SharePoint 2013 工作流身份验证错误 401
-
10-12-2019 - |
题
我试图让 SharePoint 2013 工作流以普通用户(而不是网站集管理员)身份运行。
启动工作流程时,它立即失败并出现错误:
RequestorId": c0c2fcc9-abfb-6e2b-f229-68417fb5815c. Details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPRequestGuid":["c0c2fcc9-abfb-6e2b-f229-68417fb5815c"],"request-id":["c0c2fcc9-abfb-6e2b-f229-68417fb5815c"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1; RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Mon, 04 Feb 2013 15:55:21 GMT"],"Server":["Microsoft-IIS\/8.0"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]} Der HTTP-Antwortinhalt konnte nicht gelesen werden. "Error while copying content to a stream.". bei Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) bei System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager) bei
在 ULS 日志中我可以找到错误 “权限检查失败。要求 0x10000,得到 0x2000000000”, ,来自“身份验证授权”,我觉得很奇怪(什么权限是 0x10000 等)。
当我将用户设置为尝试以网站集管理员身份执行工作流时,工作流运行顺利。
02.04.2013 16:24:43.64 w3wp.exe (0x1594) 0x0E04 SharePoint Foundation Authentication Authorization ag6al Medium OAuth app principal Name=i:0i.t|ms.sp.ext|21c57850-ff6e-4fb6-9aa4-201733bf3f18@6a9b095b-7157-4a94-96f2-a27dd438b36d, IsAppOnlyRequest=False, UserIdentityName=0#.w|testdomain\testoffice11, ClaimsCount=18 c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.64 w3wp.exe (0x1594) 0x12E8 SharePoint Foundation CSOM agw10 Medium Begin CSOM Request ManagedThreadId=34, NativeThreadId=4840 c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66 w3wp.exe (0x1594) 0x12E8 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66 w3wp.exe (0x1594) 0x12E8 SharePoint Foundation Authentication Authorization ag69m Medium TenantScopedPerm=0, AllowAppOnlyPolicy=False, AppId=i:0i.t|ms.sp.ext|21c57850-ff6e-4fb6-9aa4-201733bf3f18@6a9b095b-7157-4a94-96f2-a27dd438b36d. c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66 w3wp.exe (0x1594) 0x12E8 SharePoint Foundation Authentication Authorization ajmmu Medium Permission check failed. asking for 0x10000, have 0x2000000000 c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66 w3wp.exe (0x1594) 0x12E8 SharePoint Foundation General ftd0 Medium Access Denied. Exception: Es wurde versucht, einen nicht autorisierten Vorgang auszuführen., StackTrace: bei Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex) bei Microsoft.SharePoint.SPSecurableObject.CheckPermissions(SPBasePermissions permissionMask) bei Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest() bei Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer) bei Microsoft.SharePoint.Client.ClientRequestService.ProcessRestQuery(Stream inputStream) bei SyncInvokeProcessRestQuery(Object , Object[] , Object[] ) bei System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) bei System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) bei System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) bei System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) bei System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) bei System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext) bei System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext) bei System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result) bei System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result) bei System.Runtime.AsyncResult.Complete(Boolean completedSynchronously) bei System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item) bei System.Runtime.InputQueue`1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread) bei System.Runtime.InputQueue`1.EnqueueAndDispatch(T item, Action dequeuedCallback, Boolean canDispatchOnThisThread) bei System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, Action dequeuedCallback, Boolean canDispatchOnThisThread) bei System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.CompleteParseAndEnqueue(IAsyncResult result) bei System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.HandleParseIncomingMessage(IAsyncResult result) bei System.Runtime.AsyncResult.SyncContinue(IAsyncResult result) bei System.ServiceModel.Channels.HttpPipeline.EmptyHttpPipeline.BeginProcessInboundRequest(ReplyChannelAcceptor replyChannelAcceptor, Action dequeuedCallback, AsyncCallback callback, Object state) bei System.ServiceModel.Channels.HttpChannelListener`1.HttpContextReceivedAsyncResult`1.ProcessHttpContextAsync() bei System.ServiceModel.Channels.HttpChannelListener`1.BeginHttpContextReceived(HttpRequestContext context, Action acceptorCallback, AsyncCallback callback, Object state) bei System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result) bei System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest() bei System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest() bei System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequest(Object state) bei System.ServiceModel.AspNetPartialTrustHelpers.PartialTrustInvoke(ContextCallback callback, Object state) bei System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequestWithFlow(Object state) bei System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped) bei System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped) bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP) . c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66 w3wp.exe (0x1594) 0x12E8 SharePoint Foundation CSOM afxwb High System.UnauthorizedAccessException: Es wurde versucht, einen nicht autorisierten Vorgang auszuführen. bei Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex) bei Microsoft.SharePoint.SPSecurableObject.CheckPermissions(SPBasePermissions permissionMask) bei Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest() bei Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer) c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66 w3wp.exe (0x1594) 0x12E8 SharePoint Foundation CSOM agmjp High Original error: System.UnauthorizedAccessException: Es wurde versucht, einen nicht autorisierten Vorgang auszuführen. bei Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex) bei Microsoft.SharePoint.SPSecurableObject.CheckPermissions(SPBasePermissions permissionMask) bei Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest() bei Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer) c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66 w3wp.exe (0x1594) 0x12E8 SharePoint Portal Server Microfeeds aizmo Medium SocialRESTExceptionProcessingHandler.DoServerExceptionProcessing - SharePoint Server Exception [System.UnauthorizedAccessException: Es wurde versucht, einen nicht autorisierten Vorgang auszuführen. bei Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex) bei Microsoft.SharePoint.SPSecurableObject.CheckPermissions(SPBasePermissions permissionMask) bei Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest() bei Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer)] c0c2fcc9-abfb-6e2b-f229-68417fb5815c
我尝试向尝试执行工作流的用户授予站点所有者权限、站点读者或站点贡献者权限 - 在所有情况下工作流都会失败。只有网站集管理员(用户或其他管理员)才能启动工作流。
编辑:我查看了 SPBasePermissions。错误实际上是说 “权限检查失败。要求“开放”,有“UseRemoteAPIs”。
解决方案
该问题与用户所在的 OU 有关。
我的主要 OU 位于 DOMAIN > MainOU > SubOU
- 该 OU 中包含我的所有 SharePoint 组和用户。让我们以 “SharePoint 用户” 组作为该 OU 中的示例。它有权在 SharePoint 上做出贡献。
我现在有一个不同的 OU,位于 DOMAIN > DifferentOU
对于测试用户。我通过将这些测试用户也放入 SharePoint 中来授予他们对 SharePoint 的权限 SharePoint 用户 团体。
这就是导致问题的原因:
在同一 AD 分支(同一 OU)中添加用户时,一切都很好。但是,一旦用户来自不同的并行分支(不同的 OU),安全性就会以某种方式不起作用,我会收到上述错误消息。
为了解决这个问题,我只需要运行用户配置文件同步。