manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Lugert <mlug...@yahoo.com>
Subject Re: Sharepoint
Date Sat, 23 Feb 2013 22:20:44 GMT
It's there.  I'll have the admin double check the permissions again.  Seems like something
doesn't have execute permissions.
 
-mark

From: Karl Wright <daddywri@gmail.com>
To: Mark Lugert <mlugert@yahoo.com> 
Cc: "user@manifoldcf.apache.org" <user@manifoldcf.apache.org> 
Sent: Saturday, February 23, 2013 5:19 PM
Subject: Re: Sharepoint

Yes, that's exactly correct.  Check to be sure the Permissions.asmx file is present, and
that the service is enabled.Karl 
On Sat, Feb 23, 2013 at 3:37 PM, Mark Lugert <mlugert@yahoo.com> wrote: 
Hi Karl,
> 
>I added some debug to print the actual axis error in the sharepoint connector.  I'm getting
error 1000.  Looking at MCPermissions.cs I see that it is what is raising this error, in
the code below:
> 
>try
>            {
>                // Only handle requests for "item".  Send all other requests
to the SharePoint web service.
>                if (objectType.Equals(itemType))
>                {
>                    retVal = GetItemPermissions(objectName);
>                }
>                else
>                {
>                    ServicePointManager.ServerCertificateValidationCallback
+=
>                        new RemoteCertificateValidationCallback(ValidateCertificate);
>
>                    using (SPPermissionsService.Permissions service
= new SPPermissionsService.Permissions())
>                    {
>                        service.Url = SPContext.Current.Web.Url
+ "/_vti_bin/Permissions.asmx";
>                        service.Credentials = System.Net.CredentialCache.DefaultCredentials;
>
>                        retVal = service.GetPermissionCollection(objectName,
objectType);
>                    }
>                }
>            }
>            catch (SoapException soapEx)
>            {
>                throw soapEx;
>            }
>            catch (Exception ex)
>            {
>                EventLog.WriteEntry("MCPermissions.asmx", ex.Message);
>                throw RaiseException(ex.Message, "1000", ex.Source);
>            }
> 
>Now, the error is still a 401 unauthorized, but since it's inside MCPermissions.asmx it's
clearly not an issue with accessing the webpart remotely.
> 
>I assume since someone wrote that 1000 for a reason that this is not an unknown issue. 
Any ideas what my issue may be?  Seems like maybe this is an issue accessing /_vti_bin/Permissions.asmx
from within MCPermissions.asmx?  
> 
>thanks,
>Mark
>
>
>From: Karl Wright <daddywri@gmail.com>To: user@manifoldcf.apache.org; Mark Lugert
<mlugert@yahoo.com> Sent: Friday, February 22, 2013 3:07 PM
>Subject: Re: Sharepoint
>
>Usually the only thing you have to be careful of with the plugin is to install it when
logged in as an administrator.  The plugin gets the privs it needs from the installation
user.If you've done that already, then you also have to open up the IIS widget in Windows
and grant .NET execute privs to the _vti_bin directory.  There's a whole lot of security
configuration for IIS that I am not an expert with either, but the idea is to make sure all
the .asmx assemblies under _vti_bin can be executed by a remote user.(And yes, Windows security
is, in general, a complete pain in the behind.)Hope that helps.Karl 
>On Fri, Feb 22, 2013 at 2:51 PM, Mark Lugert <mlugert@yahoo.com> wrote: 
>Ok thanks, installed.  Seeing these two issues now, wondering if y'all have seen these. 
I'm not a Sharepoint expert, but seems it's security is, um, difficult:
>> 1. Alternate access mappings have not been configured. Users or services are accessing
the site http://amazona-2h120gm with the URL http://ec2-50-16-175-94.compute-1.amazonaws.com.
This may cause incorrect links to be stored or returned to users. If this is expected, add
the URL http://ec2-50-16-175-94.compute-1.amazonaws.com/ as an AAM response URL. For more
information, see: http://go.microsoft.com/fwlink/?LinkId=114854"/>
>>
>>
>>Not sure this is actually causing any issues right now, but if you've seen this let
me know.
>>
>>2. 
>>MCPermissions.asmx 
>>The request failed with HTTP status 401: Unauthorized.
>>
>>
>>My admin just ran the script for installing mcpermissions.asmx.  But it seems like
there is an extra step to grant users access?
>>
>>thanks,
>>Mark
>>
>>From: Karl Wright <daddywri@gmail.com> 
>>To: user@manifoldcf.apache.org; Mark Lugert <mlugert@yahoo.com> Sent: Friday,
February 22, 2013 2:00 PMSubject: Re: Sharepoint
>>IIS uses NTLM or Kerberos typically.  You want to configure it to use NTLM.In 1.1
and 1.1.1 there was a problem with the NTLM implementation inHttpClient, having to do with
machines either not joined to domains orjoined to child domains.  If you think you may have
that problem, youcan download a version of httpclient that works properly fromhttp://people.apache.org/~kwright
.  It's version 4.2.4-SNAPSHOT.KarlOn Fri, Feb 22, 2013 at 1:36 PM, Mark Lugert <mlugert@yahoo.com>
wrote:> Ok will try.  This server has other web apps installed as well.  There is>
clearly a conflict or or something going on with the classpath.>> Another question though. 
The Sharepoint connector uses what to> authenticate?  Seems like it would use NTLM by
default as I don't see> anywhere basic auth being set.>> The docs kind of gloss over
that part, but I'm getting>> Got an unknown remote exception accessing site - axis fault
= Client, detail> = The request failed with
 HTTP status 401: Unauthorized.>> using the exact same credentials I use to login via
the browser.  Checking> security log and stuff, but seems like this should be documented
better.>> thanks,> mark>
Mime
View raw message