I need to add a user to a SharePoint-Website (WSS 3.0) via a Web Service.
Using the API I would use the SPWeb.EnsureUser method, but I can't run my own code on the server.
I was hoping the Users and Groups Web Service could help, but it does not provide a suitable method.
So, is there a Web Service equivalent to SPWeb.EnsureUser?
I stumbled across this question yesterday. As a matter of fact, there is a Web Service equivalent of web.EnsureUser, but it is not in the UserGroup Web service. Use the ResolvePrincipals method of the People web service (_vti_bin/people.asmx) instead.
Here is the Microsoft documentation.
The key is to feed in true for the value of addToUserInfoList. The PrincipalInfo object returned by the service call includes a UserInfoID, which you can use in other membership-related operations on that site.
Here is an example of using the web service from PowerShell 2.0:
$client = new-webserviceproxy http://mysharepointsite/_vti_bin/people.asmx?wsdl -usedefault
$person = $client.ResolvePrincipals(#('domain\user'), 'User', $true)
# ...
Related
I'm trying to use the AadHttpClient library that comes with SPFx to connect to a custom API secured by an app registration in Azure AD.
However when I run the web part in the workbench, SharePoint Online (in the tenant _layouts) I get an error in the console saying that the feature is experimental.
Error: The requested operation is part of an experimental feature that is not supported in the current environment.
As far as I can make out from this article, it should be in general release.
When connecting to Azure AD-secured APIs, we recommend that you use the MSGraphClient and AadHttpClient classes, which are now generally available. For more information about the recommended models, see Connect to Azure AD-secured APIs in SharePoint Framework solutions and Use the MSGraphClient to connect to Microsoft Graph.
When I go to the API management page in SP Admin site I get a popup stating
***Access to Azure Active Directory resources using the SharePoint Framework will be available soon.
So I'm a bit confused.
I also get an error on the API management page saying..
A null value was found with the expected type 'Edm.String[Nullable=False]'. The expected type 'Edm.String[Nullable=False]' does not allow null values.
I also get the same error when I try in PowerShell running
Get-SPOTenantServicePrincipalPermissionRequests
I'm not 100% sure I understand the relevance of the API management page - does an admin need to approve just once for the web part then all users are good to go?
I was having the same issue. The github thread can be found here. What fixed it for me was adding the account I was using as a site collection admin.
Connect-SPOService
Set-SPOUser -Site https://TENANT-admin.sharepoint.com -IsSiteCollectionAdmin $True -LoginName yourLoginName
I can't seem to find an asmx that has a "Remove" User Profile method...the
UserProfileService has Create and Modify, but no Remove...where should I be
looking to programattically remove a user profile via an WSS WebService?
Please advise.
You appear to be correct:
http://msdn.microsoft.com/en-us/library/websvcuserprofileservice.userprofileservice_methods.aspx
You would however be able to do this from code that uses the server object model.
There is no out of the box web service to delete/remove profiles. We had to create a custom web service deployed to the 12/ISAPI folder (where the OOTB web services are), that took a username as a parameter and called the sharepoint API to then remove the profile.
Here's the scenario:
We have an external SharePoint instance with anonymous access turned on. We want the document libraries open to the public. We do not want custom lists open. That was simple enough to configure.
Now we want to use those lists to create an attractive external ASP.Net web application. This web site will need anonymous enabled as well.
The problem is we need to access those lists from the web application without opening them to anonymous access.
We want to use the API (not web services) since this will be hosted on the same boxes.
So far we have been unable to create an SPUser with the appropriate access to open the lists.
SPContext is empty.
Doing this fails as well:
SPSite temp = new SPSite(URL);
SPUserToken token = temp.SystemAccount.UserToken;
SPSite site = new SPSite(URL, token); ...do stuff as the user.
RunWithElevatedPrivileges also fails.
Please help!
Any chance you are using SharePoint 2010? They have more options available to access from other applications. If not 2010, you are going to have to use a web service of some kind, either the OTB ones or your own Web Service that encapsulates your logic since the SP OM will not run on a non SharePoint box.
Independent of that, you could try getting the SPToken from the Application pool. Essentially
SPUserToken sysToken = SPContext.Current.Site.SystemAccount.UserToken;
using(var systemSite = new SPSite(SPContext.Current.Site.ID, sysToken))
Daniel Larson is a big proponent of this approach over using RunWithElevatedPriveleges. Check out his blog post on the matter.
UPDATE
I can now perform succesful UI impersonation. This was an issue with the code I was using and after viewing Jay Nathan's article I have reverted to his code and all is working great.
In response to a comment this is the code I am using to create a new site collection:
Dim newSite As SPSite = webApp.Sites.Add( _
txtWebApp.Text & "/cg/" & strURL, txtName.Text, txtDesc.Text, 1033, "SITEDEF#0", _
"DOMAIN\ACCOUNT", "NAME", "EMAIL", _
"DOMAIN\ACCOUNT", "NAME", "EMAIL")
and yes "SITEDEF#0" is a perfectly valid site defintion.
Hopefully I have overcome this issue by using an Application Page which is available as an element on the Site Actions menu (to site admins only). Using impersonation I can succesfully instigate this process. There are some additional issues which I have highlighted in another question.
ORIGINAL QUESTION
I have a need to allow non farm administrators to be able to create site collections using a very specific site definition. These people will not have access to central admin and so require a custom solution to allow the creation of these. I have tried several solutions, but want some consensus on a recommended approach.
Custom Web Service - I have written a custom web service to perform this task however this caused major headaches and even though the web service was running in an app pool using the same identity as the sharepoint app pool I could not get this to work. Also had form digest issues in trying to perform this v ia a web service.
Web Part/Application Page - No form digest issues here as we are in the SharePoint context, however I have tried using RunWithElevatedPrivileges but I still get an access denied when calling SPWebbApplication.Sites.Add(), even though all SPSite and SPWeb pbjects are being instantiated inside the elevated code block. I have tried direct impersonation at the UI level and I get an UnhandledException saying that impersonation has failed.
Application Wrapper Around stsadm - I have not attempted this yet as I am concerned about the viability of this approach, surely there is a cleaner way than this?
Some guidance on this would be useful as I cannot find much out there on this.
Thanks
I'd go with option number 1. It's probably an authorization issue. How are you accessing SharePoint? with the SDK or trough its web services?
I'd go for number 2. That code should work, maybe the impersonation code is not correct? You can't use SPContext like you normally would for instance.
Also, you are elevating to the identity of the application pool of your SharePoint site. Does this account have sufficient rights to create Site Collections?
You can check in Central Administration > Application Management > Policy for Web Application.
Can anyone tell me if I have some ways to access to sharepoint list from windows app?
I've tryed following way (i'm under user that is sharepoint member):
SPUserToken token = new SPUserToken(
BitConverter.GetBytes(WindowsIdentity.GetCurrent().Token.ToInt32()));
SPSite site = new SPSite(siteName, token);
but no luck...
Your best bet is to use a web reference to query the SharePoint WebService's GetListItems web method:
http://msdn.microsoft.com/en-us/library/lists.lists.getlistitems.aspx
Like Jason said, to be able to use the SharePoint Object model (i.e. the sharepoint dll's) the app needs to be running on the same machine as SharePoint. If it is anywhere else you can only use the Web Services provided by SharePoint (or create your own and deploy that to your sharepoint server).
P.S. In SharePoint 2010 you have the client object model at your disposal, basically a subset of the full sharepoint object model (Kinda like Silverlight). Of course sp2010 is still in beta....
This article provides an excellent and detailed step by step tutorial on how to do this using Linq and Web services. It does create a console application instead of a Windows application but it is very easy to translate this into a Windows Form app if needed. I found this article very useful when I started working on programatically communicating with SharePoint lists because it clearly demonstrates how easy it is to work with the web service response from SharePoint using LINQ.
Is siteName on the same computer that you are running the windows application from? If not, then you won't be able to access that site if you're using SharePoint 2007.
If the above isn't the problem, then check that the user account WindowsIdentity.GetCurrent() is at least a site owner on siteName.