kmac23va
asked on
Sharepoint (WSS) authentication issues in code
First, apologies if this isn't in the right group, but it kind of spans. I'm working with a client that has Windows Server 2003, WSS, accessed through a custom application. In this application, we need to attach files to cases by adding them to a database and storing them in Sharepoint. This process works fine at our office, but the client is having authentication problems.
The only authentication being used is Windows security. Before, my Sharepoint code (in C#) was in a file, and the users would get a login prompt. However, even if they entered correct information, it would not let them in and eventually give an Unauthorized (401.1) error. I decided to move the functionality to a web service and use the Credentials object to set up authentication. These are the calls in my web page:
pmdtc_ws.CreateSite svcCreateSite = new PMDTC.pmdtc_ws.CreateSite(
svcCreateSite.Credentials = System.Net.CredentialCache
string strResult = svcCreateSite.AttachFile(s
And this is the web service's method:
[WebMethod]
public string AttachFile(string pFolderID, string pFileName, byte[] pFileContents)
{
string strMessage;
try
{
SPSite site = SPControl.GetContextSite(C
SPWeb web;// = SPControl.GetContextWeb(Co
string tmpSite = site.Url;
if (pFolderID != "0")
{
tmpSite += "/" + pFolderID + "/";
}
tmpSite = tmpSite.Substring(7);
int posSite = tmpSite.IndexOf("/");
tmpSite = tmpSite.Substring(posSite)
web = site.OpenWeb(tmpSite);
web.AllowUnsafeUpdates = true;
SPFolder folder;
SPFile file;
folder = web.GetFolder("Shared Documents");
file = web.GetFile(folder.Url + "/" + pFileName);
if (file.Exists) ////check in existing file
{
file.CheckOut();
file.SaveBinary(pFileConte
file.CheckIn(""); ////We have to force the checkin here.
}
else ////Add a new file
{
SPFileCollection files;
files = folder.Files;
files.Add(folder.Url + "/" + pFileName, pFileContents);
}
strMessage = "Success!";
}
catch (Exception ex)
{
strMessage = "Fail! " + ex.Message.ToString();
}
return strMessage;
}
When I run this, I get back an ASP.Net error page, that says the user is unauthorized: 401, treating it as an unhandled exception. (As a note, users have Contributer permissions in Sharepoint, and a cross-site group with Contributer permissions is set up for the subsites that files might be stored to, but this happens at any level.)
We found that if the administrator does a file attach, it will work, and allow access to the site for a time, before it loses that access. Also, when I used a standard user (having the problem) to access the Sharepoint site, we got this error message:
"Error
List does not exist
The page you selected contains a list that does not exist. It may have been deleted by another user. Click "Home" at the top of the page to return to your Web site."
There was a fix mentioned on Google for this, giving users read access to the webtemp.xml file in Templates/1033/XML, but that worked only until we rebooted the machine.
I've been trying to figure this out for a few weeks now with no success, so any help would be extremely appreciated. Thanks.
The only authentication being used is Windows security. Before, my Sharepoint code (in C#) was in a file, and the users would get a login prompt. However, even if they entered correct information, it would not let them in and eventually give an Unauthorized (401.1) error. I decided to move the functionality to a web service and use the Credentials object to set up authentication. These are the calls in my web page:
pmdtc_ws.CreateSite svcCreateSite = new PMDTC.pmdtc_ws.CreateSite(
svcCreateSite.Credentials = System.Net.CredentialCache
string strResult = svcCreateSite.AttachFile(s
And this is the web service's method:
[WebMethod]
public string AttachFile(string pFolderID, string pFileName, byte[] pFileContents)
{
string strMessage;
try
{
SPSite site = SPControl.GetContextSite(C
SPWeb web;// = SPControl.GetContextWeb(Co
string tmpSite = site.Url;
if (pFolderID != "0")
{
tmpSite += "/" + pFolderID + "/";
}
tmpSite = tmpSite.Substring(7);
int posSite = tmpSite.IndexOf("/");
tmpSite = tmpSite.Substring(posSite)
web = site.OpenWeb(tmpSite);
web.AllowUnsafeUpdates = true;
SPFolder folder;
SPFile file;
folder = web.GetFolder("Shared Documents");
file = web.GetFile(folder.Url + "/" + pFileName);
if (file.Exists) ////check in existing file
{
file.CheckOut();
file.SaveBinary(pFileConte
file.CheckIn(""); ////We have to force the checkin here.
}
else ////Add a new file
{
SPFileCollection files;
files = folder.Files;
files.Add(folder.Url + "/" + pFileName, pFileContents);
}
strMessage = "Success!";
}
catch (Exception ex)
{
strMessage = "Fail! " + ex.Message.ToString();
}
return strMessage;
}
When I run this, I get back an ASP.Net error page, that says the user is unauthorized: 401, treating it as an unhandled exception. (As a note, users have Contributer permissions in Sharepoint, and a cross-site group with Contributer permissions is set up for the subsites that files might be stored to, but this happens at any level.)
We found that if the administrator does a file attach, it will work, and allow access to the site for a time, before it loses that access. Also, when I used a standard user (having the problem) to access the Sharepoint site, we got this error message:
"Error
List does not exist
The page you selected contains a list that does not exist. It may have been deleted by another user. Click "Home" at the top of the page to return to your Web site."
There was a fix mentioned on Google for this, giving users read access to the webtemp.xml file in Templates/1033/XML, but that worked only until we rebooted the machine.
I've been trying to figure this out for a few weeks now with no success, so any help would be extremely appreciated. Thanks.
ASKER
Thanks for the article, Jeff...I'm getting the client's web.config files from inside the 60 folder. One question, how or in what order do the web.config files fire? Doing a search, I noticed them in the Config folder, the ISAPI folder, and the Template\Layouts folder. I'm figuring the last is the one that really matters, but the Config folder stores the trust definitions for wss_minimal and wss_medium, and the ISAPI folder is where my web service resides (based on an article of Microsoft's on modifying a web service to run in Sharepoint - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/spptsdk/html/soapptCreateCustomWebService_SV01083361.asp).
Also, this is the Google article that describes the "List does not exist" problem, as well as the access/timeout issue I described. However, as noted, after making the suggested fix and rebooting it no longer worked. http://groups-beta.google.com/group/microsoft.public.sharepoint.windowsservices/browse_thread/thread/af31e15c9c25d508/8066f85b290548f6?q=%22list+does+not+exist%22+sharepoint&rnum=4&hl=en#8066f85b290548f6
Also, this is the Google article that describes the "List does not exist" problem, as well as the access/timeout issue I described. However, as noted, after making the suggested fix and rebooting it no longer worked. http://groups-beta.google.com/group/microsoft.public.sharepoint.windowsservices/browse_thread/thread/af31e15c9c25d508/8066f85b290548f6?q=%22list+does+not+exist%22+sharepoint&rnum=4&hl=en#8066f85b290548f6
Actually, take a look at this, which is a simpler view of folders & permissions:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsk07.mspx
as well as this: http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsk08.mspx
Jeff
TechSoEasy
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsk07.mspx
as well as this: http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsk08.mspx
Jeff
TechSoEasy
ASKER
I actually pursued a solution of my own and it appears to have resolved the problem; the points should probably be refunded. I only found out today from our client that the solution was successful. What was needed was to add the AllowUnsafeUpdates = true to the site call, which allowed the database to be affected. I'm guessing there was some issue with the SQL authentication in the Sharepoint MSDE database, but I can't be sure. Thanks to TechSoEasy for their thoughts on the issue as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here's the full scoop: http://msdn.microsoft.com/library/en-us/odc_SP2003_ta/html/sharepoint_wsscodeaccesssecurity.asp
Jeff
TechSoEasy