tags:

views:

662

answers:

1
+1  Q: 

How do I set access permissions for the search web service in Search Server 2008 Express?

I have installed Microsoft Search Server 2008 Express on a Windows 2003 server and created a search content source (our corporate website) for testing. I can search this source just fine from the Search Centre.

From an ASP.NET web application I am trying to query the provided web service as described here

I am using impersonation settings in the web.config to specify the user account the request runs under but I cannot find out how to set up that user in the Search Server to allow it to make the query.

<authentication mode="Windows"/>
<identity impersonate="true" userName="MyDomain\MyUser" password="myPassword" />

If I use my own network credentials I get the results back, as I am set up with Full Control permissions in the Search Server instance, but when I use an alternate domain account for this (MyDomain\QueryUser) I get this error:

System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Attempted to perform an unauthorized operation.

I have added the user to the server in Search Server > Site Settings > Permissions > Add Users and have given the account Full Control but it still cannot use the webservice. Is there a setting somewhere I am missing?

**EDIT

Ok, I have tried Gordon's suggestion and using the credentials the Sharepoint application is using makes the error go away. Also, adding the second domain user to the local Administrators group on the server makes the error go away.

What permissions are these changes granting the webservice? Do I have to resort to using these work arounds or can I give my domain user appropriate permissions in Sharepoint somewhere?

+1  A: 

the key to access the Search webservice of MOSS is

1) to authenticate properly 2) to force the MOSS webservice to use that identity

for the first part check if all properties are properly assigned for your networkcredential, i usually provide these:

NetworkCredential credentials = new NetworkCredential(userName, password, domain);
service.PreAuthenticate = true;
service.Url = your_ws_fullurl;
service.UseDefaultCredentials = false;
service.useDefaultCredentialsSetExplicitly = true;
service.Credentials = credentials;

for the second part one solution is to remove the IUSR (IIS anonymous user) the right to access the /_vti_bin/Search.asmx file with IIS (got to the /_vti_bin/ folder, right click to file security properties), this way MOSS will retrieve the credentials provided in the credential cache and you won't have the "unauthorized operation" message

dc2009  2009-10-07 13:17:03

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?