Tuesday, September 30, 2008

Disabling Impersonation Without Breaking Search Crawler

A common workaround for authentication issues on some SP apps is to disable impersonation in the Web.config file corresponding to the SP app's IIS site. Unfortunately, doing so makes the site inaccessible to the search crawler.

However, iamabadprogrammer has written a post describing a way to disable impersonation without disabling or breaking the search crawler. Here's how I made this work:
  1. In Central Administration, go to Application Management > Create or Extend Web Application > Extend Web Application
  2. Use the Web Application box to select the SP App that needs to have impersonation disabled and search enabled.
  3. Fill out the rest of the settings to your liking. Remember that the new IIS site you are creating need not be accessible by your users. Also remember to make this site not conflict with any existing sites (which can easily be achieved by using the randomly-generated port number).
  4. Jot down what's in the URL box under "Load Balanced URL". You'll need it later.
The crawler has a path to search, so let's now tell it to search the searchable IIS site and not the user-friendly site.
  1. Go to the admin portal for the SharedServices corresponding with the SP app.
  2. Click on Search Settings > Content Sources and Crawl Schedules
  3. Click on whatever content source that includes the SP app.
  4. In the Start Addresses box, replace the line(s) corresponding with the user-friendly IIS site with equivalent line(s) found on the new Searchable IIS site.
  5. Set the other settings as you like and click OK.
Now the search crawler should indeed successfully crawl the SP application, but search itself will yield no results! Why? Because, when you search "in this site", you are searching for things found under the site the user is actually using, whereas the crawler found things under the other site. Same content, different access paths.

So we need a way to tell the search engine that everything at the searchable site is really something at the user-friendly site. We do this with Server Name Mappings:
  1. Go to the admin portal for the SharedServices corresponding with the SP app.
  2. Go to Search Settings > Server Name Mappings > New Mapping
  3. In the "Address in index:" blank, input the address of the searchable IIS site (e.g. http://myServer:12345/)--i.e., the "Load Balanced URL" you wrote down earlier.
  4. In the "Address in search results" blank, input the address of the user-friendly IIS site (e.g. http://myServer:80/ or https://www.MyBuisnessPortal.org/). This would be the "Load Balanced URL" of the user-friendly site.
Please respond with any comments, corrections, or questions you may have.

No comments: