Jump to content

Add/Delete/Update Folder Permissions through API/WinAPI


Mordecai
 Share

Recommended Posts

Hi,

 

i am currently trying to set, update or delete folder permissions through the api and winapi. The connection is working properly and if i forget to add any Apply* property or the folder is not manually managed i am getting the appropriate error message from the api.
But if all properties are given and correct i only get the default error page as response from the api. I have tested all ApplyPermissionsFor* with no success. 

My user has admin permissions to the folder, manually adding Administrator permissions for group/user is working. The ErrorConsole does not show up any new errors.


Can someone/support please test that behavior? Is the folderpermissions api method working?

Example Test Code from the official API Documentation (Change: FolderID, PasswordStateURL and ApplyPermissionsForSecurityGroupName):
 

$PasswordStateURL = 'https://passwordstate/winapi'

$jsonData = '
{
    "FolderID":"253",
    "Permission":"A",
    "ApplyPermissionsForSecurityGroupName":"LG_PasswordState_Security_Admins"
}
'

$result = Invoke-Restmethod -Method Post -Uri $PasswordstateURL'/folderpermissions' -ContentType "application/json" -Body $jsonData -UseDefaultCredentials

 

Verbose: 

VERBOSE: POST https://passwordstate/winapi/folderpermissions with 127-byte payload
VERBOSE: received 19365-byte response of content type text/html
VERBOSE: Content encoding: utf-8

ErrorPage Response: generalerror.aspx?aspxerrorpath=/winapi/folderpermissions

Thanks,

 

René

Link to comment
Share on other sites

Hi Rene,

I just tested this and it works fine in our environments. If a folder is not manually managed, you should get a response that says "Folder of ID 6617 is not configured to have its permissions managed manually...." - do you not see that message either?

Maybe contact us via our support page so you can share your script with us? Are you able to get any error information at all with the response?

Regards

Click Studios

Link to comment
Share on other sites

Hi,

 

thanks for your reply.
The folder is already configured to manage it's permissions manually. My user (the user that is also using the api in my example) has admin permissions on this folder.

 

Quote

Maybe contact us via our support page so you can share your script with us?

 

I am using your example from the api documentation, the full "script" is in my first post.

 

Quote

Are you able to get any error information at all with the response?

 

As already mentioned in my first post, i get valid error messages, see below examples.


Here are two screenshots:
folder_settings.png.47255e9fe649fea0f9fb2540e8b700c5.png

folder_permissions.thumb.png.3a910eb21ae7cea084668cf59d474236.png

 

If i am using the wrong parameters, i am getting valid error messages.


Example of WRONG parameters and VALID error message:

[{"errors":[{"message":"Forbidden"},{"phrase":"You have not specified if permissions are being applied for a User Account or Security group for the Folder."}]}]

If i set the folder to "  This Folder is inheriting permissions from all nested Folders and Password Lists." i also get valid error messages from the api, so the api method in general is working:

Example of valid error message:

[{"errors":[{"message":"Forbidden"},{"phrase":"Folder of ID 253 is not configured to have its permissions managed manually, so you are unable to manually apply permissions to it."}]}]

If i only add Permission and FolderID, i also get an approriate error message:
 

[{"errors":[{"message":"Forbidden"},{"phrase":"You have not specified if permissions are being applied for a User Account or Security group for the Folder."}]}]

EDIT:

I have the same problem for the password list permissions and password permissions api method (passwordlistpermissions & passwordpermissions).
I have no problem with all the other api methods.

Edited by Mordecai
Edited to specify that my problem also exists with other *permissions api methods.
Link to comment
Share on other sites

@All

 

Is there anybody here with a different environment who can please test this for a moment? Not that it is because of my environment, although I honestly don't know what it is about. (I have a test and production environment, same problems on both environments)

 

Example Test Code from the official API Documentation (Change: FolderID, PasswordStateURL and ApplyPermissionsForSecurityGroupName):
 

$PasswordStateURL = 'https://passwordstate/winapi'

$jsonData = '
{
    "FolderID":"253",
    "Permission":"A",
    "ApplyPermissionsForSecurityGroupName":"LG_PasswordState_Security_Admins"
}
'

$result = Invoke-Restmethod -Method Post -Uri $PasswordstateURL'/folderpermissions' -ContentType "application/json" -Body $jsonData -UseDefaultCredentials

 

You could also use try to use ApplyPermissionsForSecurityGroupID and ApplyPermissionsForUserID, same behavior for me.

Thanks

Link to comment
Share on other sites

@support Someone else tested this yesterday and in his environment it is working fine. So the problem seems to exist only in my current environment. I have opened a support request (id=20203312060517)
Every time i try to access the *permissions api methods (f.e. /winapi/folderpermissions) i get an unknown exception from the w3wp.exe. 

Using the following example Test Code from the official API Documentation (Change: FolderID, PasswordStateURL and ApplyPermissionsForSecurityGroupName):
 

$PasswordStateURL = 'https://passwordstate/winapi'

$jsonData = '
{
    "FolderID":"253",
    "Permission":"A",
    "ApplyPermissionsForSecurityGroupName":"LG_PasswordState_Security_Admins"
}
'

$result = Invoke-Restmethod -Method Post -Uri $PasswordstateURL'/folderpermissions' -ContentType "application/json" -Body $jsonData -UseDefaultCredentials

Same behaviour with ApplyPermissionsForSecurityGroupID and ApplyPermissionsForUserID.

 

 

Error:

Translated 'Event message': An unhandled exception has occurred.
Translated 'Exception message': The input string has the wrong format.
Translated 'Thread Account Name': NT AUTHORITY\NETWORK SERVICE

Source: ASP.NET 4.0.30319.0


Event code: 3005 
Event message: Es ist eine unbehandelte Ausnahme aufgetreten. 
Event time: 12.05.2020 11:26:39 
Event time (UTC): 12.05.2020 09:26:39 
Event ID: f5f70f8b1d5e465fa67d16857e986904 
Event sequence: 1320 
Event occurrence: 79 
Event detail code: 0 
 
Application information: 
    Application domain: /LM/W3SVC/2/ROOT/WinAPI-4-132322076194075323 
    Trust level: Full 
    Application Virtual Path: /WinAPI 
    Application Path: d:\inetpub\Passwordstate\winapi\ 
    Machine name: hostname
 
Process information: 
    Process ID: 2968 
    Process name: w3wp.exe 
    Account name: NT-AUTORITÄT\Netzwerkdienst 
 
Exception information: 
    Exception type: FormatException 
    Exception message: Die Eingabezeichenfolge hat das falsche Format.
   bei Microsoft.VisualBasic.CompilerServices.Conversions.ParseDouble(String Value, NumberFormatInfo NumberFormat)
   bei Microsoft.VisualBasic.CompilerServices.Conversions.ToDouble(String Value, NumberFormatInfo NumberFormat)

 
 
Request information: 
    Request URL: https://passwordstate.domain.local:443/winapi/folderpermissions 
    Request path: /winapi/folderpermissions 
    User host address: x.x.x.x 
    User: domain\user
    Is authenticated: True 
    Authentication Type: Negotiate 
    Thread account name: NT-AUTORITÄT\Netzwerkdienst 
 
Thread information: 
    Thread ID: 81 
    Thread account name: NT-AUTORITÄT\Netzwerkdienst 
    Is impersonating: False 
    Stack trace:    bei Microsoft.VisualBasic.CompilerServices.Conversions.ParseDouble(String Value, NumberFormatInfo NumberFormat)
   bei Microsoft.VisualBasic.CompilerServices.Conversions.ToDouble(String Value, NumberFormatInfo NumberFormat)
 
 
Custom event details: 

 

Link to comment
Share on other sites

  • 2 weeks later...

Hi @support and All,

 

with the latest release 8925 the problem is fixed now: Made same changes to attempt to resolve an inconsistent issue of Permission methods in the API failing since upgrading to build 8903

 

Thanks to the great support team and the quick resolution of the problem.
The functions for interacting with the permission api methods are now working and part of the PasswordState-Management powershell module.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...