Microsoft KB Archive/934577

= Sites that require forms-based authentication or cookie-based authentication are not crawled in SharePoint Server 2007 =

Article ID: 934577

Article Last Modified on 11/28/2007

-

APPLIES TO


 * Microsoft Office SharePoint Server 2007
 * Microsoft Office SharePoint Server 2007 for Search (Enterprise Edition)
 * Microsoft Office SharePoint Server 2007 for Search (Standard Edition)

-



SYMPTOMS
Microsoft Office SharePoint Server 2007 or Microsoft Office SharePoint Server 2007 for Search is directed to crawl content that is saved on sites that require forms-based authentication or cookie-based authentication. However, only the logon page of a site is crawled.

Note This problem does not apply to content that is saved on a SharePoint Server 2007 site or on a Windows SharePoint Services 3.0 site. For these sites, you must configure the Web application default zone to use NTLM authentication to index the sites. For more information, visit the following Microsoft Web site:

http://technet2.microsoft.com/windowsserver/WSS/en/library/378c4673-0814-4255-a79c-7c4b6a4732a51033.mspx



RESOLUTION
To resolve this problem, apply the hotfix package, use the AddRule.exe command-line tool to add a crawl rule, and then crawl the sites.

For more information about the AddRule.exe command-line tool, see the &quot;More Information&quot; section.

How to obtain the hotfix
This problem is fixed in a Microsoft Office SharePoint Services hotfix package.

For more information about the SharePoint Server 2007 hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:

939077 Description of the SharePoint Server 2007 hotfix package for SharePoint Server 2007 and for SharePoint Server 2007 for Search: June 24, 2007



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
To enable the crawling of sites that require forms-based authentication or cookie-based authentication, use the AddRule.exe command-line tool after you apply this hotfix. To obtain the AddRule.exe command-line tool, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D5090BC4-5B4F-411B-8CDE-E37D33F7EFDF

Command-line use


You may receive the following error messages if the XML file is malformed.  If there is no  tag, you receive the following error message:

Syntax error: [rules] element not found as the only node at the root.

 If a required node is missing in the XML file, you receive the following error message:

Syntax error: element unexpected.

 If a node in the XML file is incorrectly duplicated, you receive the following error message:

Syntax error: element already exists for the current rule

 If the type is not &quot;FORM&quot; or &quot;COOKIE,&quot; you receive the following error message:

Syntax error: unrecognized value for the element

 If the login_type is not &quot;POST,&quot; you receive the following error message:

Syntax error: unrecognized value for the <login_type> element

Note If the administrator reruns this command by using another input file and then finds that the path is identical to an existing rule, the command will modify the rule.</li></ul>

Crawl rules object model
The CrawlRuleAuthenticationType enumeration includes the following new values:
 * FormsRuleAccess = 4
 * CookieRuleAccess = 5

The SetCredentials method in the crawl rules object model is overloaded with two new implementations.

The forms-based authentication rule takes the following input parameters in the following order:
 * type::CrawlRuleAuthenticationType: This will be FormsRuleAccess.
 * AuthSubmissionMethod::String: This will be &quot;POST.&quot;
 * AuthSubmissionPath::String: This is the URL in which the parameters should be posted.
 * authData::NameValueCollection: This is where the hidden name value pairs are stored.
 * privateAuthData:: NameValueCollection: This is where the encrypted name value pairs such as user names and passwords are stored.
 * errorPages::StringCollection: This will store the various error pages that would indicate to the crawler to refetch a cookie or to fail the URL with an &quot;Access Denied&quot; error message.

The cookie-based authentication rule takes the following input parameters in the following order:
 * type::CrawlRuleAuthenticationType: This will be CookieRuleAccess.
 * cookies::StringCollection: This will store the cookies that the crawler should use.
 * errorPages::StringCollection: This will store the various error pages that would indicate to the crawler to fail the URL with an &quot;Access Denied&quot; error message.

Note The encryption of the name value pairs and of the cookies is performed by using the same mechanism that is currently available.

Custom security trimming for Enterprise Search results
After the content that is stored on sites that require forms-based authentication or cookie-based authentication is crawled by the indexer, the content search results are returned for all users regardless of the users' credentials. If you have to security trim this content, refer to the &quot;Custom Security Trimming for Enterprise Search Results Overview&quot; topic. To view this topic, visit the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/aa981236.aspx

Additional query words: moss2007 moss2k7 moss12

Keywords: kberrmsg kbbug kbfix kbqfe kbpubtypekc kbexpertiseinter kbhotfixserver kbmoss2007postrtmfix KB934577

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.