I am trying to confirm my findings on permissions.
For a SharePoint object model that can be accessed from a console application or from a WinForm application, the user running the application must have the db_admin permission for the content database for the Web application in question.
To use Microsoft.SharePoint.Administration (like called SPFarm.Local.Solutions.Add), the following should be true within an ASP.NET application:
- Call runways should be wrapped with availed prizelets such as the following:
SPSecurity.RunWithElevatedPrivileges (rep (code to run {}}};
-
The user accessing the ASP.Net page should be a part of the Administrators group (pages running under _layouts)
-
The user in the identity of the app pool for the web application in question should also be in the Farm Administrator group.
Does Ti see his information correct?
Yes, but within the web service code, you call functional code using RunWithElevated privileges By leaving this type of identity you are running a web service and instead uses the SPFarmAdmin user to execute the code.
Alternatively, host an web service in an app pool that will allow the use of the same domain account for your central admin site, and anonymous access to the web service. It will be safe for internal use only and This would mean that the web service had always had high permissions.
Comments
Post a Comment