Hi Karl,
I added some debug to print the actual axis error in the sharepoint connector.
I'm getting error 1000. Looking at MCPermissions.cs I see that it is what is
raising this error, in the code below:
try
{
// Only handle requests for "item". Send all other requests to
the SharePoint web service.
if (objectType.Equals(itemType))
{
retVal = GetItemPermissions(objectName);
}
else
{
ServicePointManager.ServerCertificateValidationCallback +=
new
RemoteCertificateValidationCallback(ValidateCertificate);
using (SPPermissionsService.Permissions service = new
SPPermissionsService.Permissions())
{
service.Url = SPContext.Current.Web.Url +
"/_vti_bin/Permissions.asmx";
service.Credentials =
System.Net.CredentialCache.DefaultCredentials;
retVal = service.GetPermissionCollection(objectName,
objectType);
}
}
}
catch (SoapException soapEx)
{
throw soapEx;
}
catch (Exception ex)
{
EventLog.WriteEntry("MCPermissions.asmx", ex.Message);
throw RaiseException(ex.Message, "1000", ex.Source);
}
Now, the error is still a 401 unauthorized, but since it's inside
MCPermissions.asmx it's clearly not an issue with accessing the webpart
remotely.
I assume since someone wrote that 1000 for a reason that this is not an unknown
issue. Any ideas what my issue may be? Seems like maybe this is an issue
accessing /_vti_bin/Permissions.asmx from within MCPermissions.asmx?
thanks,
Mark
From: Karl Wright <[email protected]>
To: [email protected]; Mark Lugert <[email protected]>
Sent: Friday, February 22, 2013 3:07 PM
Subject: Re: Sharepoint
Usually the only thing you have to be careful of with the plugin is to install
it when logged in as an administrator. The plugin gets the privs it needs from
the installation user.If you've done that already, then you also have to open
up the IIS widget in Windows and grant .NET execute privs to the _vti_bin
directory. There's a whole lot of security configuration for IIS that I am not
an expert with either, but the idea is to make sure all the .asmx assemblies
under _vti_bin can be executed by a remote user.(And yes, Windows security is,
in general, a complete pain in the behind.)Hope that helps.Karl
On Fri, Feb 22, 2013 at 2:51 PM, Mark Lugert <[email protected]> wrote:
Ok thanks, installed. Seeing these two issues now, wondering if y'all have
seen these. I'm not a Sharepoint expert, but seems it's security is, um,
difficult:
> 1. Alternate access mappings have not been configured. Users or services are
>accessing the site http://amazona-2h120gm with the URL
>http://ec2-50-16-175-94.compute-1.amazonaws.com. This may cause incorrect
>links to be stored or returned to users. If this is expected, add the URL
>http://ec2-50-16-175-94.compute-1.amazonaws.com/ as an AAM response URL. For
>more information, see: http://go.microsoft.com/fwlink/?LinkId=114854"/>
>
>Not sure this is actually causing any issues right now, but if you've seen
>this let me know.
>
>2.
>MCPermissions.asmx
>The request failed with HTTP status 401: Unauthorized.
>
>My admin just ran the script for installing mcpermissions.asmx. But it seems
>like there is an extra step to grant users access?
>
>thanks,
>Mark
>
>From: Karl Wright <[email protected]>
>To: [email protected]; Mark Lugert <[email protected]> Sent: Friday,
>February 22, 2013 2:00 PMSubject: Re: Sharepoint
>IIS uses NTLM or Kerberos typically. You want to configure it to use NTLM.In
>1.1 and 1.1.1 there was a problem with the NTLM implementation inHttpClient,
>having to do with machines either not joined to domains orjoined to child
>domains. If you think you may have that problem, youcan download a version of
>httpclient that works properly fromhttp://people.apache.org/~kwright . It's
>version 4.2.4-SNAPSHOT.KarlOn Fri, Feb 22, 2013 at 1:36 PM, Mark Lugert
><[email protected]> wrote:> Ok will try. This server has other web apps
>installed as well. There is> clearly a conflict or or something going on with
>the classpath.>> Another question though. The Sharepoint connector uses what
>to> authenticate? Seems like it would use NTLM by default as I don't see>
>anywhere basic auth being set.>> The docs kind of gloss over that part, but
>I'm getting>> Got an unknown remote exception accessing site - axis fault =
>Client, detail> = The request failed with HTTP
status 401: Unauthorized.>> using the exact same credentials I use to login
via the browser. Checking> security log and stuff, but seems like this should
be documented better.>> thanks,> mark>
