SharePoint 2013 工作流身份验证错误 401

https://sharepoint.stackexchange.com//questions/58772

10-12-2019
|

题

我试图让 SharePoint 2013 工作流以普通用户（而不是网站集管理员）身份运行。

启动工作流程时，它立即失败并出现错误：

RequestorId": c0c2fcc9-abfb-6e2b-f229-68417fb5815c. Details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPRequestGuid":["c0c2fcc9-abfb-6e2b-f229-68417fb5815c"],"request-id":["c0c2fcc9-abfb-6e2b-f229-68417fb5815c"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1; RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Mon, 04 Feb 2013 15:55:21 GMT"],"Server":["Microsoft-IIS\/8.0"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]} Der HTTP-Antwortinhalt konnte nicht gelesen werden. "Error while copying content to a stream.". bei Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) bei System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager) bei

在 ULS 日志中我可以找到错误 “权限检查失败。要求 0x10000，得到 0x2000000000”, ，来自“身份验证授权”，我觉得很奇怪（什么权限是 0x10000 等）。

当我将用户设置为尝试以网站集管理员身份执行工作流时，工作流运行顺利。

02.04.2013 16:24:43.64  w3wp.exe (0x1594)       0x0E04  SharePoint Foundation Authentication Authorization    ag6al                Medium              OAuth app principal Name=i:0i.t|ms.sp.ext|21c57850-ff6e-4fb6-9aa4-201733bf3f18@6a9b095b-7157-4a94-96f2-a27dd438b36d, IsAppOnlyRequest=False, UserIdentityName=0#.w|testdomain\testoffice11, ClaimsCount=18       c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.64  w3wp.exe (0x1594)       0x12E8  SharePoint Foundation CSOM   agw10   Medium              Begin CSOM Request ManagedThreadId=34, NativeThreadId=4840   c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66  w3wp.exe (0x1594)       0x12E8  SharePoint Foundation Logging Correlation Data             xmnv                Medium              Site=/   c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66  w3wp.exe (0x1594)       0x12E8  SharePoint Foundation Authentication Authorization    ag69m                Medium              TenantScopedPerm=0, AllowAppOnlyPolicy=False, AppId=i:0i.t|ms.sp.ext|21c57850-ff6e-4fb6-9aa4-201733bf3f18@6a9b095b-7157-4a94-96f2-a27dd438b36d.    c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66  w3wp.exe (0x1594)       0x12E8  SharePoint Foundation Authentication Authorization    ajmmu                Medium              Permission check failed. asking for 0x10000, have 0x2000000000             c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66  w3wp.exe (0x1594)       0x12E8  SharePoint Foundation General               ftd0       Medium                Access Denied. Exception: Es wurde versucht, einen nicht autorisierten Vorgang auszuführen., StackTrace:   bei Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)     bei Microsoft.SharePoint.SPSecurableObject.CheckPermissions(SPBasePermissions permissionMask)     bei Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest()     bei Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer)     bei Microsoft.SharePoint.Client.ClientRequestService.ProcessRestQuery(Stream inputStream)     bei SyncInvokeProcessRestQuery(Object , Object[] , Object[] )     bei System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)     bei System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)     bei System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)     bei System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)     bei System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)     bei System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)     bei System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)     bei System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)     bei System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)     bei System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)     bei System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)     bei System.Runtime.InputQueue`1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread)     bei System.Runtime.InputQueue`1.EnqueueAndDispatch(T item, Action dequeuedCallback, Boolean canDispatchOnThisThread)     bei System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, Action dequeuedCallback, Boolean canDispatchOnThisThread)     bei System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.CompleteParseAndEnqueue(IAsyncResult result)     bei System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.HandleParseIncomingMessage(IAsyncResult result)     bei System.Runtime.AsyncResult.SyncContinue(IAsyncResult result)     bei System.ServiceModel.Channels.HttpPipeline.EmptyHttpPipeline.BeginProcessInboundRequest(ReplyChannelAcceptor replyChannelAcceptor, Action dequeuedCallback, AsyncCallback callback, Object state)     bei System.ServiceModel.Channels.HttpChannelListener`1.HttpContextReceivedAsyncResult`1.ProcessHttpContextAsync()     bei System.ServiceModel.Channels.HttpChannelListener`1.BeginHttpContextReceived(HttpRequestContext context, Action acceptorCallback, AsyncCallback callback, Object state)     bei System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result)     bei System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest()     bei System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()     bei System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequest(Object state)     bei System.ServiceModel.AspNetPartialTrustHelpers.PartialTrustInvoke(ContextCallback callback, Object state)     bei System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequestWithFlow(Object state)     bei System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)     bei System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)     bei System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)  .           c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66  w3wp.exe (0x1594)       0x12E8  SharePoint Foundation CSOM   afxwb   High                System.UnauthorizedAccessException: Es wurde versucht, einen nicht autorisierten Vorgang auszuführen.     bei Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)     bei Microsoft.SharePoint.SPSecurableObject.CheckPermissions(SPBasePermissions permissionMask)     bei Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest()     bei Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer)  c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66  w3wp.exe (0x1594)       0x12E8  SharePoint Foundation CSOM   agmjp   High       Original error: System.UnauthorizedAccessException: Es wurde versucht, einen nicht autorisierten Vorgang auszuführen.     bei Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)     bei Microsoft.SharePoint.SPSecurableObject.CheckPermissions(SPBasePermissions permissionMask)     bei Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest()     bei Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer)  c0c2fcc9-abfb-6e2b-f229-68417fb5815c
02.04.2013 16:24:43.66  w3wp.exe (0x1594)       0x12E8  SharePoint Portal Server             Microfeeds        aizmo                Medium              SocialRESTExceptionProcessingHandler.DoServerExceptionProcessing - SharePoint Server Exception [System.UnauthorizedAccessException: Es wurde versucht, einen nicht autorisierten Vorgang auszuführen.     bei Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)     bei Microsoft.SharePoint.SPSecurableObject.CheckPermissions(SPBasePermissions permissionMask)     bei Microsoft.SharePoint.Client.SPClientServiceHost.OnBeginRequest()     bei Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer)] c0c2fcc9-abfb-6e2b-f229-68417fb5815c

我尝试向尝试执行工作流的用户授予站点所有者权限、站点读者或站点贡献者权限 - 在所有情况下工作流都会失败。只有网站集管理员（用户或其他管理员）才能启动工作流。

编辑：我查看了 SPBasePermissions。错误实际上是说 “权限检查失败。要求“开放”，有“UseRemoteAPIs”。

解决方案

该问题与用户所在的 OU 有关。

我的主要 OU 位于 DOMAIN > MainOU > SubOU - 该 OU 中包含我的所有 SharePoint 组和用户。让我们以 “SharePoint 用户” 组作为该 OU 中的示例。它有权在 SharePoint 上做出贡献。

我现在有一个不同的 OU，位于 DOMAIN > DifferentOU 对于测试用户。我通过将这些测试用户也放入 SharePoint 中来授予他们对 SharePoint 的权限 SharePoint 用户 团体。

这就是导致问题的原因：
在同一 AD 分支（同一 OU）中添加用户时，一切都很好。但是，一旦用户来自不同的并行分支（不同的 OU），安全性就会以某种方式不起作用，我会收到上述错误消息。

为了解决这个问题，我只需要运行用户配置文件同步。

许可以下： CC-BY-SA 和归因

不隶属于 sharepoint.stackexchange