The Form Options dialog box is a catchall for setting form design properties that arent accessible through menu options or task panes. This chapter shows you how to use features on the dialog boxs General, Open and Save, Digital Signature, and Advanced tabs. Chapter 12, Publishing Form Templates, will show you how to configure settings on the Form Options dialog boxs Security and Form Library Columns tabs.
After spending a few hours designing and testing a new or modified form for production, you certainly don t want users to be able to alter the template at will by clicking the Design This Form button or choosing Tools, Design This Form and opening the form s template in design mode. When you publish your template to a server share, to an Internet Information Services virtual directory on your company s intranet, or to a Windows SharePoint Services site, unauthorized template changes affect all users of the production form.
The sections Sharing Templates from a Network Folder and Publishing Templates to an Intranet Site in Chapter 12 will cover deployment of URL-based, untrusted ( sandboxed ) or fully trusted, digitally signed templates to server shares and intranet Web servers. These two sections will also show you how to secure shared templates against user modification.
To rein in users who are tempted to modify a form s template, choose Tools, Form Options to open the Form Options dialog box with the General tab displayed. Select the Enable Protection check box, as shown in Figure 11-1, and click OK to save your changes. Form protection disables the Design This Form toolbar button and the Tools, Design This Form menu option.
Figure 11-1: Selecting the Enable Protection check box on the General tab of the Form Options dialog box is the first step in protecting templates against modification by users.
Testing the Enable Protection feature
Form protection doesn t prevent users from attempting to modify the template. Users must have Read access to the shared template file, which requires at least Read permission for the server share, shared folder, and .xsn file. This means that users can open the .xsn file, regardless of whether they have permission to save changes to the file. Anyone opening a protected .xsn file receives the warning shown in Figure 11-2.
Figure 11-2: This warning message appears when anyone (including you) opens a protected template on the local computer or from a server.
If your organization has acquired InfoPath as part of Microsoft Office Professional Enterprise Edition 2003, you can request that InfoPath be installed on users computers with design mode disabled. Step 10 of the Microsoft Office 2003 Custom Installation Wizard s process displays a dialog box for setting individual installation options for all Office System 2003 applications. Figure 11-3 shows the expanded Microsoft InfoPath 2003 node with a Miscellaneous subnode. This subnode has a single setting ”Disable InfoPath Designer Mode.
Figure 11-3: The Disable InfoPath Designer Mode setting is accessible in step 10 of the Office System 2003 installation configuration process.
Double-clicking the setting item opens the Disable InfoPath Designer Mode Properties dialog box. Selecting the single check box and selecting the Apply Changes option, as shown in Figure 11-4, and then clicking OK disables design mode for all users who have InfoPath installed with this configuration.
Figure 11-4: These settings disable design mode for Office System 2003 installations that use this wizard configuration.
To learn how to emulate the registry change that the Custom Installation Wizard makes to disable design mode, see the section Disabling Design Mode for Deployed Fully Trusted Forms, in Chapter 12.
The General tab of the Form Options dialog box has an Enable Forms Merging check box that s selected by default. If your form isn t designed specifically for merging, clear the check box to prevent users from inadvertently or deliberately merging data documents. As examples, RSS 2.0 data documents you create with Rss2v4.xsn are designed for merging, but merging is totally inappropriate for documents you create with the Northwind Order Entry form examples. Clearing the Enable Forms Merging check box disables the File, Merge Forms menu option in data entry mode.
Submitting forms to SharePoint form libraries, databases, and XML Web services are advanced topics that are covered in later chapters, but you should be aware of another restriction that you can apply to forms ”specifying how users can submit a form. You specify submission options by choosing Tools, Submitting Forms to open a dialog box of the same name , which offers the following selections in the Submit To list:
The Do Not Enable Submit option, which disables the File, Submit menu option in data entry mode, is the default selection.
Chapter 12, Publishing Form Templates, covers submitting forms to SharePoint form libraries, because you must publish the template to create the library before you can submit a form to it. Chapter 13, Connecting Forms to Databases, and Chapter 14, Designing InfoPath Web Service Clients cover submitting forms to databases and XML Web services. These operations require enabling submissions.
You can submit a form to a Web page that processes HTTP POST operations. The protected version of the RSS 2.0 form (Rss2v4Prot.xsn) has HTTP POST submission enabled. A simple ASP.NET Web page at www.oakleaf.ws/ipsubmit/ipsubmit.aspx accepts the POST submission. A production version of this page might automatically update your intranet or Internet Web server s rss.xml file.
To explore form submission options and test the submission process, follow these steps.
View submission options and submit the RSS 2.0 form
The processing instructions reflect the location of a temporary copy of the manifest.xsf file ”not the .xsn file ”in a subfolder of your Documents and Settings folder. (This is your only opportunity to see the modification to the processing instructions for previews.)
Creating your own ASP.NET page for POST operations
Submitting a form through e-mail is similar to sending a form as an e-mail attachment but requires defining a data connection for the transmission. One advantage of submission over sending is that the template stores the recipient, subject, and comment information so that users don t need to type the information each time they submit the form. Another benefit of e-mail submission is the option to use the Insert Formula dialog box to insert e-mail addresses and add other transmission- related data from form field values. You must have Microsoft Office Outlook 2003 installed on your computer to submit a form through e-mail.
To give the Data Connection Wizard s e-mail submission feature a try, follow these steps.
Create a data connection and submit the form by e-mail
If your form has fields containing e-mail addresses or other information for the connection fields, click the Insert Formula ( f x) button to the right of the corresponding text box, and specify the field name with the appropriate value.
(E-mail addresses in this section s figures are fictitious.)
Recipients of forms sent or submitted by e-mail must have InfoPath installed and network, Web server, or SharePoint access to a published copy of the form s template. If you submit the Rss2v4Mail form as a message to your e-mail address and receive the message on the computer running InfoPath, you can double-click the Rss2v4Mail.xml attachment and edit it with the local template. Submitting a preview causes the e-mailed form to be read-only.
Setting empty numeric elements to 0 and assigning templates to a custom category
Selecting the Enable Custom Category check box and specifying a category name lets you categorize templates. Each category you add appears after Sample Forms under the Fill Out A Form dialog box s Form Categories heading. Clicking a category link displays the forms you ve added to the category. Removing all forms in a category removes the category name.
SP-1 The Form Option dialog box s Open and Save tab, shown in Figure 11-5, Enable Features section has check boxes that let you prevent users from saving and autosaving the data document, exporting a form as an .mht file or to a Microsoft Excel worksheet, printing the form, or sending the document by e-mail. Clearing all check boxes has the effect of preventing users from preserving or distributing copies of confidential forms. In this case, the only means of saving confidential form data is to submit the form by the method specified in the Submitting Forms dialog box. Obviously, you must prevent users from modifying the template to make this confidentiality scenario effective. Chapter 12 shows you how to prevent users from modifying templates that you publish to server shares, Web servers, and SharePoint form libraries.
Figure 11-5: The Open and Save tab has check boxes that control users ability to save, export, print, and send the template s data documents.
Clicking the Rules button in the Open and Save tab s Open Behavior section displays the Rules For Opening Forms dialog box. The section Adding Workflow-Dependent Rules in Chapter 10, Adding Views to a Template, describes the use of this dialog box for setting field values and specifying the default view when opening a form.
Selecting the Save Using Custom Code check box in the Open and Save tab s Save Behavior section enables the Edit button. Clicking Edit opens the Microsoft Script Editor (MSE) with a JScript or VBScript handler for the OnSaveRequest event. Chapter 17, Writing Advanced Event Handlers, shown you how to program the OnSaveRequest event with Visual Basic .NET code.
Forms based on schemas that have many optional sections, fields, or both create data documents with empty element values for these fields. The sample InfoPath forms provide examples of schemas that generate data documents with mostly empty elements. If your form doesn t have sections or controls bound to optional elements, you can use InfoPath s Edit Default Values dialog box to reduce the size of the XML data document substantially. Modifications you make in this dialog box don t affect the schema; changes affect only the template s template.xml file, which InfoPath uses as the starting point for new forms. The sample.xml file doesn t reflect the modifications.
You open the Edit Default Values dialog box by clicking the Edit Default Values button on the Form Option dialog box s General tab. Figure 11-6 shows two instances of the Edit Default Values dialog box for the sample StatusReport form.
Figure 11-6: Clearing enabled check boxes in the Edit Default Values dialog box removes the sections or fields from new data documents (left). You add or remove default repeating sections with menu items (right).
Here s a brief explanation of how the InfoPath s Edit Default Values feature works:
Saving a StatusReport form with only the Date field populated generates a 3539-byte data document that contains only 10 data bytes. Eliminating unneeded sections and fields reduces the size to about 17 bytes.
To take the Edit Default Values dialog box for a test drive with the StatusReport template, follow these steps.
Reduce the size of new status report documents
The sample Status Report form has bulleted lists that have three bullets by default and three optional repeating tables. You can change the default number of bullets or other list items and require repeating sections or tables in the Edit Default Values dialog box.
SP-1 InfoPath supports the use of X.509 digital certificates to enable applying digital signatures to an entire form or to individual groups or fields of a form. InfoPath stores the digital signature data for an entire form in the data document s signatures group. Assigning signatures to individual form groups or fields adds signatures subgroups to the document s signatures group .
Applying a digital signature ensures recipients that a data document or its specific groups or fields originated from a specific person or computer and hasn t been modified by anyone else. If anyone alters the document s content subsequent to signing, the digital signature won t match a value (called a hash ) that s calculated from the file s text. If the entire form is signed, the data document is read only. In this case, you must remove the digital signature to modify the data document with InfoPath. InfoPath SP-1 forms also support multiple digital signatures; this feature enables auditable, multistep approval processes. Saving a copy of the data document with all required signatures prevents any signing party from repudiating an action, such as initiation or approval of a document.
To gain a better understanding of XML digital signatures, read An Introduction to XML Digital Signatures, at www.xml.com/pub/a/2001/08/08/xmldsig.html , and Enabling XML Security, at www-106.ibm.com/developerworks/ xml/library/s-xmlsec.html/index.html .
All users who need to digitally sign forms or verify the digital signatures of signed forms must trust the certificate authority (CA) that issues digital signing certificates to users. The CA for the examples in this section and in the following digital signature “ related sections is a Windows Server 2003 member server (OakLeaf-MS2K3) in a Windows 2000 ActiveDirectory domain running stand-alone Certificate Services with Web enrollment support installed. This configuration is common for intranets and extranets; extranets permit designated business partners to access specific parts of an organization s intranet. Extranet users must have access to the CA s certificate (.crt) file to add your organization s CA to their trusted CA lists, and they must be able to request and obtain certificates from the CA s certificate server.
If you already have a personal digital certificate that supports digital signing, skip to the section Signing and Cosigning a Form, later in this chapter. Otherwise , follow these steps to determine whether your computer trusts the CA.
Verify that the local computer trusts the CA
The most common method of obtaining a certificate from a Windows 2000 and later certificate server is the Web enrollment process. The procedures aren t significantly different for a Windows 2000 or Windows 2003 enterprise CA, but they vary slightly depending on whether the CA issues certificates automatically or requires an administrator to approve certificate issuance. If your organization has established an enterprise CA, you probably have the required Client Authentication certificate. If so, skip to the next section.
Enabling Web enrollment on a Windows Server 2003 computer running SharePoint
Follow these steps to obtain a digital signing certificate from a Windows 2000 or 2003 server CA.
Obtain an advanced certificate from the CA
InfoPath s developers made signing entire forms a simple, point-and-click operation. To sign a form, you must enable digital signatures in design mode on the Form Options dialog box s Digital Signatures tab.
The following four procedures show you how to enable signing an entire document, add your signature to a document, test for modified documents, and emulate an approval cosignature.
Specify digital signing in design mode
Sign the entire data document
Adding a digital signature increases the XML data document s size from about 1640 bytes to 19 KB. Base64-encoded copies of the digital signature, user s certificate, and a PNG bitmap of the form add most of the bulk.
Enabling digital signatures doesn t affect the document s original schema, which you can confirm by extracting the template files and opening schema.xsd in Notepad. Instead, InfoPath adds a myschema.xsd file to the template, which adds the signatures section and imports schema.xsd. The myschema.xsd schema doesn t validate the structure of the signatures# section; the xsd:any data type and processContents="lax" attribute permit unstructured content in the section. The W3C XML-DSig schema for digital signatures is close to 10 KB in size, so its omission from the InfoPath-generated schema is understandable.
Test a forged signed document
Simulate a cosignature
SP-1 An alternative to signing the entire form is to sign, cosign, or countersign individual groups or fields of a form. When you sign individual fields or groups, you have the option to specify a single signature, cosigning (all signatures are independent), or countersigning (each signature signs the preceding signatures). To countersign one group and cosign another group of the Rss2v4Sign.xsn template you created in the preceding section, Signing and Cosigning an Entire Form, follow these steps.
Enable digital signatures for individual groups
Sign, countersign, and cosign the groups
The Advanced tab of the Form Options dialog box has controls for specifying the following options:
Custom task panes are HTML documents that users can open in data entry mode. The most common use for custom task panes is providing users with help for filling out forms, especially complex forms. Your C:Microsoft PressIntroducing InfoPath 2003Chapter11Rss2v4 folder contains a very simple HTML file (Rss2v4TaskPane.htm).
To add Rss2v4TaskPane.htm as a custom task pane to the Rss2v4.xsn template, which has two views, follow these steps.
Add a custom task pane to the Resource Manager
InfoPaths template version number consists of four groups of up to four digits separated by periods. InfoPath documentation doesnt describe the usage of the groups, which you can interpret as InfoPathVersion.FormMainVersion.FormSubVersion.FormBuildNumber . The default value for a new template is 220.127.116.11. Each time you save a change to a template, InfoPath increments the value of the rightmost group by 1.
The On Version Upgrade list offers the following three selections:
InfoPath automatically upgrades earlier data documents to the new form version by default. Unless you receive a warning message that previous forms wont be compatible with the new design, InfoPath lets users open forms created with an earlier template version.
InfoPath stores (caches) a copy of an untrusted or a digitally signed (fully trusted) template on the local drive when users first open the template. Each time the user opens a form, InfoPath attempts to check the current template version. If the users computer cant connect to the networked template location, InfoPath continues to use the cached copy, even if its out of date. Otherwise, InfoPath updates the user s cached version. You must upgrade custom-installed (unsigned) fully trusted forms manually by reinstalling them on users computers.
InfoPaths Form Options dialog box delivers a potpourri of design mode form property settings. The General tab lets you enable form protection, which disables the Design This Form toolbar button and File, Design This Form menu option. You also can disable form merging and open the Edit Default Value dialog box with the General tab selected. The Edit Default Value dialog box lets you eliminate unneeded sections and fields from new data documents you create from schema-based forms, such as InfoPaths sample forms. The Edit Default Value dialog box also enables you to change optional sections to required sections and specify the default number of list items, repeating sections, and rows of repeating tables. The Tools, Submitting Forms menu option lets you specify whether users can submit forms and, if they can, write custom messages for submission success or failure.
The Form Option Dialog boxs Digital Signatures tab is devoted to digital signatures, which deliver nonrepudiation features to entire InfoPath documents or individual groups or fields of documents. You can enable or disable digital signatures and specify a warning prompt if a user submits a form thats not signed. Adding digital signatures to a form requires a personal Client Authentication certificate, which you obtain from a commercial CA or your organizations certificate server.
The Form Option dialog boxs Advanced tab lets you add a custom task pane to a form, specify a new template version number, control how InfoPath handles form upgrades, and change the default scripting language from JScript to VBScript, if youre writing script instead of Visual Basic .NET code and havent added script to your form already. You also can export a copy of the template with SP-1 features removed.
Can I disable design mode for users by any means other than the Office 2003 Custom Installation Wizard s Disable InfoPath Designer Mode setting?
Is it common to encounter XML data documents that contain what appear to be unneeded, empty fields?
Is there a limit on the number of digital signatures I can add to a form?
How can I take advantage of single-signature, cosign, and countersign options for an entire form?
How can I ensure the security of an InfoPath data document that I send over the Internet?
Can I add more than one custom task pane to a form?
Yes. You can add an entry to users registries, as described in the section Disabling Design Mode for Deployed Fully Trusted Forms, in Chapter 12.
Yes. In many cases, the schema for business documents requires elements to be present but permits empty text fields and nillable fields of other data types in required elements. Later steps in the workflow process add values to empty or nillable fields
There s no published limit, but the data document grows by about 17 KB with each added signature. Decrypting digital signatures is a resource- intensive process, so you can expect opening a form to slow a bit with each signature you add.
Select the Enable Digital Signatures For Specific Data In The Form check box on the Form Options dialog box s Digital Signatures tab, click Add, open the Select A Field Or Group dialog box, and select the root node of the form ” rss for the examples in this chapter. Signing the root node is as effective as signing the entire form.
Use Secure HTTP (HTTPS) for all data document transmissions over the Internet. HTTPS encrypts the data on the Web server, and Internet Explorer decrypts it on the client. You need a commercial Web server certificate if the recipient doesn t trust your organization s CA.
No. InfoPath supports only one custom task pane.
Here are two additional exercises to test your digital signing and custom task pane skills:
Part I - Introducing Microsoft Office InfoPath 2003 SP-1
Part II - Designing InfoPath Forms
Part III - Working with Databases and Web Services
Part IV - Programming InfoPath Forms