manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Sharepoint
Date Tue, 26 Feb 2013 20:17:45 GMT
Any news on this?

Karl

On Sat, Feb 23, 2013 at 5:20 PM, Mark Lugert <mlugert@yahoo.com> wrote:

> It's there.  I'll have the admin double check the permissions again.
> Seems like something doesn't have execute permissions.
>
> -mark
>
>   *From:* Karl Wright <daddywri@gmail.com>
>
> *To:* Mark Lugert <mlugert@yahoo.com>
> *Cc:* "user@manifoldcf.apache.org" <user@manifoldcf.apache.org>
> *Sent:* Saturday, February 23, 2013 5:19 PM
> *Subject:* Re: Sharepoint
> **
> Yes, that's exactly correct.  Check to be sure the Permissions.asmx file
> is present, and that the service is enabled.****Karl****
> On Sat, Feb 23, 2013 at 3:37 PM, Mark Lugert <mlugert@yahoo.com> wrote:**
>
>  Hi Karl,
>
> I added some debug to print the actual axis error in the sharepoint
> connector.  I'm getting error 1000.  Looking at MCPermissions.cs<http://mcpermissions.cs/>I
see that it is what is raising this error, in the code below:
>
> try
>             {
>                 // Only handle requests for "item".  Send all other
> requests to the SharePoint web service.
>                 if (objectType.Equals(itemType))
>                 {
>                     retVal = GetItemPermissions(objectName);
>                 }
>                 else
>                 {
>
> ServicePointManager.ServerCertificateValidationCallback +=
>                         new
> RemoteCertificateValidationCallback(ValidateCertificate);
>
>                     using (SPPermissionsService.Permissions service = new
> SPPermissionsService.Permissions())
>                     {
>                         service.Url = SPContext.Current.Web.Url +
> "/_vti_bin/Permissions.asmx";
>                         service.Credentials =
> System.Net.CredentialCache.DefaultCredentials;
>
>                         retVal =
> service.GetPermissionCollection(objectName, objectType);
>                     }
>                 }
>             }
>             catch (SoapException soapEx)
>             {
>                 throw soapEx;
>             }
>             catch (Exception ex)
>             {
>                 EventLog.WriteEntry("MCPermissions.asmx", ex.Message);
>                 *throw RaiseException(ex.Message, "1000", ex.Source);
> *            }
>
> Now, the error is still a 401 unauthorized, but since it's inside
> MCPermissions.asmx it's clearly not an issue with accessing the webpart
> remotely.
>
> I assume since someone wrote that 1000 for a reason that this is not an
> unknown issue.  Any ideas what my issue may be?  Seems like maybe this is
> an issue accessing /_vti_bin/Permissions.asmx from within
> MCPermissions.asmx?
>
> thanks,
> Mark
>
>   *From:* Karl Wright <daddywri@gmail.com>***To:*
> user@manifoldcf.apache.org; Mark Lugert <mlugert@yahoo.com> **
> *Sent:* Friday, February 22, 2013 3:07 PM
> *Subject:* Re: Sharepoint
> **
> Usually the only thing you have to be careful of with the plugin is to
> install it when logged in as an administrator.  The plugin gets the privs
> it needs from the installation user.****If you've done that already, then
> you also have to open up the IIS widget in Windows and grant .NET execute
> privs to the _vti_bin directory.  There's a whole lot of security
> configuration for IIS that I am not an expert with either, but the idea is
> to make sure all the .asmx assemblies under _vti_bin can be executed by a
> remote user.****(And yes, Windows security is, in general, a complete
> pain in the behind.)****Hope that helps.****Karl******
> On Fri, Feb 22, 2013 at 2:51 PM, Mark Lugert <mlugert@yahoo.com> wrote:**
>
>   Ok thanks, installed.  Seeing these two issues now, wondering if y'all
> have seen these.  I'm not a Sharepoint expert, but seems it's security is,
> um, difficult:
>
> 1. Alternate access mappings have not been configured. Users or services
> are accessing the site http://amazona-2h120gm with the URL
> http://ec2-50-16-175-94.compute-1.amazonaws.com. This may cause incorrect
> links to be stored or returned to users. If this is expected, add the URL
> http://ec2-50-16-175-94.compute-1.amazonaws.com/ as an AAM response URL.
> For more information, see: http://go.microsoft.com/fwlink/?LinkId=114854
> "/>
>
> Not sure this is actually causing any issues right now, but if you've seen
> this let me know.
>
> 2.  MCPermissions.asmx
>  The request failed with HTTP status 401: Unauthorized.
>
> My admin just ran the script for installing mcpermissions.asmx.  But it
> seems like there is an extra step to grant users access?
>
> thanks,
> Mark
>
>   *From:* Karl Wright <daddywri@gmail.com>
> ***To:* user@manifoldcf.apache.org; Mark Lugert <mlugert@yahoo.com> ***
> Sent:* Friday, February 22, 2013 2:00 PM***Subject:* Re: Sharepoint**
>  **IIS uses NTLM or Kerberos typically.  You want to configure it to use
> NTLM.****In 1.1 and 1.1.1 there was a problem with the NTLM
> implementation in**HttpClient, having to do with machines either not
> joined to domains or**joined to child domains.  If you think you may have
> that problem, you**can download a version of httpclient that works
> properly from**http://people.apache.org/~kwright .  It's version
> 4.2.4-SNAPSHOT.****Karl******On Fri, Feb 22, 2013 at 1:36 PM, Mark Lugert
> <mlugert@yahoo.com> wrote:**> Ok will try.  This server has other web
> apps installed as well.  There is**> clearly a conflict or or something
> going on with the classpath.**>**> Another question though.  The
> Sharepoint connector uses what to**> authenticate?  Seems like it would
> use NTLM by default as I don't see**> anywhere basic auth being set.**>**>
> The docs kind of gloss over that part, but I'm getting**>**> Got an
> unknown remote exception accessing site - axis fault = Client, detail**>
> = The request failed with HTTP status 401: Unauthorized.**>**> using the
> exact same credentials I use to login via the browser.  Checking**>
> security log and stuff, but seems like this should be documented better.**
> >**> thanks,**> mark**>******
>
> **
> ****
>
> **
> ****
>

Mime
View raw message