Prev: Error creating mySite in SharePoint 2007
Next: "Computing Ranking" does not stop and searches do not work anymore
From: oriol.ardevol on 1 Mar 2007 07:04
Hi,

I have a web application in Sharepoint 2007. This application is
extended for configure an external access, so I have the following
sites:

http://server:999/ - Web application, zone Default
http://server:998/ - Web application extended, zone Extranet

For the default zone I have set the authentication to Windows -
Integrated, and for the extranet zone I have set it to Forms (the
authentication is made with an Active Directory server and I have set
the LDAP membership provider in the web.config and assigned it), both
have anonymous access disabled.

If I access the web application throught the default zone (:999)
everything is ok. The problem is when I try to access via the extranet
zone (:998). The sharepoint log in form is displayed ok and the user
is correctly authenticated with the AD server, the user gets correctly
to the welcome aspx.

The problem is with the user privileges or roles. I set a user to
belong to the site owner's role (and should have access to all the
site settings as well as create anything) and the user makes it to the
welcome aspx but hasn't got any privilege at all. The "Site Actions"
menu is not displayed and If I try to access any page directly (like
_layouts/create.aspx where he should have access) it goes to an
Error : access denied page.

It seems that the user is not correctly assigned to any of the
sharepoint roles where he belongs. Is there anything I've done wrong?
Could it have something to do with the property "Role Manager" from
the "Edit Authentication" page ? if it has, how should I set it ?

Thanks in advance for everything, any help will be appreciated.
ori

From: Dave W on 1 Mar 2007 13:45
"Site Owners" Is a group not a role. Permissions still need to be
assigned to the group. By default the owners group is set to have full
control, did someone change it?

From: oriol.ardevol on 2 Mar 2007 03:02
On 1 mar, 19:45, "Dave W" <dave.woller...(a)gmail.com> wrote:
> "Site Owners" Is a group not a role. Permissions still need to be
> assigned to the group. By default the owners group is set to have full
> control, did someone change it?

No, the permissions are correctly set for the group "Site Owners" and
Site Owner users should have full control.

BTW if I change the authentication provider for the Extranet web
application from Forms to Windows and assign it to "Basic
Authentication" I can log in with a Site Owner user and the Site
Action menu is correctly displayed and the user has the privileges it
is supposed to have.

If then I switch again to Forms Authentication the same user is
authenticated but, as I said in my first post, doesn't have any
privilege.

Regards,
ori

From: oriol.ardevol on 2 Mar 2007 07:03
In case it might help I've noticed that after the Extranet
Authentication (with my LDAP membership provider), the sharepoint
current user (SPUser) is null.

SPWeb web = SPControl.GetContextWeb(Context);
SPUser currentUser =
web.CurrentUser; -> current User is null

Context.User.Identity -> not null

Why isn't sharepoint instantiating the current spuser with the
credentials retrieved from the active directory ? is there any way to
implement this ?

Regards,
ori

From: Jerry Rasmussen on 2 Mar 2007 08:56
Are you using forms authentication to authenticate against Active Directory?

oriol.ardevol(a)gmail.com wrote:
> On 1 mar, 19:45, "Dave W" <dave.woller...(a)gmail.com> wrote:
>> "Site Owners" Is a group not a role. Permissions still need to be
>> assigned to the group. By default the owners group is set to have full
>> control, did someone change it?
>
> No, the permissions are correctly set for the group "Site Owners" and
> Site Owner users should have full control.
>
> BTW if I change the authentication provider for the Extranet web
> application from Forms to Windows and assign it to "Basic
> Authentication" I can log in with a Site Owner user and the Site
> Action menu is correctly displayed and the user has the privileges it
> is supposed to have.
>
> If then I switch again to Forms Authentication the same user is
> authenticated but, as I said in my first post, doesn't have any
> privilege.
>
> Regards,
> ori
>
 |  Next  |  Last
Pages: 1 2
Prev: Error creating mySite in SharePoint 2007
Next: "Computing Ranking" does not stop and searches do not work anymore