RE: Custom Workflow Activity
As others have mentioned - passing the current user token into the SPSite
constructor while Elevating is probably not the best idea.
IMHO - If you are going pass a user token to the SPSite constructor it should
be:
SPContext.Current.Site.SystemAccount.UserToken
Which is what we usually do this instead of Elevating - as the
RunWithElevatedPrivileges is an expensive COM call, that can leak memory (at
least in 2007). In our team the rule is you only use
RunWithElevatedPrivileges if you are trying to make off-box connections, or
messing with Farm Properties etc.
The other obvious thing to consider with custom workflow activities is that
from a security point of view they should ideally be registered in the
web.config:
WorkflowService Assembly=Your.Assembly, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=1234567890123456
Class=Your.Assembly.ActivityService /
Also consider adding your assembly (and any extra assemblies it loads) to the
configuration/System.Workflow.ComponentModel.WorkflowCompiler/authorizedTypes
section.
There are also extra considerations with workflow activities when you have a
App Server in the farm that does NOT run the WFE role.
Good Luck,
James.
James Boman ■ Telephone: +61 (08) 7200 1100 ■ Mobile: +61 (0) 417 857 298 ■
Web: http://www.ipmo.com.au || http://www.projectserver.com.au
From: ozmoss-boun...@ozmoss.com [mailto:ozmoss-boun...@ozmoss.com] On Behalf Of
Ishai Sagi
Sent: Saturday, 17 December 2011 9:09 AM
To: ozMOSS
Subject: RE: Custom Workflow Activity
That code doesn't really elevate privilages - either the token or the
RunWithElevatedPrivileges is redundant. I think the problem will be in the
CreateTerm function. If you share that with us we may see the cause of the
issue.
[Description: Description: Description: C:\Users\Brian\Pictures\EXD
Logos\Extelligent logo no text.jpg]Ishai Sagi | Solutions Architect
0488 789 786 | is...@exd.com.aumailto:is...@exd.com.au |
www.sharepoint-tips.comhttp://www.sharepoint-tips.com/ |
@ishaisagihttp://twitter.com/ishaisagi
From: ozmoss-boun...@ozmoss.commailto:ozmoss-boun...@ozmoss.com
[mailto:ozmoss-boun...@ozmoss.com]mailto:[mailto:ozmoss-boun...@ozmoss.com]
On Behalf Of Ajay
Sent: Friday, 16 December 2011 5:49 PM
To: ozMOSS
Subject: Fwd: Custom Workflow Activity
I have discovered it's permission issue when workflow starts automatically.
I have elevated priveleges and also opened the site using token of admin
account stil no luck.
See my code below
SPUser user = web.AllUsers[mydomain\\sharePoint_admin];
SPUserToken token = user.UserToken;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(siteCollection.ID, token))
{
CreateTerm(site, title);
}
});
-- Forwarded message --
From: Ajay akhanna...@gmail.commailto:akhanna...@gmail.com
Date: Fri, Dec 16, 2011 at 7:11 PM
Subject: Custom Workflow Activity
To: ozMOSS ozmoss@ozmoss.commailto:ozmoss@ozmoss.com
Hi Guys,
I have created a custom WF activity hooked up in SharePoint designer.
It creates a sub-site and some user groups.
So far so good, then the requirement came to add the site name to the Term
Store.
The workflow is configured to start on Item Added.
On Automatic start, problem is the workflow just creates the sub-site, does not
create the term store entry and shows status as Cancelled.
When I manually start this workflow, than everything is fine, it creates site,
adds term store entry and shows Status as Completed.
I ran a debugger stepped through the code all works fine.
What can be the reason for this.. is it permissions / identity issue when it
runs manually opposed to automatic workflow start.
Cheers,
A
inline: image001.jpginline: image003.jpg___
ozmoss mailing list
ozmoss@ozmoss.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
Re: Custom Workflow Activity
Thanks All,
It has worked by :--
Using ElevatedPriveleges and Adding the Pool account for this web
application as Term Store Administrator.
I hope this is acceptable, I have not added Pool Acc from the Central
Admin, but from Site Settings of the web application
Cheers,
A
On Mon, Dec 19, 2011 at 1:36 PM, James Boman james.bo...@ipmo.com.auwrote:
As others have mentioned – passing the current user token into the
SPSite constructor while Elevating is probably not the best idea.
IMHO - If you are going pass a user token to the SPSite constructor it
should be:
** **
SPContext.Current.Site.SystemAccount.UserToken
** **
Which is what we usually do this *instead of Elevating* – as the
“RunWithElevatedPrivileges” is an expensive COM call, that can leak memory
(at least in 2007). In our team the rule is you only use
“RunWithElevatedPrivileges” if you are trying to make off-box connections,
or messing with Farm Properties etc.
** **
The other obvious thing to consider with custom workflow activities is
that from a security point of view they should ideally be registered in the
web.config:
** **
WorkflowService Assembly=Your.Assembly, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=1234567890123456
Class=Your.Assembly.ActivityService /
** **
Also consider adding your assembly (and any extra assemblies it loads) to
the *
configuration/System.Workflow.ComponentModel.WorkflowCompiler/authorizedTypes
* section.
** **
There are also extra considerations with workflow activities when you have
a App Server in the farm that does NOT run the WFE role.
** **
Good Luck,
James.
** **
--
James Boman ■ Telephone: +61 (08) 7200 1100 ■ Mobile: +61 (0) 417 857 298
■ Web: http://www.ipmo.com.au || http://www.projectserver.com.au
** **
*From:* ozmoss-boun...@ozmoss.com [mailto:ozmoss-boun...@ozmoss.com] *On
Behalf Of *Ishai Sagi
*Sent:* Saturday, 17 December 2011 9:09 AM
*To:* ozMOSS
*Subject:* RE: Custom Workflow Activity
** **
That code doesn’t really elevate privilages – either the token or the
“RunWithElevatedPrivileges” is redundant. I think the problem will be in
the “CreateTerm” function. If you share that with us we may see the cause
of the issue.
** **
** **
**[image: Description: Description: Description:
C:\Users\Brian\Pictures\EXD Logos\Extelligent logo no text.jpg]***Ishai
Sagi* | Solutions Architect
0488 789 786 | is...@exd.com.au | www.sharepoint-tips.com |
@ishaisagihttp://twitter.com/ishaisagi
** **
*From:* ozmoss-boun...@ozmoss.com [mailto:ozmoss-boun...@ozmoss.com] *On
Behalf Of *Ajay
*Sent:* Friday, 16 December 2011 5:49 PM
*To:* ozMOSS
*Subject:* Fwd: Custom Workflow Activity
** **
I have discovered it's permission issue when workflow starts automatically.
I have elevated priveleges and also opened the site using token of admin
account stil no luck.
See my code below
SPUser user = web.AllUsers[mydomain\\sharePoint_admin];
SPUserToken token = user.UserToken;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(siteCollection.ID, token))
{
CreateTerm(site, title);
}
});
** **
-- Forwarded message --
From: *Ajay* akhanna...@gmail.com
Date: Fri, Dec 16, 2011 at 7:11 PM
Subject: Custom Workflow Activity
To: ozMOSS ozmoss@ozmoss.com
Hi Guys,
I have created a custom WF activity hooked up in SharePoint designer.
It creates a sub-site and some user groups.
So far so good, then the requirement came to add the site name to the Term
Store.
The workflow is configured to start on Item Added.
On Automatic start, problem is the workflow just creates the sub-site,
does not create the term store entry and shows status as Cancelled.
When I manually start this workflow, than everything is fine, it creates
site, adds term store entry and shows Status as Completed.
I ran a debugger stepped through the code all works fine.
What can be the reason for this.. is it permissions / identity issue when
it runs manually opposed to automatic workflow start.
Cheers,
A
** **
___
ozmoss mailing list
ozmoss@ozmoss.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
image003.jpg___
ozmoss mailing list
ozmoss@ozmoss.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
Re: Custom Workflow Activity
That is how it's supposed to work.
Thanks, Ishai Sagi
Extelligent Design
www.extelligentdesign.comhttp://www.extelligentdesign.com
Sent from my phone
+61 488 789 786
On 19/12/2011, at 14:41, Ajay
akhanna...@gmail.commailto:akhanna...@gmail.com wrote:
Thanks All,
It has worked by :--
Using ElevatedPriveleges and Adding the Pool account for this web application
as Term Store Administrator.
I hope this is acceptable, I have not added Pool Acc from the Central Admin,
but from Site Settings of the web application
Cheers,
A
On Mon, Dec 19, 2011 at 1:36 PM, James Boman
james.bo...@ipmo.com.aumailto:james.bo...@ipmo.com.au wrote:
As others have mentioned – passing the current user token into the SPSite
constructor while Elevating is probably not the best idea.
IMHO - If you are going pass a user token to the SPSite constructor it should
be:
SPContext.Current.Site.SystemAccount.UserToken
Which is what we usually do this instead of Elevating – as the
“RunWithElevatedPrivileges” is an expensive COM call, that can leak memory (at
least in 2007). In our team the rule is you only use
“RunWithElevatedPrivileges” if you are trying to make off-box connections, or
messing with Farm Properties etc.
The other obvious thing to consider with custom workflow activities is that
from a security point of view they should ideally be registered in the
web.config:
WorkflowService Assembly=Your.Assembly, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=1234567890123456
Class=Your.Assembly.ActivityService /
Also consider adding your assembly (and any extra assemblies it loads) to the
configuration/System.Workflow.ComponentModel.WorkflowCompiler/authorizedTypes
section.
There are also extra considerations with workflow activities when you have a
App Server in the farm that does NOT run the WFE role.
Good Luck,
James.
James Boman ■ Telephone: +61 (08) 7200
1100tel:%2B61%20%2808%29%207200%201100 ■ Mobile: +61 (0) 417 857
298tel:%2B61%20%280%29%20417%20857%20298 ■ Web:
http://www.ipmo.com.auhttp://www.ipmo.com.au/ ||
http://www.projectserver.com.auhttp://www.projectserver.com.au/
From: ozmoss-boun...@ozmoss.commailto:ozmoss-boun...@ozmoss.com
[mailto:ozmoss-boun...@ozmoss.commailto:ozmoss-boun...@ozmoss.com] On Behalf
Of Ishai Sagi
Sent: Saturday, 17 December 2011 9:09 AM
To: ozMOSS
Subject: RE: Custom Workflow Activity
That code doesn’t really elevate privilages – either the token or the
“RunWithElevatedPrivileges” is redundant. I think the problem will be in the
“CreateTerm” function. If you share that with us we may see the cause of the
issue.
image003.jpgIshai Sagi | Solutions Architect
0488 789 786 | is...@exd.com.aumailto:is...@exd.com.au |
www.sharepoint-tips.comhttp://www.sharepoint-tips.com/ |
@ishaisagihttp://twitter.com/ishaisagi
From: ozmoss-boun...@ozmoss.commailto:ozmoss-boun...@ozmoss.com
[mailto:ozmoss-boun...@ozmoss.com]mailto:[mailto:ozmoss-boun...@ozmoss.com]
On Behalf Of Ajay
Sent: Friday, 16 December 2011 5:49 PM
To: ozMOSS
Subject: Fwd: Custom Workflow Activity
I have discovered it's permission issue when workflow starts automatically.
I have elevated priveleges and also opened the site using token of admin
account stil no luck.
See my code below
SPUser user = web.AllUsers[mydomain\\sharePoint_admin];
SPUserToken token = user.UserToken;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(siteCollection.ID, token))
{
CreateTerm(site, title);
}
});
-- Forwarded message --
From: Ajay akhanna...@gmail.commailto:akhanna...@gmail.com
Date: Fri, Dec 16, 2011 at 7:11 PM
Subject: Custom Workflow Activity
To: ozMOSS ozmoss@ozmoss.commailto:ozmoss@ozmoss.com
Hi Guys,
I have created a custom WF activity hooked up in SharePoint designer.
It creates a sub-site and some user groups.
So far so good, then the requirement came to add the site name to the Term
Store.
The workflow is configured to start on Item Added.
On Automatic start, problem is the workflow just creates the sub-site, does not
create the term store entry and shows status as Cancelled.
When I manually start this workflow, than everything is fine, it creates site,
adds term store entry and shows Status as Completed.
I ran a debugger stepped through the code all works fine.
What can be the reason for this.. is it permissions / identity issue when it
runs manually opposed to automatic workflow start.
Cheers,
A
___
ozmoss mailing list
ozmoss@ozmoss.commailto:ozmoss@ozmoss.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
___
ozmoss mailing list
ozmoss@ozmoss.commailto:ozmoss@ozmoss.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
inline: image003.jpg___
ozmoss mailing list
ozmoss@ozmoss.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
RE: Custom Workflow Activity
That code doesn't really elevate privilages - either the token or the
RunWithElevatedPrivileges is redundant. I think the problem will be in the
CreateTerm function. If you share that with us we may see the cause of the
issue.
[Description: Description: Description: C:\Users\Brian\Pictures\EXD
Logos\Extelligent logo no text.jpg]Ishai Sagi | Solutions Architect
0488 789 786 | is...@exd.com.aumailto:is...@exd.com.au |
www.sharepoint-tips.comhttp://www.sharepoint-tips.com/ |
@ishaisagihttp://twitter.com/ishaisagi
From: ozmoss-boun...@ozmoss.com [mailto:ozmoss-boun...@ozmoss.com] On Behalf Of
Ajay
Sent: Friday, 16 December 2011 5:49 PM
To: ozMOSS
Subject: Fwd: Custom Workflow Activity
I have discovered it's permission issue when workflow starts automatically.
I have elevated priveleges and also opened the site using token of admin
account stil no luck.
See my code below
SPUser user = web.AllUsers[mydomain\\sharePoint_admin];
SPUserToken token = user.UserToken;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(siteCollection.ID, token))
{
CreateTerm(site, title);
}
});
-- Forwarded message --
From: Ajay akhanna...@gmail.commailto:akhanna...@gmail.com
Date: Fri, Dec 16, 2011 at 7:11 PM
Subject: Custom Workflow Activity
To: ozMOSS ozmoss@ozmoss.commailto:ozmoss@ozmoss.com
Hi Guys,
I have created a custom WF activity hooked up in SharePoint designer.
It creates a sub-site and some user groups.
So far so good, then the requirement came to add the site name to the Term
Store.
The workflow is configured to start on Item Added.
On Automatic start, problem is the workflow just creates the sub-site, does not
create the term store entry and shows status as Cancelled.
When I manually start this workflow, than everything is fine, it creates site,
adds term store entry and shows Status as Completed.
I ran a debugger stepped through the code all works fine.
What can be the reason for this.. is it permissions / identity issue when it
runs manually opposed to automatic workflow start.
Cheers,
A
inline: image001.jpginline: image002.jpg___
ozmoss mailing list
ozmoss@ozmoss.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
Re: Custom Workflow Activity
Thanks Ishai,
I will just give you my thoughts on this.
1.) It's custom activity to run inside SPD workflow
2.) I have tried using Elevated privleges and Impersonation but no luck,
and even tried to use them both. I also added this activity in
Impersonation step in SPD but it makes no difference.
3.) If I go to workflow and start it manually, then it does not give any
permission error.
4.) Only when I workflow starts automatically it does not do anything.
5.) You are right problem is in CreateTerm method, I attached a debugger,
and get permission error on termSet.CreateTerm(projectName, 1033);
Error message is you do not have enough permissions to do this task.
Code Below
protected override ActivityExecutionStatus Execute(ActivityExecutionContext
executionContext)
{
SPSite contextSite = __Context.Site;
string url = contextSite.Url;
SPWeb contextWeb = __Context.Web;
SPList contextList = contextWeb.Lists[new Guid(__ListId)];
SPListItem contextItem = contextList.GetItemById(__ListItem);
SPFieldUserValue userValue = new SPFieldUserValue(contextWeb,
contextItem[Created By].ToString()); ;
string title = contextItem[Title].ToString();
using (SPSite siteCollection = new SPSite(url))
{
using (SPWeb web = siteCollection.OpenWeb())
{
SPUserToken userToken =
web.AllUsers[Domain\\Admin_Account].UserToken;
using (SPSite newSite = new
SPSite(contextWebUrl,userToken))
{
using (SPWeb myWeb = newSite.OpenWeb())
{
CreateTerm(siteCollection, title);
}
}
}
}
return ActivityExecutionStatus.Closed;
}
protected static void CreateTerm(SPSite siteCollectionObject, string
projectName)
{
TaxonomySession session = new
TaxonomySession(siteCollectionObject);
foreach (TermStore termStore in session.TermStores)
{
foreach (Group group in termStore.Groups)
{
if (group.Name == Test group)
{
foreach (TermSet termSet in group.TermSets)
{
if (termSet.Name == Projects)
{
bool doesThisTermExist = false;
TermCollection terms =
termSet.GetAllTerms();
foreach (Term term in terms)
{
if (term.Name == projectName)
{
doesThisTermExist = true;
}
}
if (!doesThisTermExist)
{
termSet.CreateTerm(projectName, 1033);
termStore.CommitAll();
}
}
}
}
}
}
}
On Sat, Dec 17, 2011 at 11:38 AM, Ishai Sagi is...@exd.com.au wrote:
That code doesn’t really elevate privilages – either the token or the
“RunWithElevatedPrivileges” is redundant. I think the problem will be in
the “CreateTerm” function. If you share that with us we may see the cause
of the issue.
** **
** **
**[image: Description: Description: Description:
C:\Users\Brian\Pictures\EXD Logos\Extelligent logo no text.jpg]***Ishai
Sagi* | Solutions Architect
0488 789 786 | is...@exd.com.au | www.sharepoint-tips.com |
@ishaisagihttp://twitter.com/ishaisagi
** **
*From:* ozmoss-boun...@ozmoss.com [mailto:ozmoss-boun...@ozmoss.com] *On
Behalf Of *Ajay
*Sent:* Friday, 16 December 2011 5:49 PM
*To:* ozMOSS
*Subject:* Fwd: Custom Workflow Activity
** **
I have discovered it's permission issue when workflow starts automatically.
I have elevated priveleges and also opened the site using token of admin
account stil no luck.
See my code below
SPUser user = web.AllUsers[mydomain\\sharePoint_admin];
SPUserToken token = user.UserToken;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(siteCollection.ID, token))
{
CreateTerm(site, title);
}
});
** **
-- Forwarded message --
From: *Ajay* akhanna...@gmail.com
Date: Fri, Dec 16, 2011 at 7:11 PM
Subject: Custom Workflow Activity
To: ozMOSS ozmoss@ozmoss.com
Hi Guys,
I have created a custom WF activity hooked up in SharePoint designer.
It creates a sub-site and some user groups.
So far so good, then the requirement came to
RE: Custom Workflow Activity
Does the owstimer account have full access to the term store? Regards Paul Turner Practice Lead - SharePoint SMS Management Technology M 0412 748 168 paul.tur...@smsmt.commailto:paul.tur...@smsmt.com www.smsmt.comhttp://www.smsmt.com/ About SMS: Level 29, Westpac House, 91 King William Street, Adelaide SA 5095 SMS Management Technology (SMS) [ASX:SMX] is Australia's largest publicly listed Management Services company. We solve complex problems and transform business through Consulting, Technology and Systems Integration P please consider the environment before printing this email [cid:image001.png@01CCBC16.AB2E9180] From: ozmoss-boun...@ozmoss.com [mailto:ozmoss-boun...@ozmoss.com] On Behalf Of Ajay Sent: Friday, 16 December 2011 4:41 PM To: ozMOSS Subject: Custom Workflow Activity Hi Guys, I have created a custom WF activity hooked up in SharePoint designer. It creates a sub-site and some user groups. So far so good, then the requirement came to add the site name to the Term Store. The workflow is configured to start on Item Added. On Automatic start, problem is the workflow just creates the sub-site, does not create the term store entry and shows status as Cancelled. When I manually start this workflow, than everything is fine, it creates site, adds term store entry and shows Status as Completed. I ran a debugger stepped through the code all works fine. What can be the reason for this.. is it permissions / identity issue when it runs manually opposed to automatic workflow start. Cheers, A NOTICE - This communication is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking any action in reliance on, this communication by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this communication please delete and destroy all copies and telephone SMS Management Technology on 1300 842 767 immediately. Any views expressed in this Communication are those of the individual sender, except where the sender specifically states them to be the views of SMS Management Technology. Except as required by law, SMS Management Technology does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free from errors, virus, interception or interference. inline: image001.png___ ozmoss mailing list ozmoss@ozmoss.com http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
