I have an XPage that I want to restrict access to. So in the ACL property I wrote the following code:
<xp:this.acl>
<xp:acl>
<xp:this.entries>
<xp:aclEntry name="TSC Time Tracking Administrators"
right="EDITOR" type="GROUP" fullName="Administrator">
</xp:aclEntry>
</xp:this.entries>
</xp:acl>
</xp:this.acl>
This code works on the web - I receive an authentication challenge - but on the client I get a 401 error with "You do not have sufficient authorization to perform this operation"
I think this must be a bug in the client. I am running 9.0.1.
Does anybody know if this is a bug or if there is a work around?
Related
use doc https://www.onvif.org/ver10/device/wsdl/devicemgmt.wsdl i managed get onvif users (action getUsers), but when i try to get web users i have error Optional Action Not Implemented
method
<s:Body>
<GetRemoteUser xmlns="http://www.onvif.org/ver10/device/wsdl">
</GetRemoteUser>
</s:Body>
what i'm doing wrong ? maybe need additional settings on the camera to access this action?
I am trying to download the rate card for my Azure subscription and since this morning the request is ending in an HTTP 400. This is the error
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>InvalidAuthenticationInfo</Code>
<Message>Authentication information is not given in the correct format. Check the value of Authorization header.
RequestId:757bb26d-801e-005b-45e9-d7361f000000
Time:2018-04-19T14:19:26.9289239Z</Message>
</Error>
The Api Call I make is. In the header I also pass the access token.
https://management.azure.com/subscriptions/<subscription id>/providers/Microsoft.Commerce/RateCard?api-version=2015-06-01-preview&$filter=OfferDurableId+eq+%27MS-AZR-0003P%27+and+Currency+eq+%27USD%27+and+Locale+eq+%27en-US%27+and+RegionInfo+eq+%27US%27
The same access token seems to be working fine for other purpose. But all of a sudden it seems the rate card API is failing.
Any ideas if anything changed on the Microsoft side ?
When you make a GET call with Authorization to the url
https://management.azure.com/subscriptions/<subscription id>/providers/Microsoft.Commerce/RateCard?api-version=2015-06-01-preview&$filter=OfferDurableId+eq+%27MS-AZR-0003P%27+and+Currency+eq+%27USD%27+and+Locale+eq+%27en-US%27+and+RegionInfo+eq+%27US%27
It will respond 400 as Status Code. But Also it will give 302 as status with a Location header like this :
Location : https://ratecard.blob.core.windows.net/ratecards/asdfghjk-db2f-4847-b3a0-d556072000f6%5CMS-AZR-0003P%5CUSD%5Cen-US%5CFalse/2015-06-01-preview/1bc08f92-830c-43c7-b8b4-6bc1d8875d0e.json?sv=2016-05-31&sr=b&sig=asdfghjkc6EbDNOUVEDc4M69YqHoH8ERQy5BJWKfSEU%3D&se=2018-04-24T07%3A00%3A19Z&sp=r&rsct=application%2Fjson
Now make a GET call to the location without Authorization header(cuz its already authenticated in previous call) and now you can get the Rate Card.
Same issue here, seems like MSFT is working on it: Authorization format fail #7423
Update: It seems like the XML is not the problem and the issue has to do with using a dev tenant. As far as I can tell, it behaves properly using an Office 365 Home account, but throws a 403 when using an Office 365 Enterprise E3 Developer account. Why does this throw a 403? Is there anything I can do so we can test if we can get an addin taskpane to auto show with our templates?
Title Edit: from "Excel Online Add in- How to auto show taskpane" to "Excel Online Add in- 403 when trying to autoshow and addin using a dev tenant"
Original:
I'm trying to auto show an addin following this guide: https://dev.office.com/docs/add-ins/design/automatically-open-a-task-pane-with-a-document
Since the manifest we currently have in the store doesn't use
<TaskpaneId>Office.AutoShowTaskpaneWithDocument</TaskpaneId> I'm trying to test it out using Script Lab
The <we:webextension> xml is below
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<we:webextension xmlns:we="http://schemas.microsoft.com/office/webextensions/webextension/2010/11"
id="{8bc018e3-f345-40d4-8f1d-97951765d531}">
<we:reference id="WA104380862" version="1.1.0.2" store="en-US" storeType="OMEX"/>
<we:alternateReferences/>
<we:properties>
<we:property name="Office.AutoShowTaskpaneWithDocument" value="true"/>
</we:properties>
<we:bindings/>
<we:snapshot xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships"/>
</we:webextension>
In my <wetp:taskpane> I've tried setting visibility="1" and visibility="0", but neither seem to work. When it is 1 I get a 403 and this is my console
OsfRuntimeExcelWac.js:12 GET https://store.office.com/gatedserviceextension.aspx?=313351b2_2e0ee2d3_1500571610901&ui=en-US&rs=en-US&ad=US&fromAR=4 403 ()
e5191e878673e5c7.js:1 Uncaught ReferenceError: $ is not defined
at t.n (e5191e878673e5c7.js:1)
at new t (e5191e878673e5c7.js:1)
at e5191e878673e5c7.js:1
MicrosoftAjax.js:5 Refused to set unsafe header "Cookie"
HEAD https://store.office.com/gatedserviceextension.aspx?fromAR=3&corr=41fa9016-d510-90be-877b-25c612f780bb 403 ()
MicrosoftAjax.js:5 Request to /gatedserviceextension.aspx?fromAR=3&corr=41fa9016-d510-90be-877b-25c612f780bb came back with the status code:
When it's 0, there is nothing unusual in the console, but nothing happens.
What am I doing wrong? Am I just misunderstanding what this is supposed to accomplish? When visibility="1" it looks like it's trying to do something, but isn't allowed. Does it just mean I can't auto load Script Lab? Their manifest suggests that I can.
Any help is appreciated. We're looking at pushing a new version of our Manifest with the proper <TaskpaneId> to test this, but we wanted a proof of concept first.
This is indeed an issue with our code and a fix is underway. It only reproed in certain variations Office 365 for business customers. I'll update my answer once I get confirmation the fix has been fully rolled out.
How did you set
<we:property name="Office.AutoShowTaskpaneWithDocument" value="true"/>
in webextension?
Did you modify it directly?
You could try to set it by api in script Lab:
Office.context.document.settings.set("Office.AutoShowTaskpaneWithDocument", true);
Office.context.document.settings.saveAsync();
<?xml version="1.0" standalone="yes"?>
<tcm:Error ErrorCode="80040302" Category="16" Source="Kernel" Severity="2" xmlns:tcm="http://www.tridion.com/ContentManager/5.0"><tcm:Line ErrorCode="80040302" Cause="false" MessageID="4613"><![CDATA[Unable to get list of Publication items.]]><tcm:Token>RESID_4485</tcm:Token><tcm:Token>RESID_4452</tcm:Token></tcm:Line><tcm:Line ErrorCode="80040302" Cause="false" MessageID="4394"><![CDATA[Unable to Initialize TDSE object.]]><tcm:Token>RESID_4537</tcm:Token><tcm:Token>TDSE</tcm:Token></tcm:Line><tcm:Line ErrorCode="80040302" Cause="true" MessageID="16226"><![CDATA[Access is denied for the user IIS APPPOOL\publishedlist.]]><tcm:Token>IIS APPPOOL\publishedlist</tcm:Token></tcm:Line><tcm:Details><tcm:CallStack><tcm:Location>Tridion.ContentManager.Security.AuthorizationManager.LoadAccessToken(String,IEnumerable`1,IEnumerable`1)</tcm:Location><tcm:Location>Tridion.ContentManager.Security.AuthorizationManager.LoadAccessToken(String,String)</tcm:Location><tcm:Location>Tridion.ContentManager.Session..ctor(String,String,UserContext)</tcm:Location><tcm:Location>Tridion.ContentManager.BLFacade.SystemFacade.InitializeUserContext(UserContext,String,String)</tcm:Location><tcm:Location>UtilitiesTDS.GetUserContext</tcm:Location><tcm:Location>TDSE.Initialize</tcm:Location><tcm:Location>TDSE.GetListPublications</tcm:Location></tcm:CallStack></tcm:Details></tcm:Error>
this error occurs while executing this line :
TridionCollection<Component> components = new TridionCollection<Component>(folder.GetListItems(ListColumnFilter.XMLListExtended, rowFilter), "[contains(#IsShared,'false') and contains(#IsLocalized,'false') ]");
I think the error itself is quite clear: User IIS APPPOOL\publishedlist has no permission to access Tridion. Now you need to understand why this user is trying to connect. There are several ways to resolve it. Try to figure out who is trying to connect with this user. Apparently IIS, but why (is it expected to connect with this user?)
If you are logging in with user A and you see error like this, it means that you want to impersonate user A with IIS APPPOOL\publishedlist. Just add IIS APPPOOL\publishedlist to impersonation users of Tridion and it will be fine.
If this user is some kind of service user that you are want to use to perform maintenance tasks or so - just create user in CM
Next time, please post some more details of what you were trying to do and where exactly you have a problem, otherwise your question will be downvoted and you will hardly get any answer.
I'm writing a very small app to create and test caml querys for sharepoint. While executing the GetListItems method I'm receiving the following exception;
System.Net.WebException: "The request failed with an empty response."
The service is located on a https address (ssl). I setup the service as follows;
result = new ListService.Lists();
result.Url = siteUrl;
result.Credentials = new NetworkCredential(txtUserName.Text, txtPassword.Text, txtDomain.Text);
I invoke the GetListItems() method as follows;
xmlResult = spList.GetListItems(listName, string.Empty, camlQuery, null, string.Empty, null, string.Empty);
I'm trying to find out why I'm getting the empty result message. I've also tried other methods (i.e. GetListCollection) but to no avail.
At first I thought that the problem might be the URL (http instead of https), but that is not the case. I even checked it with wireshark to make sure the right URL is used.
Did someone come accross this problem and how did you solve it?
OMG...! I've solved it after all. After posting this question, I tried to get hold of the wsdl the check the service itself. When I checked it via internet explorer all was ok. When I tried to add it as a reference in VS it went wrong. So something was not ok. Then it occured to me that there was a new login screen for our company network.
After some quick phonecalls I learned what the problem was; IT Services installed a ISA 2006 server and 'forgot' to tell me. The ISA server was blocking all trafic on the HTTPS port (443) for unkown programs and or clients. That's why internet explorer presented me with a new and shiny login dialog.