logo标签列表

我如何通过PowerShell设置SharePoint托管应用程序的权限?

powershellsharepointsharepoint-2013
5
我正在使用Import-SPAppPackageInstall-SPApp部署应用程序。我想使用Set-AppPrincipalPermission设置权限,但我无法让它正常工作。
我正在使用PowerShell cmdlets Import-SPAppPackageInstall-SPApp将SharePoint托管的应用程序上传到SharePoint。对于不需要额外权限的SharePoint托管应用程序,这很好用。
然而,一个应用程序需要读取站点的权限,所以在清单中声明了这个权限。当通过Visual Studio运行时,第一次启动时,它会正确地要求信任该应用程序以获取站点的读取权限。
当我通过PowerShell添加此应用程序时,它没有机会询问。安装继续进行,但是然后应用程序不起作用。(它因权限问题而失败,这绝对是正确的行为,因为尚未授予权限。)
我可以通过转到网站内容,单击有问题的应用程序的'...',选择'Permissions',然后单击'If there's something wrong with the app's permissions, click here to trust it again'.链接来修复权限。
但我真的希望能够通过PowerShell完成整个部署。 Set-AppPrincipalPermission cmdlet 应该允许我设置权限,但我无法使其正常工作。具体来说,我无法获得在部署应用程序时自动创建的应用程序主体的句柄,因此我无法将此应用程序主体传递给Set-AppPrincipalPermission
应用程序主体的名称采用'i:0i.t|ms.sp.int|@'的形式,并且列在/_layouts/15/appprincipals.aspx上。当我使用Get-SPAppPrincipal与它一起使用时,我得到的是:
Get-SPAppPrincipal : The app principal could not be found.

我没有看到任何有关在SharePoint托管应用中使用Get-SPAppPrincipal的示例 - 它们似乎都是针对提供程序托管应用的。它们似乎只是使用从客户端ID和域ID构建的应用程序主体ID,但我的SharePoint托管应用程序没有客户端ID。

是否可以获取SharePoint托管应用程序的应用程序主体,并使用它通过PowerShell设置权限? 我是否做错了什么,或者是否有其他方法?

3个回答
3

我曾经和你一样遇到了同样的问题,最终在以下两个博客中找到了答案:

带有良好安装、更新和删除脚本的博客

这是一篇关于如何通过PowerShell“按下”“信任此应用程序”按钮的好文章 链接

因为我知道像我这样的懒惰的程序员有多懒,所以请随意使用这个合并脚本来安装应用程序:

    param
(
    [string]$Web = $(throw '- Need a SharePoint web site URL (e.g. "http://portal.contoso.com/")'),
[string]$Source = "ObjectModel"
)

Write-Host -ForegroundColor White "-------------------"
Write-Host -ForegroundColor White "| App Installer |"
Write-Host -ForegroundColor White "-------------------"
Write-Host -ForegroundColor White "- "

#Global vars
$AppPackageName = "App.app";

#Loads powershell settings
Write-Host -ForegroundColor White "- Load Powershell context.."
$0 = $myInvocation.MyCommand.Definition
$dp0 = [System.IO.Path]::GetDirectoryName($0)

#Loads the SharePoint snapin
Write-Host -ForegroundColor White "- Load SharePoint context.."
$ver = $host | select version
if ($ver.Version.Major -gt 1) {$host.Runspace.ThreadOptions = "ReuseThread"} 
if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin "Microsoft.SharePoint.PowerShell";
}
[void][System.Reflection.Assembly]::Load("Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") 

#Imports the App package
Write-Host -ForegroundColor White "- Import app package '$AppPackageName'..."
$appPath = "C:\Projects\App\App\bin\Debug\app.publish\1.0.0.0" + "\" + $AppPackageName;
if ($Source.Equals("ObjectModel", [System.StringComparison]::InvariantCultureIgnoreCase)) {
$sourceApp = ([microsoft.sharepoint.administration.spappsource]::ObjectModel);
}
elseif ($Source.Equals("Marketplace", [System.StringComparison]::InvariantCultureIgnoreCase)) {
$sourceApp = ([microsoft.sharepoint.administration.spappsource]::Marketplace);
}
elseif ($Source.Equals("CorporateCatalog", [System.StringComparison]::InvariantCultureIgnoreCase)) {
$sourceApp = ([microsoft.sharepoint.administration.spappsource]::CorporateCatalog);
}
elseif ($Source.Equals("DeveloperSite", [System.StringComparison]::InvariantCultureIgnoreCase)) {
$sourceApp = ([microsoft.sharepoint.administration.spappsource]::DeveloperSite);
}
elseif ($Source.Equals("RemoteObjectModel", [System.StringComparison]::InvariantCultureIgnoreCase)) {
$sourceApp = ([microsoft.sharepoint.administration.spappsource]::RemoteObjectModel);
}

$spapp = Import-SPAppPackage -Path "$appPath" -Site $Web -Source $sourceApp -Confirm:$false -ErrorAction SilentlyContinue -ErrorVariable err;
if ($err -or ($spapp -eq $null)) 
{
Write-Host -ForegroundColor Yellow "- An error occured during app import !"
throw $err;
}
Write-Host -ForegroundColor White "- Package imported with success."

#Installs the App
Write-Host -ForegroundColor White "- Install the APP in web site..."
$app = Install-SPApp -Web $Web -Identity $spapp -Confirm:$false -ErrorAction SilentlyContinue -ErrorVariable err;
if ($err -or ($app -eq $null)) {
Write-Host -ForegroundColor Yellow "- An error occured during app installation !"
throw $err;
}
$AppName = $app.Title;
Write-Host -ForegroundColor White "- App '$AppName' registered, please wait during installation..."
$appInstance = Get-SPAppInstance -Web $Web | where-object {$_.Title -eq $AppName};
$counter = 1;
$maximum = 150;
$sleeptime = 2;

Write-Host -ForegroundColor White "- Please wait..." -NoNewline;

$url = "$($Web)_layouts/15/appinv.aspx?AppInstanceId={$($appInstance.Id)}"
$ie = New-Object -com internetexplorer.application
try
{
    $ie.visible=$true
    $ie.navigate2($url)
    while ($ie.busy)
    {
        sleep -milliseconds 60
    }
    $trustButton = $ie.Document.getElementById("ctl00_PlaceHolderMain_BtnAllow")         
    $trustButton.click() 
    sleep -Seconds 1
    Write-Host "App was trusted successfully!"
}
catch
{
    throw ("Error Trusting App");
}

while (($appInstance.Status -eq ([Microsoft.SharePoint.Administration.SPAppInstanceStatus]::Installing)) -and ($counter -lt $maximum))
{
Write-Host -ForegroundColor White "." -NoNewline;
sleep $sleeptime;
$counter++;
$appInstance = Get-SPAppInstance -Web $Web | where-object {$_.Title -eq $AppName} 
}

Write-Host -ForegroundColor White ".";

if ($appInstance.Status -eq [Microsoft.SharePoint.Administration.SPAppInstanceStatus]::Installed) {
Write-Host -ForegroundColor White "- The App was successfully installed.";
$appUrl = $appInstance.AppWebFullUrl;
Write-Host -ForegroundColor White "- The App is now available at '$appUrl'.";
Write-Host -ForegroundColor White  "- (Don't forget to add app host name in your host file if necessary...).";
Write-Host -ForegroundColor White "- "
}
else {
Write-Host -ForegroundColor Yellow "- An unknown error has occured during app installation. Read SharePoint log for more information.";
}
非常有用 - 非常感谢!我确实觉得必须自动化IE来完成这项工作的想法有点可怕,但我很高兴至少有可能做到(而且我很高兴我没有错过一个简单的解决方案)。 - Geoff Taylor
我对IE也有同样的想法。但是它确实有效。需要考虑的一件事是,在这个例子中,它在信任应用程序后没有关闭IE。在博客文章中有一个IE.Quit。这在我的机器上不起作用,所以我将其删除了。 - Markus S
1

找到了一种不用IE的方法。

基本上只需要使用PowerShell调用SPAppPrincipalPermissionsManager.AddAppPrincipalToWeb即可。

$rootUrl = "https://ur-sp.com"
$urlSiteName = "ur-site"
$web = Get-SPWeb "$rootUrl/$urlSiteName"
$appPrincipalManager = [Microsoft.SharePoint.SPAppPrincipalManager]::GetManager($web)
$applicationEndPointAuthorities = new-object System.Collections.Generic.List[string]
$applicationEndPointAuthorities.Add("$rootUrl/$urlSiteName");
$symmetricKey = New-Object System.Security.SecureString;
$datetimeNow = [System.DateTime]::Now
$credential = [Microsoft.SharePoint.SPAppPrincipalCredential]::CreateFromSymmetricKey($symmetricKey,$datetimeNow,$datetimeNow)
$creationParameters =New-Object Microsoft.SharePoint.SPExternalAppPrincipalCreationParameters($appid,$appFriendlyName,$applicationEndPointAuthorities,$credential)

$appPrincipal = $appPrincipalManager.CreateAppPrincipal($creationParameters)

$appPrincipalPermissionsManager = New-Object -TypeName 
Microsoft.SharePoint.SPAppPrincipalPermissionsManager -ArgumentList $web

$r = $appPrincipalPermissionsManager.AddAppPrincipalToWeb($appPrincipal, 3)

3是SPAppPrincipalPermissionKind枚举的一种,我认为它的值并不重要。

0

这将通过PowerShell完成完全信任部分:

$targetWeb = Get-SPSite "http://dev.my.com"
$clientID = "82ea34fc-31ba-4e93-b89a-aa41b023fa7e"

$authRealm = Get-SPAuthenticationRealm -ServiceContext $targetWeb 
$AppIdentifier = $clientID + "@" + $authRealm 
$appPrincipal = Get-SPAppPrincipal -Site $targetWeb.RootWeb -NameIdentifier $AppIdentifier 

Set-SPAppPrincipalPermission -Site $targetWeb.RootWeb -AppPrincipal $appPrincipal -Scope SiteCollection -Right FullControl

更多信息请参见: http://lixuan0125.wordpress.com/2013/11/18/register-and-install-app-through-powershell/

对我不起作用。找不到应用程序主体。我尝试通过Register-SPAppPrincipal添加,但这会在标识符中创建一个带有“ms.sp.ext”的主体。但显然我们需要“ms.sp.int”,这是通过浏览器UI允许应用程序时获得的。 - Heinrich Ulbricht
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接