
       }
   }
}

The FeatureActivated method is called when the Feature is activated on a site collection, and it builds a URL to the custom master page, which is deployed into the Master Page Gallery of the root web of the site collection. The method then goes through all the sites in the site collection and sets the MasterUrl property of the SPWeb object to the URL of the custom master page. At the same time, the code is also storing the old value of the MasterUrl property into the property bag of the SPWeb object so that the old value can be used when you deactivate the Feature and restore the settings of the site. Also note that you’re using the AllWebs property of the SPSite object, which requires properly disposing of all the SPWeb objects to avoid memory leaks.

When the Feature is deactivated, you need to restore the master page settings on all the sites. Example 7-14 shows the FeatureDeactivating method of the Feature receiver.

public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
{
   SPSite site = properties.Feature.Parent as SPSite;
   if (site != null)
   {
       // iterate through all the webs in the site collection
       foreach (SPWeb web in site.AllWebs)
       {
           if(!String.IsNullOrEmpty(web.Properties["OldMasterUrl"])) {
               web.MasterUrl = web.Properties["OldMasterUrl"];
               web.Update();
           }
           web.Dispose();
       }
   }
}

The FeatureDeactivating method looks very similar to the FeatureActivating method. It will go through all the subwebs and reset the master page to the original value.

Application pages are just like content pages based on the DeltaPage base class, which means that they can use MDS. Application pages have two specific derived base classes:

These two base types are defined in the Microsoft.SharePoint.WebControls namespace. The LayoutsPageBase inherits from the UnsecuredLayoutsPageBase, and the main difference between the two is that the LayoutsPageBase has built-in logic for checking permissions. The UnsecuredLayoutsPageBase has a set of overridable methods and properties that, for example, allows you to configure whether the application page permits anonymous users. All custom applications should derive from one of these two base types, and typically LayoutsPageBase is used.

Application pages can be deployed through custom solutions and are often used to provision administrative pages. Because deploying application pages involves adding files to the file system, they are available only in farm solutions. All application pages are also deployed to all sites and site collections, so there is no granularity.

Visual Studio 2013 and the SharePoint tools contain an item template for application pages that can be used to create new application pages. To add a new application page, select the Project node in Solution Explorer, right-click Add, and then click New Item. In the Add New Item dialog box, select the Application Page (Farm Solution Only) template, name it, and then click Add. Visual Studio adds the required references to your project, adds a new SharePoint Mapped folder to the Layouts folder if it is not already present, and then creates a subfolder within that mapped folder to which it adds your custom application page, as shown in Figure 7-8.

Figure 7-8. Custom application pages are added to the Layouts folder in the Visual Studio project.

The custom application page has one .aspx file and a code-behind file. The code-behind file specifies that the custom application page inherits from LayoutsPageBase. Notice that the Page directive in the .aspx file does not have a typical MasterPageFile attribute. Instead, it has another attribute called DynamicMasterPageFile. This attribute allows you to use the dynamic tokens to specify master pages, ~masterurl/default.master or ~masterurl/custom.master, which you learned about earlier in this chapter. Another and perhaps more important aspect of Application pages is that SharePoint has a built-in safeguard for specific application pages that makes sure the pages are rendered even when the master page fails to render. It does this by falling back on the default master page (seattle.master). To protect an application page, you set the RequiresHighAvailablilty property, inherited from UnsecuredLayoutsPageBase, to true in the constructor of the custom application page.

Now you will modify this custom application page so that it renders some information about the current site collection. In the .aspx, Web Forms page controls and markup are added to the content placeholders. The item template defines four of the content placeholders by default, but you can add or remove them as necessary. This is how the markup looks for a sample custom application page that shows some more details of the site collection:

<asp:Content ID="Main" ContentPlaceHolderID="PlaceHolderMain" runat="server">
<fieldset>
 <legend>Site Information</legend>
 Content database name: <asp:Label ID="contentDatabase" runat="server" />
 <br />
 Is Evaluation site: <asp:Label ID="isEvalSite" runat="server" />
</fieldset>
</asp:Content>

<asp:Content ID="PageTitle" ContentPlaceHolderID="PlaceHolderPageTitle" runat="server">
Site Information
</asp:Content>

<asp:Content ID="PageTitleInTitleArea" ContentPlaceHolderID="PlaceHolderPageTitleInTitleArea"
 runat="server" >
Site Information
</asp:Content>

The content placeholder PlaceHolderMain is used for the body of the page. It contains two Label controls that are set in the code-behind. You use PageTitle and PageTitleInTitleArea to display the name of the page. The code-behind for the page looks like this:

public partial class CustomApplicationPage : LayoutsPageBase
{
 protected void Page_Load(object sender, EventArgs e)
 {
   contentDatabase.Text = SPContext.Current.Site.ContentDatabase.Name;
   isEvalSite.Text = SPContext.Current.Site.IsEvalSite.ToString();

 }
}

In the Page_Load method, the two Label controls are set with values from two site collection properties: one displays the name of the content database in which the site collection is stored, and the other one shows whether the site is an upgrade evaluation site. After the project is deployed, you need to browse to the page. The only way to get to the page is to manually enter its URL into the browser, but you’ll fix this. The URL to the page is the name of the site or web, to which you append _layouts/15, and then append the name of the folder created by Visual Studio and the name of the application page. The page should look like Figure 7-9.

Figure 7-9. Custom application pages are deployed to the virtual _layouts directory and can be accessed from any site within the farm.

A user who knows the actual URL of the application page and is a visitor to the site has access to application pages, unless the site has been configured otherwise. More specifically, the permission level called View Application Pages is required to give users access to application pages, and the Visitors group has that permission level by default. You cannot set permissions on application pages as you can do on content pages in document libraries. Fortunately, the built-in logic in LayoutsPageBase allows you to specify required permissions for the application page.

The LayoutsPageBase has a Boolean property called RequireSiteAdministrator. By default, this property is set to false, and if it is set to true, only site collection administrators are allowed to view the page. If you want more fine-grained permissions, you use a property called RightsRequired that specifies a SPBasePermissions object with the required permissions. If you want only users who have the permission level View Web Analytics Data to be able to access the application page, you need to override the RightsRequired property:

protected override SPBasePermissions RightsRequired
{
 get
 {
   return SPBasePermissions.ViewUsageData;
 }
}

After redeploying the solution, users without the View Web Analytics Data permission level will get the Access Denied page for the site. To view this page, users need both the View Web Analytics Data permissions and the View Application Pages permissions. The property RequireDefaultLayoutsRights has the default value set to true. This means that the permissions check that is done will use the permissions specified in RightsRequired and View Application Pages. To use only the RightsRequired permissions, you need to override the RequireDefaultLayoutsRights and make sure it returns false.

You should be aware of one more aspect regarding permissions for application pages. By default, the permission check is done in the ASP.NET event OnLoadComplete. You can change this to either handle the check in the OnPreInit event or not do the check at all. This is configured by using the RightsCheckMode property, which is an enumeration of type RightCheckModes.

Application pages are not part of the navigation unless you make them available. There are several ways to accomplish this, and your approach depends on what you need. For instance, one application page might be accessible through a link in a custom Web Part, or another might be accessible through the ribbon (you examine this later in the chapter, in the “Customizing the ribbon” section). Most often, application pages are configured so that they are a part of the site settings navigation.

To make the custom application page a part of the site navigation, you use a custom action, which is an extension to the UI. Custom actions are defined declaratively by using CAML in an elements manifest file. Custom actions are very versatile and configurable and can be used to add links, scripts, menu items, and so on. In this scenario, where you want to add a link into site settings under the Site Collection Administration group, you start by adding a new empty Element SharePoint Project Item to the solution. In the elements manifest file, Elements.xml, the following CAML is added to create the link:

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
 <CustomAction Title="Site Information" Id="CustomSiteInformation"
   Location="Microsoft.SharePoint.SiteSettings" GroupId="SiteCollectionAdmin"
   Rights="ViewUsageData">
   <UrlAction Url="~site/_layouts/15/Pages.ApplicationPages/CustomApplicationPage.aspx"/>
 </CustomAction>
</Elements>

The CustomAction element defines the custom action and is given a Title, which is what will be displayed as the link. The location of the link is determined by the Location and GroupId attribute. In this case, you specify the location of the Site Settings page, and the group is Site Collection Administration. (For a full reference of the possible Location and GroupId values, refer to the Microsoft MSDN website at http://msdn.microsoft.com/en-us/library/bb802730.aspx.) Even though specifying the required permissions is not required, you do the check in the application page. Hiding the link from users who cannot access the page is a good convention. You do this by using the Rights attribute, in which you specify the same permissions you implemented in the preceding code-behind. Finally, you need to specify the URL for the application page by using the UrlAction element. Note that the URL is specified with ~sitecollection, which indicates that you should use the current site collection as the base for the URL. If you wanted to refer to site-scoped properties, you would use the ~site token instead.