I'm learning Sharepoint.
I am able to surf to an log in to the admin page.
I try to surf to the default site (port 80) and I am prompted for a login.
I login as the administrator, but I get access denied.
Wouldn't the administrator have access to ALL sites automatically?
This does not seem to be the case, but I cannot find where to grant access to the admin to this site.
Is this not clear or too complicated to easily answer.
Any guidance, where to look?
i found an area in the admin area to allow public access, and that seemed to work
Related
I am currently creating an (MS GRAPH-based) Outlook addin, that is installed domain-wide. We only do side-loading when running some tests or for some custom builds. This addin is virtually complete feature wise, so it works as it was designed.
My inquiry however, is related to the best way of granting consent/permissions for the addin. Currently what I am doing is, ask our customer-admins to access https://login.microsoftonline.com/common/adminconsent?client_id=xxxxxxxxxxx. This will then show a popup asking for the admin to grant consent on different permissions. Once he or she, accepts, they will then be redirected to a simple congratulations page.
That being said, is the method I am doing a 'standard practice' for granting consent? Is this the right way to do it, when we publish/release our product to the market?
Thank you very much.
This way of granting permissions with admin consent,
Refer this DOC for more information.
We're trying to setup IIS so that is uses its IIS AppPool identity when going against ACL permission checks (when getting static files from the filesystem) so that we don't have to add "everyone" or "authenticated" users to the main app folder or specific folders.
We've found that setting authenticatedUserOverride to UserWorkerProcessUser achieves the above, but no longer lets us access the specific windows user hitting the website from within the MVC application.
Is there a better way to accomplish this? Again, we're trying avoid having the specific user's credentials validated against ACLs when accessing files.
You can still get the authenticated user that is accessing the site using the LOGON_USER in the Request:
Request["LOGON_USER"]
Scott Forsyth details this on his blog under option #4 (http://weblogs.asp.net/owscott/iis-using-windows-authentication-with-minimal-permissions-granted-to-disk).
As for the best way to accomplish this, I think you are on the right path. I have used this approach along with the roles authorization aspect of ASP.NET to allow/deny access based on membership.
I have a site based on asp.net mvc on windows hosting. Now I need one more site based on php linux. I authonticate a user on windows site and let him upload some information. Now I want this information to go to linux based site. This information could be audio/video or images.
How would i make sure that he can only load to linux server when he is logged into windows based site.
So basically I am thinking before the linux based save something, it should verify that the user is logged into the windows site. What about the logout process.
Help will be appreciated.
Regards
Parminder
If these two services use the same domain, your windows site can save some value in the cookie, and the linux site will identify whether user is authenticated base on these values. However it will only work if the two services are under same domain name (can be different port).
If not, I think Single-Sign On is advisable for security reasons, and OpenID or OAuth is recommended.
I am just getting into Sharepoint, and I have a question about having a Sharepoint internet site, and a Sharepoint intranet site.
Is it possible to have an internet site, and have a login type function, that when the user logs in, they are taken to a site like the Team Site? I think I'm trying to integrate an internet/public site with the Sharepoint functions that users are familiar with in an intranet site.
My goal is to have non-private info on the internet, but once authenticated, the user would be able to upload docs, search docs, see a calendar, that sort of stuff.
Maybe I am not totally clear due to my lack of understanding thus far of Sharepoint?
The google keyword here is Forms based authentication.
Here is a good post to start you off and a second including Mysite setup
Ok so I'm using ASP.NET MVC. I'm supposed to upload a file and write it to a network share.
I'm getting "Logon failure: unknown user name or bad password." when I try to write to the network location.
I solved it on my machine by impersonating the file server account, added this to web.config:
<identity impersonate="true" userName="xx" password="xx"/>
But when we made the build on the server, the admin suggested to run the App Pool under a custom identity instead of my solution (don't ask why), that in theory would be the same thing... But it wasn't, we got the "Logon Failure" exception again.
What is the difference between these two methods and why doesn't the later work?
Thanks in advance!
Change the application pool to run under the account that has access to the network share, or create a new application pool which these credentials.
Your Sys Admin is thinking of security. If he creates an IUSR account (or something like that), then he can restrict what it sees. As a developer your account will probably have permissions to servers and lots of other stuff, which your MVC site doesn't need.
So, if you set the App Pool to use your logon credentials it'll probably work, but if the site doesn't work using the account the Sys Admin wants, then he or she will have to give that account some permission to the network share.