Security issue when calling QueryService.QueryEx RRS feed

  • Question

  • I have a regular .NET application that plugs into FAST search to get search results from a sharepoint site. I'm using search.asmx.

    When I call QueryService.QueryEx(), I get results as long as I'm logged in as a person who is a site collection admin. If I make the same call as a user with read only rights on the site, I get the following exception:

    System.Web.Services.Protocols.SoapException: Server was unable to process
    request. ---> Attempted to perform an unauthorized operation

    I know I can run with elevated priviledges and it will likely work, but I want to get search results for the currently logged in user, not everybody. The same search results the user would get when searching within sharepoint.

    Here's my relevant code...

    // Instantiate the Query Web service.
    SPFASTQueryWebService.QueryService queryService = new SPFASTQueryWebService.QueryService(_serviceURL);
    // Use the credentials of the user running the client application:
    queryService.Credentials = System.Net.CredentialCache.DefaultCredentials;
    // Run the QueryEx method, returning the results to a DataSet:
    _xmlQuery = GetFASTXMLString(_urlToDocLib, _titleContains, _docContains, _sortBy, _bSortAscending, _startAt, _count);

    System.Data.DataSet queryResults = queryService.QueryEx(_xmlQuery);

    Any idea how to get this working for all users?

    • Edited by charie Monday, February 18, 2013 1:46 PM clarification
    Monday, February 18, 2013 1:45 PM

All replies

  • I found the problem. The user making the query request has to have at least read only rights for the site specified in the search.asmx _serviceURL path.
    Monday, February 18, 2013 7:47 PM