We have recently completed a SharePoint Services 3.0 project for task management and business processes automation. It is a good habit to keep track of what issues appeared in the project, so that you can make better architecture decisions in the future.

Here is the quick “lessons learned” list:

1. Forms authentication
Create first a SharePoint web application with windows authentication, then extent the web application with forms authentication. Develop or purchase additional component for users’ registration with features like resetting passwords and emailing forgotten password.

Articles:
http://msdn.microsoft.com/en-us/library/bb975136.aspx
http://www.simple-talk.com/dotnet/windows-forms/configuring-forms-authentication-in-sharepoint-2007/
Free tool to manage users:
http://www.codeplex.com/fba/Wiki/View.aspx?title=basic%20FBA%20user%20and%20role%20management&referringTitle=Home

2. Office integration with SharePoint with Forms authentication
Not working by default as you might have guessed. These are the steps (in brief) how to configure it:

• Enable “client integration” In Central administration -> Application Management -> Authentication Providers for the selected zone
• When users sign in, they must check “remember me”. In that way, the authentication cookie is persisted and the rich clients can authenticate to SharePoint.
• SharePoint site must be in trusted sites, or in other internet explorer zone, which has Internet explorer Protected mode turned off. Protected mode being off enables other applications (such as Word, SharePoint designer), to use the authentication cookie
• The user must have appropriate access permissions to use rich client with SharePoint (check permission levels)

Article:
http://msdn.microsoft.com/en-us/library/bb977430.aspx

3. Alternate mappings for publishing SharePoint Services to Internet
Check your alternate access mappings or use load-balanced URL when extending the SharePoint site. Incorrect alternate access mappings cause login form to appear, but after logon, a 404 error is given. General rule of thumb - if functionality are working in intranet, but you have issues in internet, do check the alternate access mappings. Also, check windows firewall if you use custom ports. You need to open incoming requests on these ports.

Article:
http://blogs.msdn.com/sharepoint/archive/2007/03/06/what-every-sharepoint-administrator-needs-to-know-about-alternate-access-mappings-part-1.aspx (read part 1, 2 and 3)

4. Customizing Edit Pages
Customized edit pages enables you to rearrange fields, set some fields as read only, adding additional user controls on the web page, and more.
Abilitics free Edit Page redirector will be available soon. Edit page redirector “redirects” users to appropriate edit page, based on their group membership or based on field values. Stay tuned.

5. SharePoint designer workflows & Custom actions
Custom workflow activities enable you to add additional functionality to workflows that you develop with SharePoint designer.
Download free SharePoint designer activities: http://www.codeplex.com/SPDActivities. Giving permissions to users with forms authentication does not work. You have to modify the code of this tool.

Some SharePoint designer workflow issues & solutions:

Issue: Cannot select multiple users when selecting users (as in granting permissions activity)
Solution: The reason is because SharePoint designer user picker designer type does not allow you to select multiple users. The workaround is to save the multiple users in a dynamic string, and then feed the dynamic string to the activity.

Issue: After you edit workflow with SharePoint designer, SharePoint still runs the old workflow
Solution: it appears to be a bug of some kind. Our workaround is to copy the workflow and associate it with another library, delete it from the original location, and then return it back. A friend of mine with the same problem suggested to save the workflow locally, delete it from SharePoint (the action deletes all previous versions), and then upload it again.

Issue: SharePoint designer does not show latest version of a custom developed activity
Solution: Delete SharePoint cache from this location C:\Users\rossen.ABILITICS\AppData\Local\Microsoft\WebsiteCache (on Vista)

Issue: Access denied when custom SharePoint activity is run
Solution: By default, the workflow runs with the security account of the user who initiated the workflow. You need to run with elevated privileges with SPSecurity.RunWithElevatedPrivileges. Do remember to recreate new SPSite & SPWeb.

6. Modifying item when you have only read-only access
Imagine a vacation request business process. Once approved, you will have read-only access, because you should not be able to modify it. But you must be able to cancel your vacation request.
The solution: Create custom web part with single button (Cancel Vacation Request), put it on the DispForm. The web part will use elevation of privilege (SPSecurity.RunWithElevatedPrivilege) to modify the current item. DispForm is accessible when you have read-only access, but edit form is not.

7. Script Everything
If you repeat some action twice – script it!

• Script web part deployment, SharePoint designer custom activity deployment, features activation and deactivation
• Script application pool recycling and web site warming up (http://blogs.msdn.com/joelo/archive/2006/08/13/697044.aspx)
• Script backup and restore operations(and run backup as scheduled task, or backup the DB regularily)

Script user configuration:
Incorrectly set user accounts and group membership can ruin a perfectly fine SharePoint implementation. User configuration shall be automated and validated for errors. 

• The client provides user accounts, temporary password, emails, user profiles, group membership in excel file
• Custom application creates the users in the SQL Server AspNetSqlMembership provider database
• Custom application fills in and validates user profiles in SharePoint (missing properties, missing managers, incorrect email addresses)
• Stsadm script adds the users to the required security groups in SharePoint

Sincerely,
Rossen