What I have?
I have a SharePoint 2010 web application with FBA configured and it is exposed to Internet. The root site collection has a huge hierarchy and each site has document libraries with many documents.
There are more than 10 site groups defined and some of them has access only to some sites.
What problem am I facing?
Everything was working fine and suddenly I am facing a problem in Enterprise Search.
When a user searches, the search result displays everything (including the site where user does not have permission) and clicking on a result it either opens the item (page/document) or shows Access denied error depending on whether the user has permission on that item.
Can someone tell me why is this happening?
We finally figured out the problem with this one.
We had given Full Read permissions to NT AUTHORITY\Authenticated Users for All zones in User Policy of the web applications in question. I am not sure of the reason for giving this permission. We removed it. Then, a full crawl fixed the issue.
Thanks!
Related
there is a requirement in my project to create couple of anonymous pages in SharePoint Online for guest users. I know this is possible with SharePoint On Premise, however just wanted to check if its possible in SharePoint Online also to create anonymous pages, because in SharePoint Online, its always required to authenticate the user against Azure Active Directory.
Business Scenario - Guest users should be able to access 1-2 anonymous pages, after that they need to login into the application to access further application features and functionalities.
Anonymous access is not supported in SPO sites from safety reasons and because sharing with external users is well done through Azure Active Directory.
However, the "anonymous page" behavior can be reproduced in SPO as following:
Go to Microsoft 365 admin center
Select SharePoint
Go to Sites and select Active Sites
Select the Site Collection you want, go to Policies and select "Anyone" radio button
see screenshot
Also, when doing this be careful at what you have set here: Microsoft 365 admin center->Policies->Sharing (do not forget to pay attention on safety and security)
see screenshot
Basically, all you need can be achieved by using the Admin center. This link contains more details on what I have described: https://code2care.org/tutorial/how-to-enable-anonymous-public-access-microsoft-office-365-sharepoint-online-site-collection-file-folder-without-login
Hope it helps, best regards!
I have created two applications in a microsoft office 365 account. When I saw the permission details for these two apps, I found one difference. For the first application, "OFFICE 365 SHAREPOINT ONLINE" was present, on the other hand it was absent in case of second app.
Can someone please explain why it was present in first application but absent in second one?
Also how to add the missing permission "OFFICE 365 SHAREPOINT ONLINE" for an application?
Sharepoint online Permission in first application
It looks in your screenshot like you're looking at the Enterprise Apps blade. I believe that will only show the permissions that the app has actually requested.
To change which permissions show up there you'll actually need to change the permissions being requested by the app which would happen under either the App Registrations or App Registrations (Preview) blade (slightly farther down in the list where you already are) depending on where you originally registered the app.
You should only need SharePoint permissions directly though if you plan to call SharePoint APIs that aren't covered by Microsoft Graph. You can do many tasks in Microsoft Graph directly so make sure you actually need the SharePoint permissions before requesting them.
I am attempting to add a project owner within Google Developer Console under Permissions. The original project was created with a domain user (Google Apps for Work) and I can add other domain users but cannot add external users (other gmail or different Google Apps domain user).
I receive a 504 error in the Console logs and a message saying "The server has timed out while trying to process your request."
Has anyone seen or resolved this issue? Or perhaps know of a way to contact Google support regarding this?
UPDATE:
I realized that the this happens for two of our projects and both projects have a prefix on the project ID: carrotcreates.com:xxxxxxxx
I am not sure if this is linked but carrotcreates.com is the primary domain for our Google Apps account.
Thanks!
So we are using ADFS in a public facing SharePoint 2010 site. One of the supported logins is via Live ID. We have found that if a user logs into Live ID site like Hotmail prior to reaching our site, the following happens:
Our site thinks that the user is not logged in because the ADFS LS cookie is not present
When we click on Sign In and ADFS redirects us to Live ID, the Live ID login process detects its cookie and automatically logs us in using the prior user's email. We actually want to use another email address.
Even if we clear our cookies, the above behavior persists
We have tried the following on Windows 7 successfully:
Clear the browser cookies
Delete all files from %userprofile%\AppData\Roaming\Microsoft\Windows\Cookies\
And then Live ID correctly asks the user to login.
However, the above folder does not exist in a Windows 8 computer where this behaviour can be reproduced in IE 10.
So I really need to know the name and location of the Live ID cookie so I can hunt for it and destroy it to get the sign in prompt.
The ideal solution is that ADFS destroy the cookies correctly. The ADFS team is building a diagnostic page to delete their cookies but I do not think they will be able to destroy the Live ID cookie as it is not from their domain. If I can find its location, we can live with manual instructions for now.
Update
Found an answer. The trick is to go to live.com and click on signout first and then go to the SharePoint application. Not the best solution, but it works.
Update Found an answer. The trick is to go to live.com and click on signout first and then go to the SharePoint application. Not the best solution, but it works
I am trying to set up authentication with Windows LIve ID and followed this blog post. Everything is working but I have a problem logging into live INT web site. Whenever I try to log in (https://login.live-int.com/login.srf), after entering valid email/password I get redirected to the logout page. I tried two different accounts (one with existing email address, and other one with newly created #hotmail-int.com address) and three different browsers so I'm sure that neither account nor the browser are the cause of this. I also tried to enter wrong password, and in that case I get the message that the password is wrong.
If anyone has any hint about how to log in there It would be very, very helpful. I'm integrating SharePoint 2010 with Windows Live ID and instead of solving some real problems I'm stuck with this!
I have figured out myself and I have blogged it here