Now that I’ve finally got my Windows Phone 7, I have had a little time to play around with some of the integration with SharePoint and start to understand better some of the issues and limitations I’ve heard described previously by other folks. I’m going to try and share some of those details here so hopefully you will be clearer on what does and does not work right now and what you can do to mitigate in certain circumstances.
First, as an aside, I must say that I am really very impressed with Windows Phone 7 (hereafter referred to as WP7). Like many folks at my current employer, I’ve only had a Windows Phone since they first came out, up to and including the Windows Mobile 6.5. I’ve had more than my share of frustrations and was getting ready to just jump ship myself here not that long ago, when I got wind of the WP7 release date. Since it was only a few months away I decided to hold out one more time and give it a try, and boy am I glad I did. To begin with, I purchased the Samsung Focus. Folks, the display on this phone is amazing – really fantastic. It’s like looking at a minature high def device, the picture is so bright and clear. Kudos to Samsung on the device. The phone itself has a few annoyances as most devices do, but overall the performance and functionality is really terrific. Texting has never been easier. I’ve thought for the last several years that I must have disproportionately large thumbs compared to the rest of the humans because I always had so many typos in messages, which made for a long and frustrating experience creating messages. The new auto-correct feature in WP7 is really, truly amazing. I don’t know who developed this stuff but I highly recommend that they start working on the next manned space launch to Mars or something because the work these guys have done is brilliant. The whole touch screen experience is also extremely fluid and easy to use – waaaayyyyy better than anything that was in Mobile 6.5. The integration with Zune is definitely cool – I’ve already synced a bunch of music from my PC to my phone, and the integration with XBox Live is cooler yet. It’s awesome seeing my little XBox Live Avatar on my screen, as well as being able to check out my latest accomplishments, etc. And that’s not even mentioning the wide array of games that I can get on my phone now (note to wife: my bill may be uncharacteristically high this month). Also, the performance is SNAPPY! It is SO much better than Mobile 6.5 in that respect. Anyways, I could go on and on but I won’t, I’m not really a product reviewer but have been so impressed with this device and OS that I felt compelled to share. Now, onto the subject at hand.
The first thing I want to differentiate here is the difference in what you can do with SharePoint on WP7 in the browser, versus with the Office hub (a.k.a. SharePoint Mobile Workspace). Let’s start with the browser.
Overall, most SharePoint sites work great in the WP7 browser. One thing that is kind of interesting is that even if you configure your browser in WP7 to be the mobile version vs. the desktop version, when you hit a SharePoint site it will always display the full browser version. If you want to see the mobile version of a site in SharePoint 2010 you must append the querystring “?mobile=1” to the end of your Url. Note that this is different from SharePoint 2007 where you just append a “/m” to the Url to get the mobile views; if you try and do the same thing in SharePoint 2010 it will give you a page not found error. As far as the mobile views themselves, they are definitely improved and look much nicer in 2010 than they did in 2007. Now, here’s the one big funky thing to be aware of, and of course it has to do with claims web sites in SharePoint. I also need to scope my comments – in my claims sites in my lab, they are configured to authenticate with AD FS 2.0. My ADFS server is configured to use Windows authentication. Since I use the fully-qualified name of my ADFS server, the browser doesn’t attempt to send my credentials automatically; instead it gives me the standard browser Windows auth prompt. Okay, so – in the WP7 browser, this does not work. I can get to the site where I select my authentication type (Windows or my SPTrustedIdentityTokenIssuer). I select SAML auth provider and it redirects me to ADFS, but at that point things fail. What I mean by “fail”, is that the browser doesn’t throw out that Windows authentication dialog, so I never get past the ADFS site. If you are looking at the WP7 browser it effectively looks like it’s frozen, but it really isn’t. Fortunately my friend Joe F. gave me a way to fix this so I will share it here. You need to go in and modify the compat.browser file. That means you need to visit every WFE, and drill down to where the compat.browser file is. By default it’s in the \inetpub\wwwroot\wss\VirtualDirectories\yourVirtualDirectory\App_Browsers folder. In there you want to find the entry for the Windows Phone 7 browser agent – the user agent is Office Mobile Web Access. You want to find the isMobileDevice attribute of the capabilities element and change it from “true” to “false”. That will also recycle your IIS virtual server, but now you should be able to navigate to the site in your WP7 browser. This time though when you hit the ADFS site you should get an authentication prompt in WP7 in which you can enter your credentials and continue. Again, I’m reporting the “simplest” ADFS implementation; depending on what kind of authentication you’ve implemented there, your mileage may vary.
Now, let’s talk about the Office hub. The Office hub in WP7 is really pretty slick and a nice user experience. However…for now you are pretty limited in terms of the SharePoint sites you can hit. Folks, I’ll just come out and say it, but in my testing (and this is pretty consistent with what I had heard elsewhere), you will only be able to use the Office hub on SharePoint sites that are configured to use Windows authentication and are in the equivalent of the intranet zone. For example, I have a site called http://farm2 that uses Windows claims auth and I can open it and all the documents in it just fine in Office hub. However, I also have a site called http://wcftest.vbtoys.com and it also uses Windows auth, but I cannot access it from Office hub. When I try I get an error message that says “Can’t open…SharePoint doesn’t support this authentication scheme.” Well the real problem here is that the browser, just like IE on the desktop, sees the period (“.”) in the Url and that puts in in the Internet zone. Here the problem is that in the Internet zone, the Office hub does not support Windows authentication. So now I’m basically cut off from that site on my WP7.
Here’s another example: in this case, I’m trying to hit a site that should be in the “Intranet” zone – the Url is https://fc1. The site is configured to use both Windows and SAML claims. Well, unfortunately the SAML claims part won’t work with Office hub either. So you still get the same error message I described above. If you try a site that is only SAML auth, you hit the same problem – no entry. I thought it would be curious to see if the Office hub could re-use the FedAuth cookie from the WP7 browser, so I made the compat.browser change I described above and navigated to my SAML sites in the browser. Then I tried opening them up again in Office hub and…no joy – same error message.
Finally, for completeness, I tried a SharePoint site secured with FBA claims. The net of it is you get a slightly different error, but you still don’t get in. In this case you get an error message that says “Can’t open…SharePoint doesn’t support non-SharePoint servers and can’t open the requested content. You can try opening the content in your web browser instead.” And it gives me a nice “open” button that if clicked will indeed open the SharePoint site in my browser…but not in Office hub.
So that’s what I’ve found so far. The WP7 overall is really great, the SharePoint integration with the browser is pretty good, but with Office hub it is lacking. Hopefully though you at least know what you have to work with now and can plan accordingly and/or plug in some other authentication mechanism in-between you and site (like UAG) if you want to open up more of your sites to Office hub.