SPD2013 Workflow - how to check user is member of group


I want to describe a method that I use to check if a user is a member of a group.



  • Call a REST webservice
    • Reference MSDN for the correct API
    • Build a RequestURL and a basic RequestHeader
    • Figure out what the results mean
  • Wrap it up in a Workflow Custom Activity



MSDN (http://msdn.microsoft.com/en-us/library/office/dn268594(v=office.15).aspx - this needs to be a SharePoint Developer's home page) documents a few REST end points that I use for this.


Says you can get to a sharepoint group via:

  • http://<site url>/_api/web/sitegroups(<group id>)
  • http://<site url>/_api/web/sitegroups(<group name>)

The group also has a Users property that points to a Users Collection.


This expands our example to:

  • http://<site url>/_api/web/sitegroups(<group id>)/users

For example:


The Users Collection does not have a method for testing if a user exists.  So I've taken the shortcut and basically brute force the service and just try to retrieve a user.  If you try to request a user that doesn't exist in the collection, it will just error, and I just catch that error.


SharePoint Designer workflow




Build Request Header


Both Accept and Content-Type needs to be "application/json;odata=verbose"


Build Request URL


Concatenate Current Site URL (which ends without a trailing /) and the earlier API.

Note my group name is 'john Members'


Call Web Service



Catch and process the result value.



The ResponseCode could be either OK or InternalServerError

Get a property from the returned Response variable "d/Title" would correspond to the Display Name of the user returned.  If the ResponseCode was Error, then there would be no value in the Response object.



Sandbox Custom Workflow Activity


In Visual Studio, these activities can be bundled into one single Activity that can be reused in SharePoint Designer.  I'll update this in a future blog post on Visual Studio.



Thoughts on checking nested group or AD group memberships

  • There are no way to check member with nested groups.  One possibility is to not think of it as membership, but think of it as whether the person has a certain permission.

    Does the current user have permission to do Contribute on the current Site. 
  • A more complicated thinking could be to create a list, kick out everyone except the group you are interested in, and check if the current user has permission to that list.



This Example in JavaScript


The more I work with SharePoint 2013 Workflows the closer parallels I see relating to a traditional programming language.  Here's the same function call in Javascript.

var promise = $.ajax({
        type: "GET",
        url: _spPageContextInfo.siteServerRelativeUrl + "/_api/web/sitegroups/getbyname('john Owners')/users/getbyid(" + _spPageContextInfo.userId + ")",
        headers: {
                "accept": "application/json;odata=verbose"
        contentType: "application/json;odata=verbose",
        dataType: "json",
        cache: false,
        processData: true

        function (data, status) {

                if (status == "success" && data && data.d) {
                        var title = d.Title;

                else {
                    // success, but no records - this can't really happen.
        function () {
                // not successful - usually not a member of that group


TypeScript Definition file for SPServices v0.1


Here's something I have wanted to write for a long time, both as Thank-You to Marc Anderson's work on SPServices, as well as for personal learning of the TypeScript language.


Adding TypeScript Definition reference:



$().sp (intellisense)









$().SPServices.SPCascadeDropdowns({ ... })



And one more.

$().SPServices({ ... })



Syntax Error Detection that TypeScript does so well. 

Except for the error message.

Repeat after me in a ROBOT way.  "String is missing apply from type Function".

What it means is I was expecting a function why did I find a string. 

And because Javascript can be surprisingly retarded, TypeScript tries to accommodate and wonders: perhaps this string is a function in disguise - so let me look for the apply method on this object.  NOPE.  It is not a function.   /s





Bonus.  TypeScript understands SPServices returns a JQueryXHR promise object.



Wait.  Where's all the other methods?


This is v0.1...




Also, how do I get this into Marc's repo?


SharePoint Saturday Sydney 2014

November 29, 2014 was a great day for SharePoint Saturday.

I presented "Develop and Build Workflow Apps in SP2013. Wait, Workflow Apps?" - which is a session that covers lots of the new things you can build with SharePoint 2013 workflows using primarily Visual Studio 2013.  These work on premises and in Office 365.


The REST end points opens up SharePoint


I still think my transition along with exploring new activity and suddenly jumping into REST was tough.  I need to work on how to introduce that point.

The key point stands.  As a developer, or even a power user using Workflows - the REST API opens SharePoint completely to me.  I can use it to create lists, site columns or assign permission groups.  The trouble is that creating the JSON packet to talk to SharePoint end point is quite hard.  Which is why the need (and the ability) to package existing series of Actions into a reusable Custom Activity is a big deal.


Confusion over Workflow Custom Activity


There was actually a lot of confusion over the artefact "Custom Activity".  In 2010, these were sandbox or coded solutions.  In 2013, Custom Activity is completely declarative.  It is a way for you to save a series of workflow actions into a reusable piece of functionality that you can use over and over.  In my demo project I have about 10 custom activities.





News Update


We announced at the beginning and the end of SharePoint Saturday 2014 that this would be the last SharePoint Saturday in Australia.  As Microsoft and Industry trends towards Office 365, we will move with that trend.

From 2015 onwards, Office 365 Saturday will return, bigger and with more coverage of Office and SharePoint Online, but also address your On Premises needs.

Hope you have a great holidays and see you soon in 2015!


Style recommendation for writing CAML in C#


I came across some sample CAML code a while back, and have been following their way of defining CAML in C#

Today a colleague commented on my code and I thought, hey, I should write this down.


Use string.concat


var query = new SPQuery()
    Query = string.Concat(
                                    "<FieldRef Name='Parent' LookupId='true'/>",
                                    "<Value Type='Integer'>", id, "</Value>",
                                    "<FieldRef Name='DueDate' Ascending='TRUE' />",
                                    "<FieldRef Name=’Priority’ Ascending='TRUE' />",
var items = list.GetItems(query);




  • You don't have to bury the CAML in one crazy line or block of text.
  • I can arbitrarily indent my XML elements and the code doesn't see it at all. 
  • You almost always need to insert some sort of variables in the middle of your CAML.  This way you don't have to rely on fancy string.format, or consider type casting.
  • You don't have to remember to add "..." + "..." at the end of every line. 
  • Don't like a chunk of XML?  You can easily line comment or region comment.


Try it out and see if this changes your life as it has for me.

(if you have been doing this for years and have blogged or seen this documented before, let me know where.)


And I say to ASHX for SharePoint: make me a folder.

Sometimes, I do get to do some on-premises farm stuff.  Because deep in my soul, I'm a hardcore dev.  Muahaha.


In InfoPath, we want to be able to:

  • Send people to a folder within a document library, for them to upload attachments. 
  • Each form has its own unique ID, say "1234".  The folder will be <site>/Attachments/1234/
  • The folder doesn't need to be created when it's not used.  That is, it would be great to create the folder ON DEMAND
  • Finally, InfoPath is quite dumb.  It only has a hyperlink.



  • Create a HTTP Handler that takes this URL:  <site/sitecollection>/_layouts/InfoPathHelper/InfoPathHandler.ashx?folder=<site>/attachments/<ID>
  • Create a folder on demand, and then respond via a HTTP Redirect.





  1. Add a ashx handler to your SharePoint solution.  CKSDev has great template for this.
  2. Add code to ProcessRequest
    public void ProcessRequest(HttpContext context)
        if (!string.IsNullOrEmpty(context.Request.QueryString["folder"]))

  3. Add a function to check for the folder, create it if we need it, and end with a redirect.

    private void CreateFolderAndRedirectResponse(HttpContext context)
        // <site-collection>/_layouts/InfoPathHelper/InfoPathHandler.ashx?folder=<site>/

        var path = context.Request.QueryString["folder"];
        var server = new Uri(SPContext.Current.Web.Url);
        var url = string.Format("{0}://{1}{2}", server.Scheme, server.Authority, path);

        // elevate permission to create the folder.
        SPSecurity.RunWithElevatedPrivileges(() =>
                using (var site = new SPSite(url))
                    using (var web = site.OpenWeb())
                        SPFolder folder = web.GetFolder(path);
                        SPFolder f = folder;
                        List<SPFolder> folders = new List<SPFolder>();
                        SPDocumentLibrary library = folder.DocumentLibrary;
                        if (library == null)
                        while(f.Url.ToLower() != library.RootFolder.Url.ToLower()){
                            if (f.Exists || string.IsNullOrEmpty(f.Url))


                            f = f.ParentFolder;
                            if (f == null)
                                // if this happens we're in trouble

                        if (folders.Count > 0)
                            // we are in a GET request - need to allow unsafe updates
                            web.AllowUnsafeUpdates = true;
                            foreach (SPFolder f1 in folders)
                                if (!f1.Exists)
                            web.AllowUnsafeUpdates = false;
            catch (Exception ex)


        context.Response.Redirect(path, true);

  4. Wait what's all the strange looking nested folder stuff?  That's right, as a bonus, if you specify nested folder within the document library, the HTTP Handler will create those too!

  5. InfoPath is super simple, just add a Hyperlink to the URL


    Link to Data Source:

    concat("/_layouts/InfoPathHelper/InfoPathHandler.ashx?attachments?folder=", my:ID)


See it running




Copying SP2013 Workflow XAML files between VSNET projects

The Error

If you copy Workflow or Workflow Custom Activity objects between your SharePoint VSNET projects, sometimes you would see these errors:

Project file must include the .NET Framework assembly 'WindowsBase, PresentationCore' in the reference list.

Project file must include the .NET Framework assembly 'WindowsBase' in the reference list.



This is actually a result of VSNET getting quite confused.  It thinks your workflow.xaml files are WPF XAML files.



The Build Action "Page" is special and tells VSNET that this is a WPF Page object.  Which then triggers the compiler requirement that the necessary libraries are not included in the project.

This can happen when you copy Workflow or Workflow Custom Activity files from one project to another, then use VSNET to "Include in Project"



The Fix

Is to tell VSNET the correct Build Action for an Workflow XAML file:



The correct Build Action for Workflow XAML objects is XamlAppDef

Go through your project and check every XAML file.





Happy again.


SPS Canberra 2014 - Building SharePoint 2013 Workflows Apps (post-show notes)


On Friday afternoon I drove down to Canberra for SharePoint Saturday.  It really was a wonderful afternoon.



Building SharePoint 2013 Workflow Apps


My talk focused on Building SharePoint 2013 Workflow Apps.  That is, practical examples of what you can build with Workflow Manager for both Office 365 and SharePoint 2013.  Lots of individual examples, Workflow Custom Activities, and a full SharePoint App with Forms, Lists and Workflows (and I found this humourous: no C# or JavaScript).



A question was asked about parallel tasks, the short-cut logic and whether it could be done for approval workflows that required (3 out of 5) votes to progress.  While I think that would be possible, the Out Of Box Composite Task covers that scenario directly so you don't need to build this via a tricky Parallel Task.  Much applause for Microsoft.


Why is REST the best thing in the slide

I didn't stress this point enough.

Traditionally, when MS adds new services or methods, we need to wait for MS (hahaha) or ask someone to build a custom activity to use them in the workflow.

Now, in SP2013 - REST is first class.  That means any new service gets a REST end point.  Want to work with Delve?  There's a REST API for that.  That means, automatically that as soon as the API is available, you can use it in your Workflow.

That means, Workflow is also first class.

That is why this is the best thing in SP2013 Workflows. 


Demo Fail

I was not able to add the Artezio Workflow Custom Activities in SharePoint Designer 2013.


This is because Workflow Custom Activities can be packaged in a solution as part of "App" or "Sandbox Solution"

The activities that I had in my demo site were packaged as App.  That means they could be used in my App within the App Web, but not directly in the Host Web by SharePoint Designer.

If you are using SharePoint Designer and want to use the Workflow Custom Activities, you need to grab the sandbox solution and activate that on your site first separately.

The codeplex project has both types of solution.



Integrated Workflow Apps

Because of time, I did not cover this point.  Integrated Workflow Apps is a variation of the Workflow App for SharePoint.  The distinction being that the workflows defined in the App (which then runs in the AppWeb) is available for Workflow Associations in the Host Web (instead of the App Web).

This is very useful if you want to build complex Approval workflows and have the logic run in the App Web, but still allow users to associate that workflow to their libraries in their own sites.

At the moment, Integrated Workflow Apps can only be created via editing the XML in the solution package.  VSNET support will be updated in the future to provide a UI for this type of set up.


The Sample Project is not completed

There are still plenty to do to complete the workflows, but the key points are there - flow-chart, parallel actions, scopes, workflow activity, permissions, app step.




Setting up Azure Service Bus for debugging SharePoint 2013 Workflows

If you follow the instructions on http://blogs.msdn.com/b/officeapps/archive/2013/03/21/update-to-debugging-sharepoint-2013-remote-events-using-visual-studio-2012.aspx to set up an Azure Service Bus to debug your SharePoint 2013 you need to take careful note of this starting paragraph.

Update 9/19/2014: Please note Microsoft Azure Service Bus now supports two types of connection strings: SAS and ACS. For remote event debugging via Azure Service Bus, only ACS connection string is currently supported as shown below. Follow the instructions in Service Bus Authentication and Authorization to get an ACS connection string for any new Service Bus namespace created after August 2014.

I skim read, so I missed it, twice.  And then spent a lot of time digging through why my brand new Azure Service Bus (SAS) doesn't work with SharePoint 2013's debugging.

To redeem myself and me ranting at other people (for my own fault of ... not-reading).  I present the following:

The newbie picture guide on how to set up Azure Service Bus for Office 365


Go here: http://azure.microsoft.com/en-us/downloads/

Scroll down and install the command line tools.  I went with the Windows PowerShell option on the left.

The download will run the Web Platform Installer, which then lets you install MS Azure PowerShell



Installed, it is here.



Run two PowerShell commands.

  • Add-AzureAccount will open a browser window, allowing you to sign in with your Office 365 account and download a policy file
  • New-AzureSBNamespace -name <name> -location '<region>' -CreateACSNamespace $true




The Service Bus can be managed via the web interface - they just can't be created.

It appears as type "Mixed"




This will now give you an old style ACS connection string that you can use in VS.NET's project properties.



And here is VS.NET happily debugging Office 365 workflow again.



For completeness: this is the Wrong Way, if you use the Azure Portal



Looks different.



ACS Connection String looks like this:

  • Endpoint=sb://debug-jl.servicebus.windows.net/;SharedSecretIssuer=owner;SharedSecretValue=<code>=

SAS Connection String looks like this:

  • Endpoint=sb://debug-bad.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=<code>=


The SAS Connection String does not currently work with VS.NET





  • Download Azure PowerShell (or Azure CLI via npm) - they are two different things, don't mix them.
  • Run two PowerShell commands to create the old Azure Service Bus (with ACS)
  • Thank Greg Hurlman@justcallme98 and ☞ Scott Hoag ☜@ciphertxt for reaching out and assisting me with my bad Azure skills.
  • Apologies to people that had to read my uneducated rant.  I retract all of it.

Small Powershell Adventures -NotIn and Arrays


PowerShell v3 has a new syntax I quite liked:

$badIDs = "73574929","73573581","73575402","73576325","73575586","73575377","73574920"

for($i = 0; $i -lt $rows.length; $i++) {

    $row = $rows[$i];
    #echo $row
    $imageID = $row.ImageID
    if ($imageID -ne "none" -and $imageID -NotIn $badIDs ) {
        # don't do stuff

Trouble is, this isn't available natively in PowerShell v2 (which is still quite common if you work on SP2010, Windows Server 2008R2).

Fortunately, we can just use Array.IndexOf static method to replace this.

if ($imageID -ne "none" -and [Array]::IndexOf($badIDs, $imageID) -eq -1 ) {
    # don't do stuff


KO binding for two SharePoint rich text editor controls


For a while now, I've been experimenting with a simple HTML editor for my forms.  Something to work with JavaScript databinding, in my particular case, KnockoutJS.


Why not TinyMCE and CKEditor?


But both libraries wants me to embed a bunch of additional 10-20 files.  I'm trying to build an App, which means packaging my assets.  I'm not going to package 20 files. 

Additionally, both TinyMCE nor CKEditor has official support for KnockoutJS binding anyway.  You end up on StackOverflow using someone's binding code.


An idea strikes!

Why not just use SharePoint's Rich Text Editor controls?  As long as you can create an ASPX page, you can use these controls that are out of the box.  As long as I don't postback, it doesn't matter what's the value inside of the controls.


SharePoint InputFormTextBox



<sharepoint:InputFormTextBox title="Title" class="ms-input" data-bind="spInputFormTextBox: CommentText1" ID="CommentTextBox1" Runat="server" TextMode="MultiLine" Columns="40" Rows="5" RichText="True" RichTextMode="Compatible"/>


Knockout Two-Way Binding:


ko.bindingHandlers.spInputFormTextBox = {
    init: function (element, valueAccessor, allBindingsAccessor, context) {
        var modelValue = valueAccessor();
        var value = ko.utils.unwrapObservable(valueAccessor());

        var baseElementID = $(element).attr("id");

        //handle edits made in the editor
        var doc = RTE_GetEditorDocument(baseElementID);
        if (doc == null) return;

        var $editor = $(doc.body);

        $editor.on('blur', function (e) {


            var $elemSave = $("#" + baseElementID + "_spSave");
            if ($elemSave.length) {
            else {
    update: function (element, valueAccessor, allBindingsAccessor, context) {
        //handle programmatic updates to the observable
        var value = ko.utils.unwrapObservable(valueAccessor());

        var baseElementID = $(element).attr("id");



  • SharePoint:InputFormTextBox is a nice little control you can drop in anywhere.  It's been around for a long time too, since SharePoint 2007. 
  • RichTextMode="Compatible" mode creates a smaller rich text control with a tiny toolbar. 
  • Biggest problem, is this control is IE-only.  Does not render nicely on other browsers.
  • The KnockoutJS data-bind syntax is very clean and can be used directly on the control.
  • Explanation: the Javascript focuses on borrowing the RTE_Transfer* functions in SharePoint to copy the value to a hidden field, then grab the HTML from there back to the observable.  This borrows SharePoint's other javascript function to clean up the HTML and do a bunch of encode/decode things.


SharePoint RichTextField




<div data-bind="spRichTextField: CommentText1">
<sharepoint:RichTextField CssClass="ms-input" ID="CommentTextBox1" Runat="server" FieldName="CommentText1" ControlMode="New"/>

KnockoutJS Two-Way Binding:


ko.bindingHandlers.spRichTextField = {
    init: function (element, valueAccessor, allBindingsAccessor, context) {
        var modelValue = valueAccessor();
        var value = ko.utils.unwrapObservable(valueAccessor());

        var $inplacerte = $(element).find("div.ms-rtestate-field.ms-rtefield div[id$=TextField_inplacerte]");

        //handle edits made in the editor
        $inplacerte.on('blur', function (e) {
            var RTEhtml = RTE.Canvas.getEditableRegionHtml($inplacerte[0], false);

    update: function (element, valueAccessor, allBindingsAccessor, context) {
        //handle programmatic updates to the observable
        var value = ko.utils.unwrapObservable(valueAccessor());

        var $inplacerte = $(element).find("div.ms-rtestate-field.ms-rtefield div[id$=TextField_inplacerte]");



  • The SharePoint Rich Text Field works on every browser, and it shows a nice Ribbon for interacting with rich text.
  • To use this, you do need to tie it to a Field on the current list item (which would be the page), this is quite annoying to set up.
  • I use data-bind to pull the value out and work with it via Javascript - so I don't actually bother with saving back to the list item via the UI.
  • You can't add the data-bind attribute to the RichTextField control.  It will complain about not knowing what the attribute is.  I work around this by wrapping the binding syntax outside of the ASP.NET control and use jQuery to look for the DOM elements within.
  • Explanation: This borrow SharePoint's RTE.Canvas javascript class to update and retrieve HTML from the Content-Editable DIV.  Again, SharePoint's Javascript does a bunch of encoding/decoding that makes the HTML nice to read at the end.