The flag is not well named. The calling code looks like this:
proxy.checkConnection( "/", supportsItemSecurity );
"supportsItemSecurity" is set on both SP 3.0 and 4.0.
Karl
On Tue, Feb 26, 2013 at 4:41 PM, Mark Lugert <[email protected]> wrote:
> It's ootb sharepoint and IIS. It being in Amazon is really the only
> unique thing about it.
>
> And yes, not sure why that one call fails, but others succeed.
>
> But, in the code it's doing a if(sp3)
>
> But, I'm using SP 2010. Why is if (sp30) even called?
>
> -mark
>
> *From:* Karl Wright <[email protected]>
>
> *To:* [email protected]; Mark Lugert <[email protected]>
> *Sent:* Tuesday, February 26, 2013 4:39 PM
> *Subject:* Re: Sharepoint
> **
> Another point is that your change ONLY affects the "check" function -
> which is for the UI display only. If you made no further changes elsewhere
> in the code I am at a loss as to why MCPermissions works in some
> circumstances but not others. Perhaps a redirection is interfering with
> your ability to reach the root node of the site?****Karl****
> On Tue, Feb 26, 2013 at 4:36 PM, Karl Wright <[email protected]> wrote:**
>
> Well, you are not actually using the MCPermissions service with this
> change. Permission fetches will therefore not include Folder or File
> security tokens. If this is SharePoint 2010, you will also have had to
> tell it you were using SharePoint 2007 in order to be able to list files
> properly.
>
> Karl
> ******
> On Tue, Feb 26, 2013 at 4:20 PM, Mark Lugert <[email protected]> wrote:**
>
> In the code I see this:
>
> // This fails:
> MCPermissionsWS aclService =
> *new* MCPermissionsWS(baseUrl + site, userName, password, configuration,
> httpClient);
> com.microsoft.sharepoint.webpartpages.PermissionsSoap aclCall =
> aclService.getPermissionsSoapHandler();
> // This works:
> PermissionsWS *aclService* =
> *new* PermissionsWS(baseUrl + site, userName, password, configuration,
> httpClient);
> com.microsoft.schemas.sharepoint.soap.directory.PermissionsSoap *aclCall*=
> aclService.getPermissionsSoapHandler();
>
> As the code says, one fails and one works. The one that succeeds is
> commented out.
>
> I commented out the one that fails and use the one that works. So now I
> can sync everything, however I have not tried to sync any permissions.
> Perhaps because the first one above fails permissions will fail to sync?
> Not sure, but the one that fails gives an error 1000 and 401 unauthorized.
> There is no useful logging in the event logs or in IIS logs to say exactly
> who or what is unauthorized.
>
> -mark
>
> *From:* Karl Wright <[email protected]>***To:* Mark Lugert <
> [email protected]> ***Cc:* "[email protected]" <
> [email protected]> **
> *Sent:* Tuesday, February 26, 2013 3:17 PM
> *Subject:* Re: Sharepoint
> **
> Any news on this?****Karl****
> On Sat, Feb 23, 2013 at 5:20 PM, Mark Lugert <[email protected]> wrote:**
>
> It's there. I'll have the admin double check the permissions again.
> Seems like something doesn't have execute permissions.
>
> -mark
>
> *From:* Karl Wright <[email protected]>
> ***To:* Mark Lugert <[email protected]> ***Cc:* "
> [email protected]" <[email protected]> **
> *Sent:* Saturday, February 23, 2013 5:19 PM
> *Subject:* Re: Sharepoint
> **
> Yes, that's exactly correct. Check to be sure the Permissions.asmx file
> is present, and that the service is enabled.****Karl****
> On Sat, Feb 23, 2013 at 3:37 PM, Mark Lugert <[email protected]> wrote:**
>
> Hi Karl,
>
> I added some debug to print the actual axis error in the sharepoint
> connector. I'm getting error 1000. Looking at
> MCPermissions.cs<http://mcpermissions.cs/>I see that it is what is raising
> this error, in the code below:
>
> try
> {
> // Only handle requests for "item". Send all other
> requests to the SharePoint web service.
> if (objectType.Equals(itemType))
> {
> retVal = GetItemPermissions(objectName);
> }
> else
> {
>
> ServicePointManager.ServerCertificateValidationCallback +=
> new
> RemoteCertificateValidationCallback(ValidateCertificate);
>
> using (SPPermissionsService.Permissions service = new
> SPPermissionsService.Permissions())
> {
> service.Url = SPContext.Current.Web.Url +
> "/_vti_bin/Permissions.asmx";
> service.Credentials =
> System.Net.CredentialCache.DefaultCredentials;
>
> retVal =
> service.GetPermissionCollection(objectName, objectType);
> }
> }
> }
> catch (SoapException soapEx)
> {
> throw soapEx;
> }
> catch (Exception ex)
> {
> EventLog.WriteEntry("MCPermissions.asmx", ex.Message);
> *throw RaiseException(ex.Message, "1000", ex.Source);
> * }
>
> Now, the error is still a 401 unauthorized, but since it's inside
> MCPermissions.asmx it's clearly not an issue with accessing the webpart
> remotely.
>
> I assume since someone wrote that 1000 for a reason that this is not an
> unknown issue. Any ideas what my issue may be? Seems like maybe this is
> an issue accessing /_vti_bin/Permissions.asmx from within
> MCPermissions.asmx?
>
> thanks,
> Mark
>
> *From:* Karl Wright <[email protected]>***To:*
> [email protected]; Mark Lugert <[email protected]> **
> *Sent:* Friday, February 22, 2013 3:07 PM
> *Subject:* Re: Sharepoint
> **
> Usually the only thing you have to be careful of with the plugin is to
> install it when logged in as an administrator. The plugin gets the privs
> it needs from the installation user.****If you've done that already, then
> you also have to open up the IIS widget in Windows and grant .NET execute
> privs to the _vti_bin directory. There's a whole lot of security
> configuration for IIS that I am not an expert with either, but the idea is
> to make sure all the .asmx assemblies under _vti_bin can be executed by a
> remote user.****(And yes, Windows security is, in general, a complete
> pain in the behind.)****Hope that helps.****Karl******
> On Fri, Feb 22, 2013 at 2:51 PM, Mark Lugert <[email protected]> wrote:*
> *
>
> Ok thanks, installed. Seeing these two issues now, wondering if y'all
> have seen these. I'm not a Sharepoint expert, but seems it's security is,
> um, difficult:
>
> 1. Alternate access mappings have not been configured. Users or services
> are accessing the site http://amazona-2h120gm/ with the URL
> http://ec2-50-16-175-94.compute-1.amazonaws.com/. This may cause
> incorrect links to be stored or returned to users. If this is expected, add
> the URL http://ec2-50-16-175-94.compute-1.amazonaws.com/ as an AAM
> response URL. For more information, see:
> http://go.microsoft.com/fwlink/?LinkId=114854"/>
>
> Not sure this is actually causing any issues right now, but if you've seen
> this let me know.
>
> 2. MCPermissions.asmx
> The request failed with HTTP status 401: Unauthorized.
>
> My admin just ran the script for installing mcpermissions.asmx. But it
> seems like there is an extra step to grant users access?
>
> thanks,
> Mark
>
> *From:* Karl Wright <[email protected]>
> ***To:* [email protected]; Mark Lugert <[email protected]> ***
> Sent:* Friday, February 22, 2013 2:00 PM***Subject:* Re: Sharepoint**
> **IIS uses NTLM or Kerberos typically. You want to configure it to use
> NTLM.****In 1.1 and 1.1.1 there was a problem with the NTLM
> implementation in**HttpClient, having to do with machines either not
> joined to domains or**joined to child domains. If you think you may have
> that problem, you**can download a version of httpclient that works
> properly from**http://people.apache.org/~kwright . It's version
> 4.2.4-SNAPSHOT.****Karl******On Fri, Feb 22, 2013 at 1:36 PM, Mark Lugert
> <[email protected]> wrote:**> Ok will try. This server has other web
> apps installed as well. There is**> clearly a conflict or or something
> going on with the classpath.**>**> Another question though. The
> Sharepoint connector uses what to**> authenticate? Seems like it would
> use NTLM by default as I don't see**> anywhere basic auth being set.**>**>
> The docs kind of gloss over that part, but I'm getting**>**> Got an
> unknown remote exception accessing site - axis fault = Client, detail**>
> = The request failed with HTTP status 401: Unauthorized.**>**> using the
> exact same credentials I use to login via the browser. Checking**>
> security log and stuff, but seems like this should be documented better.**
> >**> thanks,**> mark**>******
>
> **
> ****
>
> **
> ****
>
> **
> ****
>
> **
>
> **
> ****
>
