Thanks Leon,
Ok, still very short on love :).
I uninstalled the CS solution and the MSI and reinstalled the MSI to a new non-SharePoint Web Site in IIS. I also created a new Team Site Site Collection so I could get the OOTB experience. (I've tried to make everything "vanilla" with the only difference being is that I need a Domain identity for the CommunityServer IIS App Pool to talk to a remote SQL Server).
Unfortunately after I installed and configured CS, I got the following error:
Server Error in '/' Application.--------------------------------------------------------------------------------
You are not authorized to use the service Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: You are not authorized to use the service
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace: [WebException: You are not authorized to use the service] CommunityServer.WebServices.Common.BaseService.GetResponse(String url) +143 CommunityServer.WebServices.Common.BaseService.ValidateUserApiKey(String username, String apiKey) +133 CommunityServer.WebServices.Common.BaseService..ctor(String siteUrl, String username, String apiKey) +261 CommunityServer.WebServices.Membership.MembershipService..ctor(String siteUrl, String username, String apiKey) +13
[TargetInvocationException: Exception has been thrown by the target of an invocation.] System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) +0 System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) +13 System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +366 System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +1036 System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +114 CommunityServer.Wss.Global.WebParts.CSWebPart.CreateServiceInstance(Boolean impersonateEnabled) +700 CommunityServer.Wss.Global.WebParts.CSWebPart.OnInit(EventArgs e) +117 System.Web.UI.Control.InitRecursive(Control namingContainer) +321 System.Web.UI.Control.AddedControl(Control control, Int32 index) +2065279 System.Web.UI.ControlCollection.Add(Control child) +146 System.Web.UI.WebControls.WebParts.WebPartManagerControlCollection.AddWebPartHelper(WebPart webPart) +247 System.Web.UI.WebControls.WebParts.WebPartManagerControlCollection.AddWebPart(WebPart webPart) +97 System.Web.UI.WebControls.WebParts.WebPartManager.AddWebPart(WebPart webPart) +52 System.Web.UI.WebControls.WebParts.WebPartManagerInternals.AddWebPart(WebPart webPart) +11 Microsoft.SharePoint.WebPartPages.SPWebPartManager.AddWebPartWithRetry(WebPart webPart) +161 Microsoft.SharePoint.WebPartPages.SPWebPartManager.AddDynamicWebPart(WebPart webPart) +70 Microsoft.SharePoint.WebPartPages.SPWebPartManager.CreateWebPartsFromRowSetData(Boolean onlyInitializeClosedWebParts) +7829 Microsoft.SharePoint.WebPartPages.SPWebPartManager.LoadWebParts() +53 Microsoft.SharePoint.WebPartPages.SPWebPartManager.OnPageInitComplete(Object sender, EventArgs e) +376 System.EventHandler.Invoke(Object sender, EventArgs e) +0 System.Web.UI.Page.OnInitComplete(EventArgs e) +2009564 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +821
I can confirm that in the REST API settings, "Everyone" is selected.
Another strange issue is that I was unable to create a new site collection until I uninstalled the CS solution - it seems the CS Farm Feature "CSGlobalExtensionStapler" was causing the issue:
05/20/2008 12:02:09.01 w3wp.exe (0x0B08) 0x1588 Windows SharePoint Services Feature Infrastructure 88jm High Feature receiver assembly 'CommunityServer.Wss.Global, Version=1.0.0.0, Culture=neutral, PublicKeyToken=454c7a96e9526647', class 'CommunityServer.Wss.Global.EventReceivers.CSGlobalExtensionFeatureReceiver', method 'FeatureActivated' for feature 'b51c6d68-710e-4e8f-ac14-563a0b8a2b97' threw an exception: System.ArgumentException: Value does not fall within the expected range. at Microsoft.SharePoint.SPFileCollection.get_Item(String urlOfFile) at CommunityServer.Wss.Global.CSUtility.AddPartsToMainPage(SPWeb web) at CommunityServer.Wss.Global.EventReceivers.CSGlobalExtensionFeatureReceiver.FeatureActivated(SPFeatureReceiverProperties properties) at Microsoft.SharePoint.SPFeature.DoActivationCallout(Boolean fActivate, Boolean fForce) 05/20/2008 12:02:09.01 w3wp.exe (0x0B08) 0x1588 Windows SharePoint Services General 72by High Feature Activation: Threw an exception, attempting to roll back. Feature 'CSGlobalExtension' (ID: 'b51c6d68-710e-4e8f-ac14-563a0b8a2b97'). Exception: System.ArgumentException: Value does not fall within the expected range. at Microsoft.SharePoint.SPFileCollection.get_Item(String urlOfFile) at CommunityServer.Wss.Global.CSUtility.AddPartsToMainPage(SPWeb web) at CommunityServer.Wss.Global.EventReceivers.CSGlobalExtensionFeatureReceiver.FeatureActivated(SPFeatureReceiverProperties properties) at Microsoft.SharePoint.SPFeature.DoActivationCallout(Boolean fActivate, Boolean fForce) at Microsoft.SharePoint.SPFeature.Activate(SPSite siteParent, SPWeb webParent, SPFeaturePropertyCollection props, Boolean fForce) 05/20/2008 12:02:09.01 w3wp.exe (0x0B08) 0x1588 1106 8e16 High Failed to activate feature 'CSGlobalExtension' (Id b51c6d68-710e-4e8f-ac14-563a0b8a2b97) associated with site template 'STS#1' at scope \"http://xxx:81\". Exception: System.ArgumentException: Value does not fall within the expected range. at Microsoft.SharePoint.SPFileCollection.get_Item(String urlOfFile) at CommunityServer.Wss.Global.CSUtility.AddPartsToMainPage(SPWeb web) at CommunityServer.Wss.Global.EventReceivers.CSGlobalExtensionFeatureReceiver.FeatureActivated(SPFeatureReceiverProperties properties) at Microsoft.SharePoint.SPFeature.DoActivationCallout(Boolean fActivate, Boolean fForce) at Microsoft.SharePoint.SPFeature.Activate(SPSite siteParent, SPWeb webParent, SPFeaturePropertyCollection props, Boolean fForce) at Microsoft.SharePoint.SPFeatureCol... 05/20/2008 12:02:09.01* w3wp.exe (0x0B08) 0x1588 1106 8e16 High ...lection.AddInternal(Guid featureId, SPFeaturePropertyCollection properties, Boolean force, Boolean fMarkOnly) at Microsoft.SharePoint.SPFeatureCollection.Add(Guid featureId, SPFeaturePropertyCollection properties, Boolean fForce) at Microsoft.SharePoint.SPTemplateAssociationElement.EnsureTemplateAssociatedWebFeaturesActivated(SPSite site, SPWeb web, String sTemplateName) 05/20/2008 12:02:09.01 w3wp.exe (0x0B08) 0x1588 Windows SharePoint Services General 761g High Failed to activate template-associated site-scoped features for template 'STS#1' in site 'http://xxx:81'. 05/20/2008 12:02:09.01 w3wp.exe (0x0B08) 0x1588 Windows SharePoint Services General 72h9 High Failed to apply template "STS#1" to web at URL "http://xxx:81". 05/20/2008 12:02:09.01 w3wp.exe (0x0B08) 0x1588 Windows SharePoint Services General 72k2 High Failed to apply template "STS#1" to web at URL "http://xxx:81", error Value does not fall within the expected range. 0x8107058a
(Aside: by default ASP.NET applications run as full trust http://msdn.microsoft.com/en-us/library/tkscy493.aspx. So while I'm not recommending it, if you needed to run one an ASP.NET app as a VD under a SharePoint web, you'd need to explicity state the trust setting to override WSS_Minimal in the root Web.config. This custom CS CAS policy seems to only apply to the Web Parts etc, rather than the CS application itself).
Thanks.
My bad - I went back and had a look - when you configure SharePoint make sure the "Username" is exactly that (e.g. admin) rather than the API key name (e.g. SharePoint). I suppose the instructions [http://docs.communityserver.com/getting-started/installation/configuring-sharepoint-integration-for-community-server-2008-maypreview/] at point 12 could be more clear (e.g. "Enter the username (e.g. admin) and API key in the appropriate fields.").
So now it's working! (sort of).
When I post in the Sample Forum as an AD user through SharePoint, I get the following error:
System.Net.WebException: 403 : Method requires authentication at CommunityServer.WebServices.Common.BaseService.PostResponse(String url, Object body) at CommunityServer.WebServices.Forums.ForumsService.AddThreadReply(ForumPost post) at CommunityServer.WebServices.Forums.ForumPost.Add() at CommunityServer.Wss.Local.WebParts.CSForumPostForm.ᐁ(Object , EventArgs )
So I assume then that I need to configure Windows Authentication for CS to allow an AD user to post - are there instructions for setting this up? Secondly, if I create a user in SharePoint is there a way for that user to be created in CS (or vice versa) - or am I missing something?
ashtangagirl:The problem is though that the web parts appear to base the URL links to the SharePoint site:
The Web Parts for forum and blogs will try to keep you in SharePoint unless specifically noted otherwise. When our solution is deployed a new document library is created at ~site/CS (in SharePoint) and that is where the web parts are linking to. They are not looking for a SharePoint installation. If 404's are being issued by the web parts it's because they can't find the correct SharePoint site location and not because they can't find CS.
ashtangagirl: I have SP installed on my 80 and CS installed on another port. In our production environment we'd likely keep CS on it's own server altogether.
I have SP installed on my 80 and CS installed on another port. In our production environment we'd likely keep CS on it's own server altogether.
This is a great idea and I encourage you to stick with this architecture. I'll investigate if the port number in CS could be complicating issues and may ask for a few more details as well. Thanks!
Leon GersingTelligent SystemSoftware Development Eng Community Server Product Teama.k.a.:fallenrogue (twitter.com/fallenrogue)(fallenrogue.com)
PeterBA: So I assume then that I need to configure Windows Authentication for CS to allow an AD user to post - are there instructions for setting this up? Secondly, if I create a user in SharePoint is there a way for that user to be created in CS (or vice versa) - or am I missing something?
That could be a bug, I'll investigate. Thanks! ~Leon
juliet: confirmed that in the Global Settings for Community Server in SharePoint were correct. I still have the same issues of not being able to add any of the forum type web parts.
Can you add type "blog" but not type "forum" or is the problem restricted to forum?
juliet: My Community Server installation is not the default website. Does it need to be the default website on the server that it is hosted on?
My Community Server installation is not the default website. Does it need to be the default website on the server that it is hosted on?
It should need to be. Location of the sites doesn't matter only that you specify them in settings which you have done.
PeterBA: Ok, still very short on love :).
Still working to bring the love!
PeterBA:System.Net.WebException: You are not authorized to use the service
This is a permission issue with REST and not a CAS error... make sure that your REST settings allow use by enough Roles (specific to your needs) to make the Create, Read, Update, Delete funtionality work.
PeterBA:Aside: by default ASP.NET applications run as full trust
Yes, ASP.NET do and that's fine, overriding the policy for say CS or another app is done at your descretion. SharePoint, on the other hand defaults to Minimal trust. Our CAS policy, correctly only provides escalated security to our assemblies as needed and no others.
What is the best way to send you a screen shot? I think a picture might help. If I try to add all of the CommunityServer web parts only 3 can be added to the page; CommunityServer Activity Messages, Community Server Search Results, Community Server SearchBox. The rest can not be added.
juliet:What is the best way to send you a screen shot?
download "Jing" from techsmith. It's free and allows you to take screenshots and movies and uplaod them to a central location for sharing. Take the shots then post the links for me to view here or message me and I'll take a look off of the main thread if need be. Thanks, ~Leon
Thanks Leon - yes, it's a bit confusing because CS defaults to Forms authentication but SharePoint is usually Windows authentication - so yeah, just wondering what extra steps you need.
Perhaps you could explain the intended functionality? (I assume that when users post to a forum they all don't show up as the API user? e.g. admin)
I see the link in the Site Setting page, but when I click on Global Settings I get an access denied from SharePoint. What SharePoint rights does it need?
I was able to install everything successfully as far as I can tell.
-Brad Turner http://www.identitychaos.com
Brad Turner:I see the link in the Site Setting page, but when I click on Global Settings I get an access denied from SharePoint.
Do you see SharePoint's access denied message or a different one? Does the page show up at all or do you get the message after trying to save?
If it's the first, then you'll need to be site admin for the site you're trying to configure.
If it's the second you'll need to provide a username/apikey of a user who has full access to the REST service in CS 2008.
Let me know how that goes and if I can be further help. Thanks ~Leon
PeterBA: Thanks Leon - yes, it's a bit confusing because CS defaults to Forms authentication but SharePoint is usually Windows authentication - so yeah, just wondering what extra steps you need. Perhaps you could explain the intended functionality? (I assume that when users post to a forum they all don't show up as the API user? e.g. admin)
Yeah, that's an obstaclue for us as well in the design (Forms vs AD). But the basics of the asumptions (as they stand today and are, btw, subject to change) is that if a user exists in SharePoint with AD then we look for that user in CS. If they don't exist we create the user with information from SharePoint and notify the user of their new account. There are several bits of information we look at, not just username, to try and autodiscover this.
Unfortunately, it looks as if there is still a bug in that match and when it happens you get the "you do not have access" error from the REST service.
To your second question: no, the username of the currently logged in user in SharePoint is used when posting from SharePoint not the admin. If that user does not have rights to post then the post will fail and in most cases where this information is know ahead of "post time" then the editor is not shown but rather a message urging them to register in CS.
thanks! ~ Leon
Thanks for the reply, I've been added to every SharePoint "owners" group we can find and I still get the error on the SharePoint page when I click Global Settings. However, another Admin is able to hit the page and configure it successfully.
Currently the CS2008 site is bare - there is only the admin user configured, and that is the user I configured the key from. When we try to add one of the webparts now we get an error:
CommunityServer ForumsUnable to add selected web part(s).
CommunityServer Forums: Cannot import this webpart. Please contact your site admin or Telligent Systems Customer Support.
...but I can add the Threads or Posts webpart.
QUESTION: The web parts have individual methods to configure the REST API, do we assume that if you leave this blank you're using the global config?
I added the Site Activity webpart and I can confirm that my accont and the other admin were added to CS, approved and are part of the Registered Users role. But when we click the link to open one of the forums we get a 404. I can't confirm that it's trying the correct forum ID when it attempts it's redirect - this is the url format it's spitting out:
https://portal2.foo.com/_layouts/spsredirect.aspx?oldUrl=https%3A%2F%2Fportal2%2Efoo%2Ecom%2Fps%2Fforums%2Easpx%3Fforumid%3D7
QUESTION: Does the CS site have to be HTTPS for this to work? I don't see the CS URL we configured in the redirect.
Brad Turner: CommunityServer Forums: Cannot import this webpart. Please contact your site admin or Telligent Systems Customer Support.
Is this a site where you can disable custom errors? in the web.config find the "SafeMode" element and swap the CallStack from "false" to "true" and swap Custom Errors from on to off and try again. That should give you a better message that may help me understand what's going on. If you're not signed into SharePoint with an account that also exists in CS then you may be getting an error that you can't see. Create an account in CS with the name of your SP (or AD) account minus the domain. (ref bug: http://dev.communityserver.com/forums/t/499607.aspx)
Brad Turner: QUESTION: The web parts have individual methods to configure the REST API, do we assume that if you leave this blank you're using the global config?
that's correct. That is if you'd like to "sticky" one specific part to a different CS instance than the one that is globally configured. It is only exposed to those with the rights to "Edit Shared" view in SP.
Brad Turner: QUESTION: Does the CS site have to be HTTPS for this to work? I don't see the CS URL we configured in the redirect.
no, it doesn't. the two environments have no dependencies except that CS is 2008 with REST enabled and SP is WSS 3.0 or higher.
lgersing:Is this a site where you can disable custom errors? in the web.config find the "SafeMode" element and swap the CallStack from "false" to "true" and swap Custom Errors from on to off and try again. That should give you a better message that may help me understand what's going on. If you're not signed into SharePoint with an account that also exists in CS then you may be getting an error that you can't see. Create an account in CS with the name of your SP (or AD) account minus the domain. (ref bug: http://dev.communityserver.com/forums/t/499607.aspx)
I made the change but no change in the amount of error detail I get back. BTW, this is MOSS 2007.
QUESTION: When the account is auto-created, can it be used to sign direclty in with or is it just for passthrough purposes? What is it storing as the password - the password hash from AD?
FYI: I had to be added to Site Collection Administrators in order to see the Global Settings page. Is there any documentation on what the activity list selection does? I see every list on the site displayed but I'm not sure I understand how this works. I added one, but not sure what it's doing...