Another point is that your change ONLY affects the "check" function - which is for the UI display only. If you made no further changes elsewhere in the code I am at a loss as to why MCPermissions works in some circumstances but not others. Perhaps a redirection is interfering with your ability to reach the root node of the site?
Karl On Tue, Feb 26, 2013 at 4:36 PM, Karl Wright <[email protected]> wrote: > Well, you are not actually using the MCPermissions service with this > change. Permission fetches will therefore not include Folder or File > security tokens. If this is SharePoint 2010, you will also have had to > tell it you were using SharePoint 2007 in order to be able to list files > properly. > > Karl > > > > On Tue, Feb 26, 2013 at 4:20 PM, Mark Lugert <[email protected]> wrote: > >> In the code I see this: >> >> // This fails: >> MCPermissionsWS aclService = >> *new* MCPermissionsWS(baseUrl + site, userName, password, configuration, >> httpClient); >> com.microsoft.sharepoint.webpartpages.PermissionsSoap aclCall = >> aclService.getPermissionsSoapHandler(); >> // This works: >> PermissionsWS *aclService* = >> *new* PermissionsWS(baseUrl + site, userName, password, configuration, >> httpClient); >> com.microsoft.schemas.sharepoint.soap.directory.PermissionsSoap *aclCall*= >> aclService.getPermissionsSoapHandler(); >> >> As the code says, one fails and one works. The one that succeeds is >> commented out. >> >> I commented out the one that fails and use the one that works. So now I >> can sync everything, however I have not tried to sync any permissions. >> Perhaps because the first one above fails permissions will fail to sync? >> Not sure, but the one that fails gives an error 1000 and 401 unauthorized. >> There is no useful logging in the event logs or in IIS logs to say exactly >> who or what is unauthorized. >> >> -mark >> >> *From:* Karl Wright <[email protected]> >> *To:* Mark Lugert <[email protected]> >> *Cc:* "[email protected]" <[email protected]> >> *Sent:* Tuesday, February 26, 2013 3:17 PM >> *Subject:* Re: Sharepoint >> ** >> Any news on this?****Karl**** >> On Sat, Feb 23, 2013 at 5:20 PM, Mark Lugert <[email protected]> wrote:** >> >> It's there. I'll have the admin double check the permissions again. >> Seems like something doesn't have execute permissions. >> >> -mark >> >> *From:* Karl Wright <[email protected]> >> ***To:* Mark Lugert <[email protected]> ***Cc:* " >> [email protected]" <[email protected]> ** >> *Sent:* Saturday, February 23, 2013 5:19 PM >> *Subject:* Re: Sharepoint >> ** >> Yes, that's exactly correct. Check to be sure the Permissions.asmx file >> is present, and that the service is enabled.****Karl**** >> On Sat, Feb 23, 2013 at 3:37 PM, Mark Lugert <[email protected]> wrote:** >> >> Hi Karl, >> >> I added some debug to print the actual axis error in the sharepoint >> connector. I'm getting error 1000. Looking at >> MCPermissions.cs<http://mcpermissions.cs/>I see that it is what is raising >> this error, in the code below: >> >> try >> { >> // Only handle requests for "item". Send all other >> requests to the SharePoint web service. >> if (objectType.Equals(itemType)) >> { >> retVal = GetItemPermissions(objectName); >> } >> else >> { >> >> ServicePointManager.ServerCertificateValidationCallback += >> new >> RemoteCertificateValidationCallback(ValidateCertificate); >> >> using (SPPermissionsService.Permissions service = new >> SPPermissionsService.Permissions()) >> { >> service.Url = SPContext.Current.Web.Url + >> "/_vti_bin/Permissions.asmx"; >> service.Credentials = >> System.Net.CredentialCache.DefaultCredentials; >> >> retVal = >> service.GetPermissionCollection(objectName, objectType); >> } >> } >> } >> catch (SoapException soapEx) >> { >> throw soapEx; >> } >> catch (Exception ex) >> { >> EventLog.WriteEntry("MCPermissions.asmx", ex.Message); >> *throw RaiseException(ex.Message, "1000", ex.Source); >> * } >> >> Now, the error is still a 401 unauthorized, but since it's inside >> MCPermissions.asmx it's clearly not an issue with accessing the webpart >> remotely. >> >> I assume since someone wrote that 1000 for a reason that this is not an >> unknown issue. Any ideas what my issue may be? Seems like maybe this is >> an issue accessing /_vti_bin/Permissions.asmx from within >> MCPermissions.asmx? >> >> thanks, >> Mark >> >> *From:* Karl Wright <[email protected]>***To:* >> [email protected]; Mark Lugert <[email protected]> ** >> *Sent:* Friday, February 22, 2013 3:07 PM >> *Subject:* Re: Sharepoint >> ** >> Usually the only thing you have to be careful of with the plugin is to >> install it when logged in as an administrator. The plugin gets the privs >> it needs from the installation user.****If you've done that already, >> then you also have to open up the IIS widget in Windows and grant .NET >> execute privs to the _vti_bin directory. There's a whole lot of security >> configuration for IIS that I am not an expert with either, but the idea is >> to make sure all the .asmx assemblies under _vti_bin can be executed by a >> remote user.****(And yes, Windows security is, in general, a complete >> pain in the behind.)****Hope that helps.****Karl****** >> On Fri, Feb 22, 2013 at 2:51 PM, Mark Lugert <[email protected]> wrote:** >> >> Ok thanks, installed. Seeing these two issues now, wondering if y'all >> have seen these. I'm not a Sharepoint expert, but seems it's security is, >> um, difficult: >> >> 1. Alternate access mappings have not been configured. Users or services >> are accessing the site http://amazona-2h120gm with the URL >> http://ec2-50-16-175-94.compute-1.amazonaws.com/. This may cause >> incorrect links to be stored or returned to users. If this is expected, add >> the URL http://ec2-50-16-175-94.compute-1.amazonaws.com/ as an AAM >> response URL. For more information, see: >> http://go.microsoft.com/fwlink/?LinkId=114854"/> >> >> Not sure this is actually causing any issues right now, but if you've >> seen this let me know. >> >> 2. MCPermissions.asmx >> The request failed with HTTP status 401: Unauthorized. >> >> My admin just ran the script for installing mcpermissions.asmx. But it >> seems like there is an extra step to grant users access? >> >> thanks, >> Mark >> >> *From:* Karl Wright <[email protected]> >> ***To:* [email protected]; Mark Lugert <[email protected]> *** >> Sent:* Friday, February 22, 2013 2:00 PM***Subject:* Re: Sharepoint** >> **IIS uses NTLM or Kerberos typically. You want to configure it to use >> NTLM.****In 1.1 and 1.1.1 there was a problem with the NTLM >> implementation in**HttpClient, having to do with machines either not >> joined to domains or**joined to child domains. If you think you may >> have that problem, you**can download a version of httpclient that works >> properly from**http://people.apache.org/~kwright . It's version >> 4.2.4-SNAPSHOT.****Karl******On Fri, Feb 22, 2013 at 1:36 PM, Mark >> Lugert <[email protected]> wrote:**> Ok will try. This server has other >> web apps installed as well. There is**> clearly a conflict or or >> something going on with the classpath.**>**> Another question though. >> The Sharepoint connector uses what to**> authenticate? Seems like it >> would use NTLM by default as I don't see**> anywhere basic auth being >> set.**>**> The docs kind of gloss over that part, but I'm getting**>**> >> Got an unknown remote exception accessing site - axis fault = Client, detail >> **> = The request failed with HTTP status 401: Unauthorized.**>**> using >> the exact same credentials I use to login via the browser. Checking**> >> security log and stuff, but seems like this should be documented better.* >> *>**> thanks,**> mark**>****** >> >> ** >> **** >> >> ** >> **** >> >> ** >> **** >> > >
