tags:

views:

322

answers:

4
Q: 

Using SPPersistentObject in SharePoint 2007

Hi all.

I'm looking for help getting SharePoint 2007's SPPersistedObject to store information at the Farm level.

When I create a persistent object as a child of the SPFarm instance and call my object's Update() method, an "Access Denied" exception is thrown. Looking at the SharePoint log, I see a complaint that "the current user is not a Farm Administrator"

To find out who the current user really is, I've set a breakpoint in my WebMethod, and when it's invoked I can see that the Environment.UserName is my user "dummy" and the Environment.UserDomainName is the local machine domain.

I've added this LOCALMACHINENAME\dummy to the Farm Administrator group (using the Central Administration console), but I still get this exception.

Does anyone have an idea of what I might try next to diagnose this?

I include the debugger stacktrace and SharePoint log excerpt below.

Thanks much.

Debugger Stacktrace:

at Microsoft.SharePoint.Administration.SPPersistedObject.Update()
at Microsoft.SharePoint.Administration.SPPersistedObject.Update(Boolean ensure) at Equilibrium.FOO4SP.WebService.FOO4SPWebService.UpdatePersistedObject(SPPersistedObject properties)

SharePoint log file:

02/18/2010 09:20:18.36 w3wp.exe (0x15CC) 0x1518 Windows SharePoint Services Topology 8xqz Medium Updating SPPersistedObject FOO4SPPersistedProperties Name=FOO4SP Parent=SPWebApplication Name=SharePoint - 2633. Version: -1 Ensure: 1, HashCode: 49982922, Id: 6e54627b-be20-4f85-9d9d-28fde2d592d8, Stack: at Microsoft.SharePoint.Administration.SPPersistedObject.Update() at Microsoft.SharePoint.Administration.SPPersistedObject.Update(Boolean ensure) at Equilibrium.FOO4SP.WebService.FOO4SPWebService.UpdatePersistedObject(SPPersistedObject properties) at Equilibrium.FOO4SP.WebService.FOO4SPWebService.GetWebApplicationPersistedProperties(Guid webApplicationId) at Equilibrium.FOO4SP.WebService.FOO4SPWebService.GetWebApplicationProperties(Guid webApplicationId) at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes...

02/18/2010 09:20:18.36* w3wp.exe (0x15CC) 0x1518 Windows SharePoint Services Topology 8xqz Medium ... methodAttributes, RuntimeTypeHandle typeOwner) at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.Web.Services.Protocols.LogicalMethodInfo.Invoke(Object target, Object[] values) at System.Web.Services.Protocols.WebServiceHandler.Invoke() at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest() at System.Web.Services.Protocol...

02/18/2010 09:20:18.36* w3wp.exe (0x15CC) 0x1518 Windows SharePoint Services Topology 8xqz Medium ...s.SyncSessionlessHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) at System.Web.HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr) at System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)

02/18/2010 09:20:18.36 w3wp.exe (0x15CC) 0x1518 Windows SharePoint Services Topology 8dyu High The SPPersistedObject, FOO4SPPersistedProperties Name=FOO4SP Parent=SPWebApplication Name=SharePoint - 2633, could not be updated because the current user is not a Farm Administrator.

+2  A: 

Default permissions does not allow updating Config Database

By default, according to MS, you have access to following procedures in Config database:

proc_dropEmailEnabledList
proc_dropEmailEnabledListsByWeb
proc_dropSiteMap
proc_markForDeletionEmailEnabledList
proc_markForDeletionEmailEnabledListsBySite
proc_markForDeletionEmailEnabledListsByWeb
proc_putDistributionListToDelete
proc_putEmailEnabledList
proc_putSiteMap

Note: I have also permissions on not listed proc_getObject (maybe even others), but that's my development box where I already messed with SQL permissions. Maybe because of that.

Additional permissions that need to be set

You must manually set permissions on other procedures to be able to update farm config database with (for example) SQL Server Managament Studio. You could, ofcourse, add web application pool accounts full read/write to farm database, but that probably won't be a good idea. According to this article, you must set permissions on these stored procedures to be able to write to SPWebApplication.PropertyBag:

Permission  Stored Procedure    Database Role
EXECUTE proc_putObject          WSS_Content_Application_Pools
EXECUTE proc_putClass           WSS_Content_Application_Pools
EXECUTE proc_dropObject         WSS_Content_Application_Pools
EXECUTE proc_getNewObjects      WSS_Content_Application_Pools

To learn more about permissions, read Microsoft article. And, according to EULA, setting permissions on database objects, is allowed (because i don't see a point that states that it's dissallowed). Many other interactions directly with DB is disallowed.

SharePoint 2007 Config Database All Stored Procedures

Procedures 1 Procedures 2

Janis Veinbergs  2010-02-19 08:34:44
A: 

From the code I could see that you are calling the above Update from the WebService, you need to check the User Account that WebService is running AppPool Account, Environment.* wont provide you the exact user details you are looking. AppPool account of the WebService should be a Farm Admin. This is a quick guess to debug not a solution

Kusek  2010-02-19 09:16:38
A: 

Why not use SPFarm.Properties property bag?

unclepaul84  2010-02-19 15:52:08
A: 

Why don't u use SPSecurity.RunWithElevatedPrivileges method for get/update SPPersistedObject?

avishnyakov  2010-02-20 10:22:55
That won't help, if App Pool account is not farm admin (and he shouldn't be).
Janis Veinbergs  2010-02-24 08:30:16

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication