SharePoint Dev Center >
Access denied in Client Object Model ExecuteQueryAsync

Unanswered Access denied in Client Object Model ExecuteQueryAsync

  • Monday, May 10, 2010 6:00 AM
     
     
    Sign In to Vote
    1

    I get following error when i run below code with a regular domain user with no membership on the site.

    Access denied. You do not have permission to perform this action or access this resource

    I guess in "normal sharepoint app" i would run with RunWithElevatedPrivileges. How about in Client Object model?

    ClientContext clientContext = ClientContext.Current;

clientContext.Load(oWebsite.Webs, webs => webs.IncludeWithDefaultProperties(web => web.EffectiveBasePermissions, web => web.Lists.Where(list => list.BaseTemplate == 104 || list.BaseTemplate == 107)));

clientContext.ExecuteQueryAsync(onQuerySucceeded, onQueryFailed);

     

     

All Replies

  • Monday, May 10, 2010 6:54 AM
     
     
    Sign In to Vote
    0
    Which Client OM are you using: Client OM, Silverlight, or ECMA? In Client you have to either provide credentials or use the anonymous mode. Silverlight and ECMA use the credentials from the current Context (you cannot provide different credentials). As far as I know there is no elevation capabilities in the Client OM.
    w: http://blog.mastykarz.nl | t: @waldekm | c: http://mavention.codeplex.com | c: http://mavention.nl
     
  • Monday, May 10, 2010 5:40 PM
     
     
    Sign In to Vote
    0

    This is a Silvelight app. Is there a way to get a list of all the webs that the current user is the "member" of?

    -p

     
  • Tuesday, May 11, 2010 2:20 PM
     
     
    Sign In to Vote
    1

    I guess you could do that if the user had permissions to the site. Have you tried using the GetSubwebsForCurrentUser method?

    w: http://blog.mastykarz.nl | t: @waldekm | c: http://mavention.codeplex.com | c: http://mavention.nl
     
  • Friday, June 01, 2012 11:13 PM
     
     
    Sign In to Vote
    0

    @Waldek: I am using Microsoft.SharePoint.Client.Silverlight, in mainpage.xaml.cs, with ExecuteQueryAsync to run a caml query. What sort of permissions do i need to access the site web context? Doesn't work for me in dev environment nor in staging IIS, i get system.security.securityexception after being prompted for creds.

    AskMarkus

     
  • Saturday, June 02, 2012 9:20 AM
     
     
    Sign In to Vote
    0
    Are you trying to access SharePoint as an authenticated or anonymous user?

    w: http://blog.mastykarz.nl | t: @waldekm | c: http://mavention.codeplex.com | c: http://mavention.nl

     
  • Monday, June 04, 2012 4:36 AM
     
     
    Sign In to Vote
    0

    Hi,

    In silverlight client object model, we can't pass the user credentials by code. Please refer to following another forum post regarding the same.

    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010programming/thread/d0cd95d1-e2fc-4266-912e-8fe673c5a71c/

     
  • Monday, June 04, 2012 11:22 PM
     
     
    Sign In to Vote
    0

    @Waldek: Well, in staging IIS the only enabled authentication is Windows. I have anonymous disabled, if enabled the app never loads; it sits loading at 100%; it's trying to read some default values for text boxes from a reporting database. So does the app use the apppool identity to try and access the list?

    In my dev environment within VS i don't know what it's trying to use. VS is running as "Administrator"; i presume that's the local machine admin, and since the sharepoint site is on the same machine, it could have access to sharepoint but probably not; local admin rights don't equate to sharepoint farm admin perms, right? What else could the dev environment be using?

    In the web.config of the webapp there's a reporting database connection and it uses 'integrated authentication' so the app can fill a drop down list with standardized values. But that's just for the reporting database, nothing sharepoint, i believe.

    So you see, i know bits and pieces about what accounts are running what, but executequeryasync....i don't know so my troubleshooting is weak here.

    AskMarkus

     
  • Tuesday, June 05, 2012 12:20 AM
     
     
    Sign In to Vote
    0

    Are you saying that it's not possible to run a caml query on a database in the code behind of a xaml page? What i want to do is find the id of a sharepoint list item that has a title matching the name of a thing the user chose in a silverlight dropdown list, and then use the id to delete that item in the sharepoint list.

    TIA for any input or response.

    AskMarkus

     
  • Tuesday, June 05, 2012 3:33 PM
     
     
    Sign In to Vote
    1

    Silverlight is client-side technology meaning it uses your own credentials. As for anonymous, it's disabled by default. I wrote about it here: http://blog.mastykarz.nl/inconvenient-silverlight-object-model-anonymous-users/.

    w: http://blog.mastykarz.nl | t: @waldekm | c: http://mavention.codeplex.com | c: http://mavention.nl

     
  • Tuesday, June 05, 2012 9:47 PM
     
     
    Sign In to Vote
    0

    Within Visual Studio devenv running as Administrator, what creds are used hitting the webserver/SharePoint server?

    AskMarkus

     
  • Tuesday, June 05, 2012 9:52 PM
     
     
    Sign In to Vote
    0

    @Nitin, not trying to set any creds by code. Trying to understand what creds are being used by the code to go to the list and therefore which creds need access given on the Sharepoint site list. Pretty sure the scheme is Windows Authentication, but what creds?

    AskMarkus

     
  • Wednesday, June 06, 2012 5:06 AM
     
     
    Sign In to Vote
    0
    Credentials that you have used in the browser to access the site.

    w: http://blog.mastykarz.nl | t: @waldekm | c: http://mavention.codeplex.com | c: http://mavention.nl

     
  • Wednesday, June 06, 2012 8:39 PM
     
     
    Sign In to Vote
    0

    So VS doesn't use the "Administrator" account to access the Sharepoint site, and it's not the machine account accessing the sharepoint site, it's the account that's logged into the machine that gets used in the browser that VS uses. I get it. Thanks for that clarificatin; makes sense.

    Then even moreso i see no reason why my login account would cause a "security error" when executequeryasync fails, giving this:

    InnerException = {System.Security.SecurityException: Security error.
       at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
       at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClassa.<EndGetResponse>b__9(Object sendState)
     ...

    Seems vague, but perhaps to the more expert eye there's something to be gleaned...

    AskMarkus

     
  • Friday, June 08, 2012 6:06 PM
     
     
    Sign In to Vote
    0

    So the context setup in xaml.cs begins this way:

    ClientContext clientCtx = newClientContext(Http://sharepointservername)

    IE Internet Options/Security/Intranet Zone/Custom Level/Logon is set to:

    "Automatic logon with current username and password". I am logged on to the SharePoint server via RDP to do dev work, from my office desktop machine.

    If including this line in the code i get a 'security error'.

    clientCtx.ExecuteQueryAsync(loadListSuccess,LoadListFailure);

    i get a 'security error':

    Execute Query Failed: System.Security.SecurityException: Security Error at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult AsyncResult)

    AskMarkus