SharePoint 2013 Search Preview for Documents hosted in SharePoint 2010

22 Nov 2013
November 22, 2013

Recently I talked to some clients because of a “Search-First” SharePoint 2013 migration (more about this topic will follow). During a training this week I got aware of a serious issue with the “Search-first” approach, especially with the really nice Office Web Apps 2013 Search Previews you get for free (read only!).

Problem

Some clients want to start their migration with setting up a new SharePoint 2013 farm. This new farm then crawls the old SharePoint 2010 farm. After successfully crawling it, the SharePoint 2013 farm then publishes its Search Service to the SharePoint 2010 farm. So far so good. But what happens with all the new shiny features in the Search UI? Nothing. Until now everything works as it should – you now get better search results in your existing SharePoint 2010 environment.

Now let’s take it a step further. Replace the SharePoint 2010 Search Center with a Search Center hosted in SharePoint 2013 – replacing is actually wrong, you have to do a redirect from the SharePoint 2010 environment to the Search Center in SharePoint 2013 – with the Search Preview, Display Templates and all the good stuff. Pretty great, I totally love the new features and the business value you can create with it:

SharePoint 2013 Preview of PowerPoint document hosted in SharePoint 2013

SharePoint 2013 Preview of PowerPoint document hosted in SharePoint 2013

But here is the Problem: You crawled the SharePoint 2010 environment – by default you wont get a Preview for documents in the old environment:

Preview of a document hosted in SharePoint 2010

Preview of a document hosted in SharePoint 2010

There is a great article by Murad SΓ¦ter how you could substitute the Preview with Office Web Apps 2010 (the service application in SharePoint 2010 that needs expensive Office 2010 licenses!). Many of my clients don’t have the Office 2010 licenses – many of them still use Office 2007 – so a show stopper. PDF Preview with old Office Web Apps – nope. This additionally applies to documents hosted on a fileshare – that does not work either.

Reason

So we have Security Trimming in SharePoint Search – you only see what you are allowed to see. Why is there now Preview?

Thats because of oAuth – or better the inability of SharePoint 2010 to understand and accept oAuth (great explanation here by Kirk Ewans).

Behind the scenes

The following happens when you hover over search result that is suitable for a Preview – let’s name the searching user Max:

  1. The search crawler created a link to render a document in the browser. This link is stored in the property ServerRedirectedURL or ServerRedirectedEmbedURL.
  2. This link points to a SharePoint Page called WopiFrame (e.g. http://sharepoint2013/_layouts/15/WopiFrame.aspx?sourcedoc=/Documents/OSP218.pptx&action=default&DefaultItemOpen=1)
  3. This WopiFrame page knows the url to the bound Office Web Apps Server and redirects the request to it. With three parameters: The sourcedoc of the document to render, an oAuth access token and an oAuth time to live token.
  4. The Office Web Apps server, in order to render the document and deliver it back, needs the document to render – of course. Because we left the original server where Max was authenticated – we don’t have this client context anymore – the request from the Office Web Apps back to the SharePoint 2013 server to get the document is anonymously. But why does the SharePoint delivers our precious document? Thats because of the oAuth access token – SharePoint 2013 can validate it and accepts the request like one Max would actually do.
  5. After some computing and drawing time, the Office Web Apps server delivers the preview back to Max.

Because SharePoint 2010 does not understand and accept anonymously requests (most of the time) – and does not understand oAuth tokens – Office Web Apps 2013 do not render Documents hosted on SharePoint 2010.

 Solution: SharePoint 2013 Search Preview for Documents hosted in SharePoint 2010

Figuring out a solution cost me 4 days “brain time” – thinking about the problem – understand the root cause – analyzing options. And chatting with some really nice guys – more about this later.

In the following picture I show you the flow how the requests go from one server to another:

Flow of the requests to render a document hosted in SharePoint 2010

Flow of the requests to render a document hosted in SharePoint 2010

In order to make this all happen, I created a SharePoint Farm Solution (full trust) that needs to be deployed on the SharePoint 2013 side. This provides two handlers that do the following.

SP2010Redirect.ashx: Accepts the initial user request and generates a url that contains the document that should be rendered (full url), the requesting user (domain login) and a simple hash (prevents tampering with the data – no real security!) – that guy is for step (1) in the flow.

SP2010Preview.ashx: Accepts the request back from the Office Web Apps server with the full url of the document, the user login and the hash. With those three values it can check the integrity of the parameters, download the document of the SharePoint 2010 (or what system you like) and  returns it to the Office Web Apps server. This page handles step (3) to step (6).

Pictures / Video or it did not happen!

 

Working Preview of Document hosted in SharePoint 2010

Working Preview of Document hosted in SharePoint 2010

Flaws of the current implementation /

Room for improvement

The code I am going to share is no production ready code – there are magic, hard-coded values in it. I only demonstrate how I did it. No warranties for what so ever.

So why don’t I use oAuth and the WOPIFrame for all the security stuff? Thats because of wonderful internal classes. Dear Microsoft – please open up so I can implement a secure approach.  If I miss a thing and can actually use oAuth directly – please let me know!

Again in other words: If you can create the hash that is passed along for anti-tampering, the SP2010Preview.ashx will download you every document of the SP2010 (this is serious!!) – in my code I did not implement the security check for the given user anyways πŸ™‚ Neither did I add the display template – but its so easy to change it, you will figure it out.

Grab the demo code here.

Thanks!

I really love the SharePoint community – there are a lot of helpful and awesome guys out there. To quote a few that really helped me figuring out this solution:

 

Max Melcher
Follow me!

Max Melcher

Maximilian Melcher (MCSE, MCPD) is a Principal Consultant working at Alegri International Services in Munich, Germany. Max is a specialist in SharePoint technologies focused on search, social computing, web content management and collaboration. Max has led SharePoint implementations for Dax 30 companies since 2009.
Max’s free time is spent on twitter (@maxmelcher) mostly with a good coffee in his hands.
Max Melcher
Follow me!
Tags: , , , , ,
18 replies
  1. Murad says:

    Hi, great post πŸ™‚ Did you ever solve the issue of security? Currently I’m considering to check the SP2010 access rights in SP2010preview.ashx, it seems like I need to use the Server side object model and deploy it on the SP2010 farm?

    Reply
    • Max Melcher says:

      Hi Murad,

      did you try my solution and does it work for you?

      For SP2010 you need a farm solution – checking permission with CSOM was added in SP2013 so I guess there is no other way.

      Cheers
      Max

      Reply
  2. G says:

    Hello Max,

    great post! but i cant get it working. i tried it on my test environment. maybe you can help : )

    i have changed your hard coded value with the ones of my environment. but i cant get my display template working. I am realy bad with html/ js, could you post the code of an example display template that works?

    Reply
  3. jay says:

    Even after changing values to point to our server and deploying it to SP2013 farm ,I am unable to make it work.Can you help me with it?

    Reply
  4. jay says:

    Thanks ! OWA 2013 server is working fine for me as Documents uploaded to a site on SP2013 shows the previews correctly but it doesn’t work for documents crawled from SP2010 environment.It only shows metadata but no hover over preview as with SP2013.

    I have made necessary changes and have deployed the code to SP2013 on premise farm.

    Changes done by me in code are as followed.Pardon me if it’s a dumb question as i am not a coder.

    Two lines where it requires code in preview.cs file are as followed
    1) using (var clientContext = new ClientContext(“http://sp2010”))
    1) I changed the above url to point to my SharePoint 2010 Web application url.

    2) clientContext.Credentials = new NetworkCredential(“mmelcher”, “pass@word1”, “demo”);
    2) I changed it to myusername,password and domain.

    Two lines where it requires code in redirect.cs file are as followed:-
    1) const string urlPreviewFormat = “http://sharepoint2013:1234/_vti_bin/preview.ashx?src={0}&user={1}&hash={2}”;
    1) I changed “http://sharepoint2013:1234” to “SP2013 web application url” as per my farm

    2) const string owaUrlFormat = “http://owa2013.demo.com/op/embed.aspx?src={0}&action=interactivepreview”;
    2) I changed “http://owa2013.demo.com” to “my owa Server url”

    and deployed to SP2013 farm

    are there any other steps required to make it work?.

    Reply
    • Max Melcher says:

      Impressive changes for not being a coder πŸ™‚

      I think you are missing 4 steps (sorry my instructions above suck!):
      1. Enable open from UNC/File path on the OWA server:
      Set-OfficeWebAppsFarm -OpenFromUrlEnabled -OpenFromUncEnabled

      2. Create a web application on SP2013 server that allows anonymous requests – my webapp had the port 1234. Note down the webapp pool account of this new webapp

      3. Grant the webapp pool account access to the fileshare

      4. Change the display template to render those special files, see this filr- there are comments in it! http://melcher.it/wp-content/uploads/Item_CommonItem_Body.html

      Good luck πŸ˜‰
      Max

      Reply
  5. JAY says:

    Thanks ! does this solution work for only ppt’s or other office files as well?

    Reply
  6. Bruce says:

    Any reason why this wouldn’t work with MOSS (2007) that you can think of? Planning on trying it soon…

    Reply
    • Max Melcher says:

      Hey Bruce,

      it should work the same way – if you your man in the middle service can pull down the item from SP2007 it will work. Security is always the challenge here – and well, performance πŸ™‚

      If you have any questions during the process, I have done it like 10 – 15 times by now in various projects… let men know how it goes πŸ˜‰

      Good luck!
      Max

      Reply
  7. Massimiliano Colacchi says:

    Hello Max,

    great post! but i cant get it working.
    I don’t understand if I need to configure the handler on sharepoint after I deployed them.

    Reply

Trackbacks & Pingbacks

  1. SharePoint 2013 Search Result Document Preview for non SP2013 content source says:

    […] found a way with custom preview proxy, witch download file from file share or sp2010 for Office Web Apps, but is it an only option? And what about Lotus Notes search […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close