1

I am currently working on a project where we are focused to develop as much as possible against the SharePoint CSOM library.

Unfortunately CSOM offers no possibility to access Cross-Site-Publishing functionalities. So we decided to deploy a ASP.NET Web API web service on the target SharePoint system, which is hosted in a separate application pool and uses SSOM (server side SharePoint libraries).

The pool identity has full farm administrator rights and the web application is configured to use Windows credentials and impersonation.

<configuration>
  <appSettings></appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Windows" />
    <identity impersonate="true" />
  </system.web>
  <system.webServer>
    <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <validation validateIntegratedModeConfiguration="false"/>
  </system.webServer>
</configuration>

So far so good.

But when I consume the web service API over IIS I get an "UnauthorizedAccessException" even when trying to just get a plain list:

using (var site = new SPSite(http://some.url))
{
    var list = site.RootWeb.GetList(listUrl);
}

Additional information: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

The call is executed by using a HttpClient:

var handler = new HttpClientHandler
{
    UseDefaultCredentials = true
};

var client = new HttpClient(handler)
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

var response = Client.PostAsync("http://serviceadress/api/controller", jsonContent).Result;

Furthermore the identity that executes that process (a console application) is the same identity the pool is also running.

What am I missing? I really don't understand that issue. Especially because when I host the web service in an local running OWIN host everything works like a charm - why not in IIS?

The code for the OWIN host:

using (WebApp.Start<ControllerTest>("http://localhost:9000/"))
{
    // Create HttpCient and make a request to api/controller
    var client = new HttpClient
    {
        Timeout = TimeSpan.FromSeconds(300.0)
    };
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    var jsonPost = JsonConvert.SerializeObject(argument);

    var content = new StringContent(
        jsonPost,
        Encoding.UTF8,
        "application/json");

    var response = client.PostAsync(baseAddress + "api/controller", content).Result;
}
Improve this question

1 Answer 1

Reset to default
1

Ok the issue has been fixed. The problem was not the IIS itself but the SharePoint ASP.NET context.

When running in that context you have to make sure to handle the cross-site scripting protection in a correct manner.

Here is how

The E_ACCESSDENIED resulted from a false configuration in the IIS. The web service is now hosted in the same web site like SharePoint.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.