|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
401 Unauthorized trying to read SPList Attachment - owssrv.dllWe have written a class that enumerates the items in a WSS list and then
attemptes to open the attachment for each item. We have written two classes, one to impersonate a user and read in the list information and the other to be called by the first which actually opens the attachment. Our code fails when it tries to open the attachment in the second class with a 401 - Unauthorized error from IIS on http://localhost/_vti_bin/owssrv.dll. What's strange is that I can use IE to open the URL to the attachemnt without any problems. I noticed in the IIS logs that when I open the URL, I can see the domain\password passed to IIS from IE. However, when our code tries to access the same URL, no user information is passed, causing the 401. We have impersonated a valid user in our code, so why does IIS not see it? Thanks! Please do not post WSS programming questions in future to the main WSS
newsgroup but only to the newsgroup specially created for WSS programming questions. We are maintaining a clear split where WSS Programming questions go only to microsoft.public.sharepoint.windowsservices.development and not to the (Administration issues) main newsgroup microsoft.public.sharepoint.windowsservices. This split is to the benefit of the readers of one or both these newsgroups. Thanks. Mike Walsh, Helsinki, Finland WSS FAQ at http://wss.collutions.com Please reply to the newsgroup Show quoteHide quote "Chris Kane" <ChrisK***@discussions.microsoft.com> wrote in message news:3DA9A3DB-FD45-436E-99B5-265B002F81B3@microsoft.com... > We have written a class that enumerates the items in a WSS list and then > attemptes to open the attachment for each item. We have written two > classes, > one to impersonate a user and read in the list information and the other > to > be called by the first which actually opens the attachment. Our code > fails > when it tries to open the attachment in the second class with a 401 - > Unauthorized error from IIS on http://localhost/_vti_bin/owssrv.dll. > What's > strange is that I can use IE to open the URL to the attachemnt without any > problems. I noticed in the IIS logs that when I open the URL, I can see > the > domain\password passed to IIS from IE. However, when our code tries to > access the same URL, no user information is passed, causing the 401. We > have > impersonated a valid user in our code, so why does IIS not see it? > > Thanks! hi
i think the current context is associated with current logged in user credentials so change the context. string CurrentSiteUrl = SPControl.GetContextWeb(Context).Url; start impersonation//username password etc SPSite tmpSite = new SPSite(CurrentSiteUrl); tmpSite.CatchAccessDeniedException = false; SPWeb mysite= tmpSite.OpenWeb(); SPList lists=mysite.Lists["list name"]; undo impersonation hope this helps bart Show quoteHide quote "Mike Walsh" wrote: > Please do not post WSS programming questions in future to the main WSS > newsgroup but only to the newsgroup specially created for WSS programming > questions. > > We are maintaining a clear split where WSS Programming questions go only to > microsoft.public.sharepoint.windowsservices.development and not to the > (Administration issues) main newsgroup > microsoft.public.sharepoint.windowsservices. > > This split is to the benefit of the readers of one or both these newsgroups. > > Thanks. > > Mike Walsh, Helsinki, Finland > WSS FAQ at http://wss.collutions.com > Please reply to the newsgroup > > "Chris Kane" <ChrisK***@discussions.microsoft.com> wrote in message > news:3DA9A3DB-FD45-436E-99B5-265B002F81B3@microsoft.com... > > We have written a class that enumerates the items in a WSS list and then > > attemptes to open the attachment for each item. We have written two > > classes, > > one to impersonate a user and read in the list information and the other > > to > > be called by the first which actually opens the attachment. Our code > > fails > > when it tries to open the attachment in the second class with a 401 - > > Unauthorized error from IIS on http://localhost/_vti_bin/owssrv.dll. > > What's > > strange is that I can use IE to open the URL to the attachemnt without any > > problems. I noticed in the IIS logs that when I open the URL, I can see > > the > > domain\password passed to IIS from IE. However, when our code tries to > > access the same URL, no user information is passed, causing the 401. We > > have > > impersonated a valid user in our code, so why does IIS not see it? > > > > Thanks! > > > IIS does not see your impersonated user because you failed to authenticate
as that user. Remember that we are talking about HTTP, which has its own publicly defined authentication protocols. Client-side impersonation isn't one of them. The identity of the user on the client, impersonated or not, means ABSOLUTELY NOTHING on the server unless you negotiate HTTP authentication of some sort. IE, for example, does this authentication behind the scenes without you noticing. So do many of the Windows programs and protocols. This isn't how the web and HTTP works, though, and you just have to follow the rules. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Chris Kane" <ChrisK***@discussions.microsoft.com> wrote in message We have written a class that enumerates the items in a WSS list and thennews:3DA9A3DB-FD45-436E-99B5-265B002F81B3@microsoft.com... attemptes to open the attachment for each item. We have written two classes, one to impersonate a user and read in the list information and the other to be called by the first which actually opens the attachment. Our code fails when it tries to open the attachment in the second class with a 401 - Unauthorized error from IIS on http://localhost/_vti_bin/owssrv.dll. What's strange is that I can use IE to open the URL to the attachemnt without any problems. I noticed in the IIS logs that when I open the URL, I can see the domain\password passed to IIS from IE. However, when our code tries to access the same URL, no user information is passed, causing the 401. We have impersonated a valid user in our code, so why does IIS not see it? Thanks! Okay, thanks. We store XML documents as SPListItem attachments that are to
be processed by our workflow application. We attempted to pass the attachment's URI directly to the XPathDocument class constructor in preparation for transforming it via XSL. This is where we originally received the 401 from IIS. I can see how we could retrieve the attachemnt using the HTTPWebResponse object and then pass this into the XPathDocument class as a stream. Is this the best way to do this? Thanks for your help! Show quoteHide quote "David Wang [Msft]" wrote: > IIS does not see your impersonated user because you failed to authenticate > as that user. > > Remember that we are talking about HTTP, which has its own publicly defined > authentication protocols. Client-side impersonation isn't one of them. The > identity of the user on the client, impersonated or not, means ABSOLUTELY > NOTHING on the server unless you negotiate HTTP authentication of some sort. > > IE, for example, does this authentication behind the scenes without you > noticing. So do many of the Windows programs and protocols. This isn't how > the web and HTTP works, though, and you just have to follow the rules. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Chris Kane" <ChrisK***@discussions.microsoft.com> wrote in message > news:3DA9A3DB-FD45-436E-99B5-265B002F81B3@microsoft.com... > We have written a class that enumerates the items in a WSS list and then > attemptes to open the attachment for each item. We have written two > classes, > one to impersonate a user and read in the list information and the other to > be called by the first which actually opens the attachment. Our code fails > when it tries to open the attachment in the second class with a 401 - > Unauthorized error from IIS on http://localhost/_vti_bin/owssrv.dll. What's > strange is that I can use IE to open the URL to the attachemnt without any > problems. I noticed in the IIS logs that when I open the URL, I can see the > domain\password passed to IIS from IE. However, when our code tries to > access the same URL, no user information is passed, causing the 401. We > have > impersonated a valid user in our code, so why does IIS not see it? > > Thanks! > > > Chris,
This sounds like a good approach. If you use the WebRequest be sure to set it's credentials. Alternatively, a better way may be to get the SPFile object of the ListItem. I do this in my PortalTools project in creating a disk based package of document libraries (url is below). Daniel Larson http://www.portalbuilder.org http://workspaces.gotdotnet.com/portaltools Show quoteHide quote "Chris Kane" wrote: > Okay, thanks. We store XML documents as SPListItem attachments that are to > be processed by our workflow application. We attempted to pass the > attachment's URI directly to the XPathDocument class constructor in > preparation for transforming it via XSL. This is where we originally > received the 401 from IIS. I can see how we could retrieve the attachemnt > using the HTTPWebResponse object and then pass this into the XPathDocument > class as a stream. Is this the best way to do this? > > Thanks for your help! > > "David Wang [Msft]" wrote: > > > IIS does not see your impersonated user because you failed to authenticate > > as that user. > > > > Remember that we are talking about HTTP, which has its own publicly defined > > authentication protocols. Client-side impersonation isn't one of them. The > > identity of the user on the client, impersonated or not, means ABSOLUTELY > > NOTHING on the server unless you negotiate HTTP authentication of some sort. > > > > IE, for example, does this authentication behind the scenes without you > > noticing. So do many of the Windows programs and protocols. This isn't how > > the web and HTTP works, though, and you just have to follow the rules. > > > > -- > > //David > > IIS > > http://blogs.msdn.com/David.Wang > > This posting is provided "AS IS" with no warranties, and confers no rights. > > // > > "Chris Kane" <ChrisK***@discussions.microsoft.com> wrote in message > > news:3DA9A3DB-FD45-436E-99B5-265B002F81B3@microsoft.com... > > We have written a class that enumerates the items in a WSS list and then > > attemptes to open the attachment for each item. We have written two > > classes, > > one to impersonate a user and read in the list information and the other to > > be called by the first which actually opens the attachment. Our code fails > > when it tries to open the attachment in the second class with a 401 - > > Unauthorized error from IIS on http://localhost/_vti_bin/owssrv.dll. What's > > strange is that I can use IE to open the URL to the attachemnt without any > > problems. I noticed in the IIS logs that when I open the URL, I can see the > > domain\password passed to IIS from IE. However, when our code tries to > > access the same URL, no user information is passed, causing the 401. We > > have > > impersonated a valid user in our code, so why does IIS not see it? > > > > Thanks! > > > > > > 
Other interesting topics
Administrator 401.1 after SP1
SharePoint password prompting webdav prompts for second password Why is iis6.log on an XP home machine? FSO exploit Permission Denied when writing text file from ASP Site access only through Local groups SSL doesn't work IWA with multiple AD Service Principal Name Confusion |
|||||||||||||||||||||||
