'schema.AllCategories' threw an exception of type 'System.UnauthorizedAccessException
-
Thursday, June 03, 2010 5:06 PM
We're porting a solution from 2007 to 2010 and we're having trouble accessing the CrawledProperties property from the Schema object. Other properties from the Schema object however are accessible (e.g. AllManagedProperties).
It does not matter whether we use the obsolete SearchContext to create the Schema object, or the new SearchServiceApplication (Example code from Steve Curran here: http://social.technet.microsoft.com/Forums/en-US/sharepoint2010programming/thread/2550e6e8-34a6-4012-969f-9657dc526d74)
Now what's interesting is that the SAME user (Farm administrator) can access the AllCategories using a Windows Forms application, but when using a SharePoint solution (Codebehind on an application page) it doesn't work. We have double-checked that the executing user is the same.
The same user can also browse the CrawledProperties using the Central Admin UI.
We're experiencing this on several server installations, one of which is the "Standalone" installation of Search Server Express 2010, whereas the same user was used to perform the installation.
I'd appreciate any ideas you might have.
All Replies
-
Thursday, June 03, 2010 9:30 PM
OK, I've used Reflector... turns out that the AllCategories property invokes "this.SecurityCheckForSearchAdmins();" ...several levels down from there "this.CurrentUserIsAdministrator(false);" is called, which means that ContentApplicationAccess is disallowed. I saw that all error messages there are scoped as "Verbose" and sure enough after switching the Diagnostic logging to verbose I then saw this:
"Farm Admin check disabled for this process. 380a99f0-94a8-4b4a-9f61-656452e9b8e9"
Personally I think it makes no sense to disallow read access to the CrawledProperties, but I bet someone else will have another opinion. We simply want to give the content admin of the site some transparency over what columns have been mapped to CrawledProperties and then further on to ManagedProperties. I guess I'll now have to look for a "by-pass"/work-around. Anyone got a good suggestion?
-
Thursday, June 03, 2010 10:00 PM
Cant you use SPRunWithElevatedPrivileges?
see
-
Thursday, June 03, 2010 10:07 PMRaevean, no that doesn't help, as I am already the Farm administrator, so there is nothing to elevate to anyway. The problem is that the SharePoint 2010 code blocks access to the AllCategories property because it is invoked from a ContentApplication.
-
Friday, June 04, 2010 1:39 AM
Ok i see
Then create a sharepoint WCF to retreive information you want, deploy into the farm (to the ISAPI folder) and then call it using Http://centraladminwebapp/_vti_bin/yourwcf.svc url
no?
-
Friday, June 04, 2010 11:30 AM
Hi Raevean, yes, putting a component into the central admin web app or the farm, to communicate with, is a possibility in general and using WCF for this is one option to investigate.
I'll have to consider the performance impact though also. After having "lost" a day on this I feel I need to do some something plain productive now, but I'll let you know which way I went.
Thanks for your suggestions!
-
Wednesday, September 15, 2010 11:07 AM
I finally find the time to follow up on this.
We did indeed decide to use a WCF access to the central admin web application to retrieve the matching Managedproperty's for a list's columns.
Installing a WCF service this way is very straight-forward. simply put a svc file into the Managed Folder "ADMISAPI". The service will then be accessible via the "_vti_adm" virtual folder.
I still consider the lack of read accessibility from the content application a bug, but in the meantime we'll have to do with the WCF "work-around".
-
Tuesday, April 26, 2011 12:50 PMI too have encountered this problem. SP 2010 does not allow some application, including IIS from determining if a user is a farm admin when "RegisterPluggableSecurityTrimmer" is called. SP logs will literally show an error saying basically SP WON'T let the app determine if the caller is a farm admin, even if they are.
My solution to get "RegisterPluggableSecurityTrimmer" to work was to make a console app, and run it with the farm admin account (and a full server admin too). Then it worked. -
Sunday, August 07, 2011 10:51 AMHi J-S-B, that's correct: a console application will not have this problem, as the SharePoint 2010 code only checks whether the access is made from SP content applications, and if so, will deny access to the administration objects.
-
Sunday, August 07, 2011 6:03 PMCode accessing the Search Schema is easily solved, by elevating privileges and making sure the application pool account is included as one of the administrators for the Search Service Application.
Blog | SharePoint Field Notes Dev Tool | ClassMaster -
Wednesday, May 02, 2012 6:43 PM
I am also getting the error even though my application pool account is included as one of the administrators for the search service application.
Any update on how to resolve this issue?
Thanks
.png){kind=spacer}
