Searchresults from high trust add-in are missing
-
19-01-2021 - |
문제
I am writing a console app for the purpose of a remote timer job that is using the high trust app only add-in model to access SharePoint by using a certificate. This is test code I created for this example. The add-in works fine using certificates to log in. I only see unexpected behavior when running a search query. So for this example I am not providing all code.
I have 3 test sitecollections in my farm (test1, test2 and test3) When I execute this regular CSOM I get all the sites in my console:
using (ClientContext clientContext = new ClientContext("http://test.local/test/site1"))
{
KeywordQuery query = new KeywordQuery(clientContext);
query.QueryText = "Path:\"http://test.local/test/*\" AND ContentClass:STS_Site";
query.RowLimit = 500;//max row limit is 500 for KeywordQuery
query.SelectProperties.Add("Url");
query.TrimDuplicates = false;
SearchExecutor searchExecutor = new SearchExecutor(clientContext);
ClientResult<ResultTableCollection> results = searchExecutor.ExecuteQuery(query);
clientContext.ExecuteQuery();
foreach (var item in results.Value[0].ResultRows)
{
Console.WriteLine(item["Url"].ToString());
}
}
Output:
Now I have this code snippet (I am using a certificate to connect)
using (var clientContext = TokenHelper.GetS2SClientContextWithWindowsIdentity("http://test.local/test/site1", currentUserWindowsIdentity))
{
KeywordQuery query = new KeywordQuery(clientContext);
query.QueryText = "Path:\"http://test.local/test/*\" AND ContentClass:STS_Site";
query.RowLimit = 500;//max row limit is 500 for KeywordQuery
query.SelectProperties.Add("Url");
query.TrimDuplicates = false;
SearchExecutor searchExecutor = new SearchExecutor(clientContext);
ClientResult<ResultTableCollection> results = searchExecutor.ExecuteQuery(query);
clientContext.ExecuteQuery();
}
The output in this case is only sitecollection 1
Any ideas why I get only 1 result? The add in has full control persmissions on all three sitecollections. When I change the url:
using (var clientContext = TokenHelper.GetS2SClientContextWithWindowsIdentity("http://test.local/test/site2", currentUserWindowsIdentity))
I only see:
as the result
Update
When I use the root sitecollection url like:
using (var clientContext = TokenHelper.GetS2SClientContextWithWindowsIdentity("http://test.local", currentUserWindowsIdentity))
I do get all the three sites. Is this expected behaviour?
Update
When searching in the sitecollections through the searchbox I get all sitecollections in my result.
해결책 2
I ended up giving the App principal full control on my tenant with this powershell script.
$absoluteWebApplicationUrl = https://localhost
if(-not $absoluteWebApplicationUrl.EndsWith('/')) {
$absoluteWebApplicationUrl = "$absoluteWebApplicationUrl/"
}
$AppName = "Provider Placeholder App"
$clientID = "bfeae944-65cb-4335-9ce4-7c024183c465"
$authRealm = Get-SPAuthenticationRealm -ServiceContext $absoluteWebApplicationUrl;
$AppIdentifier = $clientID + '@' + $authRealm;
Register-SPAppPrincipal -NameIdentifier $AppIdentifier -Site $absoluteWebApplicationUrl -DisplayName $AppName | Out-Null
Write-Verbose " *App Registered" -Verbose
$appPrincipal = Get-SPAppPrincipal -NameIdentifier $AppIdentifier -Site $absoluteWebApplicationUrl
if($null -ne $appPrincipal) {
#Remove-SPAppPrincipalPermission -appPrincipal $appPrincipal -site $absoluteWebApplicationUrl -Scope Site
Remove-SPAppPrincipalPermission -Site $absoluteWebApplicationUrl -AppPrincipal $appPrincipal -Scope SiteSubscription | Out-Null
Write-Verbose " *App Trust Removed" -Verbose
}
#Set-SPAppPrincipalPermission -Site $absoluteWebApplicationUrl -AppPrincipal $appPrincipal -Scope Site -Right FullControl -EnableAppOnlyPolicy | Out-Null
Set-SPAppPrincipalPermission -Site $absoluteWebApplicationUrl -AppPrincipal $appPrincipal -Scope SiteSubscription -Right FullControl -EnableAppOnlyPolicy | Out-Null
Write-Verbose " *App Trust Added" -Verbose
The -Scope parm is key. Setting this to SiteSubscription gives the principal full control on the webapplication. In my case all the site collections on my webapp. In my case I can do this. For setting the permissions per site collection use -scope SiteCollection or -scope site
다른 팁
This could have something to do with the Search Result Source or "Search Scope" for each site collection being specific to itself, whereas the "root" site collection has a scope that defines all site collections.
If you go to the site collections themselves and perform a query via the interface, do you see the same behaviour?
If so, you could probably update the search result source/scope to include all site collections like the root has.