使用全局管理员帐户访问拒绝Office 365/SharePoint联机
Nit*_*ani 4 sharepoint sharepoint-clientobject office365 csom sharepoint-online
因为两天解决问题,我疯了.问题是;
我正在制作一个控制台APP,它使用全局管理员帐户(在制作新订阅时指定为管理员)与SharePoint Online交谈.我想要实现的是,我想使用CSOM为Office 365的每个网站集和子网站添加自定义操作.该代码工作正常,但注册时由Office 365预先创建的根网站集(即https://xyz.sharepoint.com)
对于任何用于根网站收集的租户,它会给出以下错误;
{"SchemaVersion":"15.0.0.0","LibraryVersion":"16.0.3912.1201","ErrorInfo":{"ErrorMessage":"访问被拒绝.您无权执行此操作或访问此资源.", "ErrorValue":null,"TraceCorrelationId":"2a47fd9c-c07b-1000-cfb7-cdffbe3ab83a","ErrorCode": - 2147024891,"ErrorTypeName":"System.UnauthorizedAccessException"},"TraceCorrelationId":"2a47fd9c-c07b-1000 -cfb7-cdffbe3ab83a"}
现在用户是全局管理员.我还再次将该用户添加为网站集管理员.
同一段代码可以在其他网站集(搜索网站集,任何新制作的网站集......)上正常工作.
这是一个代码;
using (ClientContext spcollContext = new ClientContext(web.Url))
{
SecureString passWord = new SecureString();
foreach (char c in strAdminPassword.ToCharArray()) passWord.AppendChar(c);
SharePointOnlineCredentials creds = new SharePointOnlineCredentials(strAdminUser, passWord);
spcollContext.Credentials = creds;
Web currentweb = spcollContext.Web;
spcollContext.Load(currentweb);
spcollContext.ExecuteQuery();
// authCookie = creds.GetAuthenticationCookie(new Uri(web.Url));
var existingActions2 = currentweb.UserCustomActions;
spcollContext.Load(existingActions2);
spcollContext.ExecuteQuery();
var actions2 = existingActions2.ToArray();
foreach (var action in actions2)
{
if (action.Description == "CustomScriptCodeForEachsite" &&
action.Location == "ScriptLink")
{
action.DeleteObject();
spcollContext.ExecuteQuery();
}
}
var newAction2 = existingActions2.Add();
newAction2.Description = "CustomScriptCodeForEachsite";
newAction2.Location = "ScriptLink";
newAction2.ScriptBlock = scriptBlock;
newAction2.Update();
spcollContext.Load(currentweb, s => s.UserCustomActions);
spcollContext.ExecuteQuery(); // GETTING ERROR ON THIS LINE.
}
注意:以上错误是Fiddler跟踪.
最有可能的这种行为是造成自定义脚本功能,当基本上出现问题自定义脚本功能被关闭
如何验证?
您可以使用以下控制台应用验证网站权限:
using (var ctx = GetContext(webUri, userName, password))
{
var rootWeb = ctx.Site.RootWeb;
ctx.Load(rootWeb, w => w.EffectiveBasePermissions);
ctx.ExecuteQuery();
var permissions = rootWeb.EffectiveBasePermissions;
foreach (var permission in Enum.GetValues(typeof(PermissionKind)).Cast<PermissionKind>())
{
var permissionName = Enum.GetName(typeof(PermissionKind), permission);
var hasPermission = permissions.Has(permission);
Console.WriteLine("Permission: {0}, HasPermission: {1}", permissionName, hasPermission);
}
}
哪里
public static ClientContext GetContext(Uri webUri, string userName, string password)
{
var securePassword = new SecureString();
foreach (var ch in password) securePassword.AppendChar(ch);
return new ClientContext(webUri) {Credentials = new SharePointOnlineCredentials(userName, securePassword)};
}
当SP.PermissionKind.AddAndCustomizePages设置为False时,添加用户自定义操作时会发生Access denied错误.
解
对于自助服务创建的站点,默认情况下禁用自定义脚本
Solution: enable Allow users to run custom scripts on self-service created sites
从SharePoint管理中心启用或禁用脚本
- 使用您的工作或学校帐户登录Office 365.
- 转到SharePoint管理中心.
- 选择设置.
在自定义脚本下选择:
阻止用户在个人网站上运行自定义脚本或允许用户在个人网站上运行自定义脚本.
阻止用户在用户创建的站点上运行自定义脚本或允许用户在自助服务创建的站点上运行自定义脚本.
- 选择确定.更改生效大约需要24小时.
由于通过SharePoint Online管理中心对脚本设置所做的任何更改可能需要最多24小时才能生效,因此您可以通过CSOM API(SharePoint Online Client Components SDK)立即在特定网站集上启用脚本,如下所示:
public static void DisableDenyAddAndCustomizePages(ClientContext ctx, string siteUrl)
{
var tenant = new Tenant(ctx);
var siteProperties = tenant.GetSitePropertiesByUrl(siteUrl, true);
ctx.Load(siteProperties);
ctx.ExecuteQuery();
siteProperties.DenyAddAndCustomizePages = DenyAddAndCustomizePagesStatus.Disabled;
var result = siteProperties.Update();
ctx.Load(result);
ctx.ExecuteQuery();
while (!result.IsComplete)
{
Thread.Sleep(result.PollingInterval);
ctx.Load(result);
ctx.ExecuteQuery();
}
}
用法
using (var ctx = GetContext(webUri, userName, password))
{
using (var tenantAdminCtx = GetContext(tenantAdminUri, userName, password))
{
DisableDenyAddAndCustomizePages(tenantAdminCtx,webUri.ToString());
}
RegisterJQueryLibrary(ctx);
}
哪里
public static void RegisterJQueryLibrary(ClientContext context)
{
var actions = context.Site.UserCustomActions;
var action = actions.Add();
action.Location = "ScriptLink";
action.ScriptSrc = "~SiteCollection/Style Library/Scripts/jQuery/jquery.min.js";
action.Sequence = 1482;
action.Update();
context.ExecuteQuery();
}
| 归档时间: |
|
| 查看次数: |
8368 次 |
| 最近记录: |