Microsoft InfoPath 2010
The official blog of the Microsoft InfoPath team

February, 2010

  • Microsoft InfoPath 2010

    Digital Signature Support in InfoPath 2010

    • 32 Comments

    Hi, this is Gergely Kota, a developer on the InfoPath team. Digitally signing data when filling out a form makes the data tamper-proof, authenticates its signer, and is a key component of trusting form data. In this post, I’d like to share the improvements that have been made to digital signature support in InfoPath 2010. InfoPath 2010 allows you to make more secure signatures with improved cryptographic algorithms and makes long-term storage of signed forms more robust by supporting 3rd-party time stamping. This post describes these improvements and shows you how to strengthen any signature created in InfoPath 2010 Filler. For a primer on digital signatures, read an Introduction to Digital Signatures in InfoPath.

    Note - Data signing should not be confused with code/template signing, which remains unchanged.

    Signature Security

    Digital signatures are only as secure as the cryptographic algorithms they use to ensure signed data hasn't been tampered with. InfoPath 2007 and 2003 support RSA or DSA for signing and SHA1 for hashing. Though a combination of RSA and SHA1 is considered secure for now, algorithms become exposed to attack over time and are eventually rendered obsolete. If either the signing or hashing algorithm is cracked or compromised, the integrity of the signature can no longer be verified. InfoPath 2010 enables you to address these concerns by supporting newer, more secure, ECC signing and SHA-2 family of hashing algorithms.

    Signing with a particular algorithm

    When creating a signature, a user may sign with one of potentially many certificates installed on their machine. The signature algorithm is determined by the chosen digital certificate. To determine the algorithm:

    1. Begin the signing process Clickhere to sign
    2. Change your signing certificate ChangeCert
    3. Highlight desired certificate and click View Certificate 
    4. Look at the Public key field under the Details tab Viewcert

    Administrator Settings: Hashing algorithms

    By default, InfoPath 2010 hashes signature data using SHA1. This is done to maintain backwards compatibility with InfoPath 2007 and InfoPath 2003. InfoPath 2010 also supports the SHA2 family of hashing algorithms. If backwards compatibility is not a concern, an administrator can set the hashing algorithm in the registry.

    HKCU\Software\Microsoft\Office\14.0\Common\Signatures\SignatureHashAlg
    Value Description
    “sha1” (default) SHA1 hash algorithm
    “sha256” SHA256 hash algorithm
    “sha384” SHA384 hash algorithm
    “sha512” SHA512 hash algorithm

    Signing and Hashing Algorithm Compatibility

    The following table shows which versions of InfoPath are able to sign and/or verify signatures with the given combinations of signing and hashing algorithms:

    DigSigAlgoSupportMatrix

    Long-term Signature Support

    Certificates guarantee the identity of the signer, but expire after a while. This is to reduce the time attackers have to deduce an associated private key (which would allow them to impersonate a signer) and to limit the shelf-life of a compromised certificate. Certificates may also be revoked if they are taken out of commission before their expiration date. If the certificate used to create a signature is now expired or revoked, we should be cautious of whether the signed data is valid or not unless we can verify that the data was signed while the certificate was still valid. This poses an impending problem because all certificates expire (often in a year!), and we would require a trusted timestamp to confirm when the signature was created. Without such a trusted timestamp, InfoPath will show the signature as invalid, with the reason in the Signature Details dialog:

    InvalidSignature

    sigdetails_full_expired

    This can be especially problematic, for example, for a printed copy of the form which would show an invalid signature, and there would be no way to verify why. InfoPath 2010 adds support for XML Advanced Electronic Signature (XAdES), which allows for adding a trusted timestamp that can be used to resolve when the signature was added relative to the signing certificate's expiration and/or revocation time (see a detailed discussion of XAdES in Microsoft Office for details and level options). If such a timestamp exists and confirms that the signature was made when the signing certificate was valid, InfoPath can safely conclude that the signature is entirely valid:

    ValidSignature

    sigdetails_full_good

    Server Support

    InfoPath 2010 Forms Services signs forms using RSA and SHA1, and is able to verify any signature created in the InfoPath 2010 client. XAdES is a client-only feature.

    Final Word

    By leveraging the security improvements and time-stamping support described in this post, you are increasing the strength and longevity of your signatures. Happy signing!

    Gergely, InfoPath dev

  • Microsoft InfoPath 2010

    Add a Dynamic Map to a Contact Form using REST Web Services

    • 25 Comments

    Update: Due to a change in the Bing Maps REST Web Service, the steps outlined in this blog post no longer work. We are looking into the possibility of using a different API, and will update this post soon with details.

    Hi, Phil Newman here from the InfoPath team. In this post, I’ll explain how to use the new REST Web service data connection in InfoPath 2010 to add a dynamic map to a contacts form. The form connects to two Web services. The first is a REST Web service that returns the coordinates of a given address from Bing Maps, the second returns an image of a map for a given coordinate set. When users enter address information in the form, the map will update to display the specified address.

    Get Microsoft Silverlight

    The following steps assume that:

    1. You’ve already created your Contacts list in SharePoint and customized the form for the list in InfoPath.
    2. You have a Bing Maps key (see http://msdn.microsoft.com/en-us/library/ff428642.aspx)

    Add the Data Connections

    1. In InfoPath Designer, click “From REST Web Service” on the “Data” tab. Data Tab, From REST Web Service
    2. On the first page of the Data Connection wizard, enter the URL of the Bing Maps REST Web service that will return the GPS coordinates for the specified address. The URL must contain sample parameters that will return valid values at runtime. Otherwise the connection will not be configured. Data Connection Wizard - Web Service Details Here is my starting URL (you will need to replace YourBingMapsKey with your own Bing Maps key value) :
      http://dev.virtualearth.net/Services/v1/GeocodeService/GeocodeService.asmx/Geocode?culture=en-us&count=10&query=1%20Microsoft%20Way%20Redmond%20wa%20&landmark=&addressLine=&locality=&postalTown=&adminDistrict=&district=&postalCode=&countryRegion=&mapBounds=&currentLocation=&curLocAccuracy=&entityTypes=&rankBy=&key=YourBingMapsKey 
      Note that I’ve included a default address of “1 Microsoft Way Redmond WA” so that the Web service will return valid XML.
    3. On the next page of the Data Connection wizard, specify a name for the data connection. Since in this scenario we only want the map to be displayed when the user enters an address, clear the “Automatically retrieve data when the form is opened” check box, and click “Finish”. Data Connection Wizard - Data Connection Name
    4. Because the Bing Maps Web service is not on the SharePoint server, the data connection must be converted to a data connection (.udcx) file. Click “Data Connections” on the “Data” tab, select the data connection, and click “Convert to Connection File”. The connection file must be saved to a Data Connection Library on the SharePoint site and approved before it can be used.  (For more about data connections and UDC files, go here)Data Ribbon tab - Data Connections

    RESTSaveConnectionFile

    RESTSaveConnectionFile2

    Add a Rule to query the REST Web Service

    The next step is to create a rule to change the parameters in the REST Web Service URL based on the address values entered in the form. The Web service will then be queried using these parameters.

    1. Add a button to the form.
    2. Select the button and click “Manage Rules” on the “Home” tab.RESTManageRules

      (NOTE – the button is being used as a temporary placeholder for creating the rules. In InfoPath 2010, you can copy and paste rules between controls. We’ve built in smarts so that when you copy a rule to a different control, field references are updated. In this case we do not want the references to be updated so we will create the rules on the button and then copy and paste it on to the Address fields.)

    3. On the “Rules” task pane, click “New”, “Action” and add a “Change REST URL” rule action. 
    4. Build an expression that concatenates values in the form to create the URL RESTRuleDetails
      • In the “Insert Formula” dialog, select the existing URL  RESTInsertFormula
      • Click the “Insert Function” button and add the Concat function from the “Text” category.
      • Replace the default value for the address with parameters from the form. Since the Concat function concatenates strings, each hard coded string must be in quotes. Use the “Insert Field or Group…” button to add fields from the form to the expression.
      • Click OK in the “Insert Formula” and “Rules Details” dialogs. The underlined words in the image below are fields in the form being used as parameters in the URL. RESTInsertFormula2
      • Here is the Formula (you will need to replace YourBingMapsKey with your own Bing Maps key value) :
        concat("http://dev.virtualearth.net/Services/v1/GeocodeService/GeocodeService.asmx/Geocode?culture=en-us&count=10&query=", Address, ", ", City, ", ", State/Province, "&landmark=&addressLine=&locality=&postalTown=&adminDistrict=&district=&postalCode=&countryRegion=&mapBounds=&currentLocation=&curLocAccuracy=&entityTypes=&rankBy=&key=YourBingMapsKey") 
    5. Add a “Query for Data” rule action to query the REST Web Service with the new URL parameters.

    Add a Rule action to set the URL of the Map picture control

    To display the map of the current location in the picture control, append the latitude and longitude values returned by the Bing Maps REST Web Service to the URL for that image.

    1. Add a “Set a field’s value” rule action to set the URL of the picture control to the map of the current location.
    2. Set the value of the field to the following expression in which “Latitude” and “Longitude” are fields from the REST Web service response. The expression used to build the map image URL is as follows (you will need to replace YourBingMapsKey with your own Bing Maps key value) :
      concat("http://api.tiles.virtualearth.net/api/GetMap.ashx?ppl=24,,", Latitude, ",", Longitude, "&key= YourBingMapsKey")
    3. Add a condition to the rule so that it only executes if the Address, City and State / Province fields are not blank.
    4. Copy the rule from the button you created earlier and paste it onto the Address, City and State / Province controls.
    5. Add a rule to the picture control to hide it if the URL is blank.
    6. From the File tab, click “Quick Publish”.

    Now, open the form in the browser and fill it out. As soon as you have entered an address, the map of that location will appear in the form.

    3 important things to remember when using the REST Web Service data connection:

    1. Always start with a valid URL for your REST Web service.
    2. To change the parameters in the URL, add a “Change REST URL” rule action.
    3. To execute the connection, add a “Query for Data” rule action.

    Please leave a comment if you have any questions or feedback about this feature!

    Phil Newman

    Program Manager

  • Microsoft InfoPath 2010

    We want to see your Cool Forms!

    • 7 Comments

    Today sees the launch of “InfoPath Cool Forms”. In this series, we will feature cool forms that showcase a form design practice or interesting scenario.

    This week’s cool form is the “Ask Kanesha” request form.  This is a neat little form that we use on the InfoPath team to submit requests to our Group Business Administrator, Kanesha.

    Ask Kanesha

    Kanesha was being flooded with requests from team members and tracking all these requests was becoming a challenge. To help manage the requests, we created an ‘Ask Kanesha’ InfoPath browser form that submitted all requests to a SharePoint list. Team members use this form to submit requests. A simple workflow fires alerting Kanesha to the new request. Certain requests such as those for small hardware can be completed in minutes. The dropdowns in the form automatically filter to guide us to the right hardware. Other custom requests may take longer and can be managed by Kanesha online. The form saves us time and helps Kanesha keep track of all the requests that come her way.

    If you have a “cool” form that you would like to share with us, please send an e-mail with the following details to coolform@microsoft.com -

    • Attach 1 or 2 screenshots of your form
    • Provide a brief description of the form
    • You may also attach the XSN file (optional)

    The most popular submissions will be featured on our blog in future posts.

    Check out other Cool Forms! here.

  • Microsoft InfoPath 2010

    Create Code-Free Mashups with InfoPath and SharePoint Web Parts

    • 3 Comments

    Hi, My name is Nicholas Lovell and I’m a developer on the InfoPath team. In this video demo, I will walk through how to create a simple portal page for processing claims at an insurance company. This claims portal includes a SharePoint Web Part with a list of all the claims, an InfoPath Web Part that displays the claim details, and a custom Bing Maps Web part which displays the location of the currently selected claim.

    Get Microsoft Silverlight

    Enjoy and please share your comments with us!

    Nick

  • Microsoft InfoPath 2010

    Create a Loan Calculator using the InfoPath and Excel Web Parts

    • 0 Comments

    In this week’s “5 for Forms” video demo, Nick Dallett will show you how to create a loan calculator application without writing a line of code. This simple application leverages the power of the InfoPath and Excel Web Parts by using an InfoPath form to input the values that are sent to an Excel Workbook which contains the complex formulas that calculate the repayments.

    If you want to learn more about the new InfoPath Form Web Part, check out Nick’s earlier video demo – Managing data in your SharePoint Lists using the InfoPath Form Web Part.

    Get Microsoft Silverlight

    Enjoy and please let us know what you think!

    The InfoPath Team

  • Microsoft InfoPath 2010

    Learn about InfoPath 2010 in free Web casts with the Microsoft Product team!

    • 0 Comments

    Do you want to learn about InfoPath and SharePoint 2010 in FREE Web casts with the InfoPath product team? Then sign up for the InfoPath 2010 Academy Live Series.

    There are 3 remaining sessions in the series. The next session “Building SharePoint Applications with InfoPath 2010” will take place on Wednesday, March 10th from 8:30 AM to 10:00 AM (PST).

    If you missed our 1st session, “An introduction to SharePoint applications using InfoPath 2010”, you can view it on demand here. Just click the “Register Now” button.

    This is a great opportunity to learn all about our new features and scenarios directly from the product team, so sign up now!

    infopath_banner_ad_1

  • Microsoft InfoPath 2010

    Only 10 days left to be in with a chance to win an XBox 360 Elite!

    • 0 Comments

    Have you submitted your entry for the InfoPath and SharePoint 2010 solution contest yet?

    If not, hurry up! There are only 10 days left to submit your entries.

    For a taste of what we’re looking for, here’s one entry from Clayton Cobb of the Colorado SharePoint users group.

    Think you can do better? Click here to see how to enter.

    Please note that only legal residents of the US and Canada are eligible for prizes.  However, we're eager to see videos from everyone, and we will showcase the best videos we receive, regardless of whether you are awarded a prize.

  • Microsoft InfoPath 2010

    Cool Forms! Team Status Tracking Form

    • 0 Comments

    This week’s cool InfoPath form is a form used by one of the teams at Microsoft to track their status. It uses conditional formatting for color coding the status to make it easy to see progress at a glance. By recording team status on their SharePoint site, everyone knows how the team is doing and where they need to focus their energy. As new milestones are added to the project, they are added to the form.

    Team Status

    If you have a “cool” form that you would like to share with us, please send an e-mail with the following details to coolform@microsoft.com -

    • Attach 1 or 2 screenshots of your form
    • Provide a brief description of the form
    • You may also attach the XSN file (optional)

    The most popular submissions will be featured on our blog in future posts.

    Check out other Cool Forms! here

    Thanks!

    The InfoPath Team

Page 1 of 1 (8 items)