Strange access denied in publishing sites

Recently one of my clients had some strange behavior on their production farm. Team sites no worries, but when they started using publishing sites things went bad. Suddenly unexpected access denieds were showing up, even users with full control webapp rights were not able to access the site. Mostly when checking out pages, or changing the navigation settings.

Luckily we got a helpful hint: we should review the super user full control and super user read accounts for the object cache, as described on the following page:

http://technet.microsoft.com/en-us/library/ff758656(v=office.15).aspx

By default the users are as follows:

  • Super User Full Control: the site’s System Account;
  • Super User Read: NT Authority\Local Service.

In a claims authentication application, this default Super User Read cannot be resolved, which automatically leads to an access denied for the object cache.

Solution:

As described in the page above. You can also use this excellent script of Stef van Hooijdonk dating back from 2010, available via:

http://www.sharepoint2010blog.nl/2010/07/07/Claims+Based+Authentication+And+The+PublishingCache.aspx

Reacties

Een reactie posten

Populaire posts van deze blog

Exploring advanced DOM interop with Blazor WebAssembly

Afbeelding
With the establishment of WebAssembly in the browser space, JavaScript is not the only option anymore to run code in the browser. You can start building your modern web applications in any language of choice. Recently Microsoft has released the first version of Blazor WebAssembly. It enables you as a .NET developer to run .NET code through WebAssembly. Blazor also comes with a websocket based server model. You can check out Blazor on Microsoft Docs: https://docs.microsoft.com/en-us/aspnet/core/blazor I have been building a couple of Blazor experiments myself, of which the following two stand out: Real-time Blazor server web app. I have added a second SignalR hub to this app in order to communicate signals from one Blazor session to another. [ Blogged ] [ Source code ] [ Try it online ] Deep zoom (perturbation based!) Mandelbrot with Blazor Source code . If I find time I will blog about all my adventures to getting this deep zoom Mandelbrot to work! Try it online It was the latt...
Meer lezen

Extend Azure DevOps with Azure Functions

Afbeelding
With Azure DevOps, Microsoft provides a rich platform for building your continuous integration and continuous delivery (CI/CD) workflows. Refer to https://azure.microsoft.com/en-us/services/devops/ Our CI/CD design Lately we came up with the following CI/CD design: Notice the following features: When a feature branch is created, an app service slot is created and the feature workload is deployed to this slot; When a feature is merged with master, the slot gets removed and the master workload gets deployed to the production slot. Learn more about Azure App Services and its deployment slot feature here: https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots Implementation In order to learn how to set up the above workflow you can read the following excellent blog post of Lucas Caljé: https://levelup.gitconnected.com/manage-appservice-slots-with-azure-yaml-pipelines-3fb2a2e5da9a Interestingly, Lucas' solution does not require any external integratio...
Meer lezen

Azure Custom Role Definitions and Assignment Scopes

Afbeelding
Working with custom Role Definitions in Azure can be a funny thing. Interestingly, when reviewing the Azure Active Directory user interface in Azure Portal you will not find a way to query all available role definitions. If you query the Roles and Administrators view you will only see administrator roles: With a PowerShell cmdlet you are able to list all. Get-AzRoleDefinition | select name | sort name | ft results in something like the following: Name ---- AcrDelete AcrImageSigner AcrPull AcrPush AcrQuarantineReader AcrQuarantineWriter API Management Service Contributor API Management Service Operator Role API Management Service Reader Role App Configuration Data Owner ... But are these really all the role definitions out there? Obviously not! This list is scoped to the subscription you are currently targeting with your current Azure Context. In order for you to try out yourself, just create a couple of role definitions with various assignment scopes. Assuming you have owne...
Meer lezen