Mea Culpa: Don’t use visible Features to deploy custom tasks

Monday, July 2, 2007 6:46 PM
Microsoft MVP Logo

My time for a mea culpa… but hey, at least I’m coming clean! Been meaning to post this for quite a while…

A while back I blogged about how to create custom tasks in WSS v3. In that post, and the subsequent article that provided more detail, I showed how you can use a WSS Feature to register the task upon activation… however I had a little oversight. The Feature was visible, meaning you could activate it from within the Site Settings » Site Collection Features page. Many tried to do this, but as you will see from the comments at the end of the article, ran into problems when they tried to activate the Feature. This is actually a good thing… because you shouldn’t be able to do this!

Why? When activated via the Web interface, the Feature is activated using the application pool identity, which doesn’t [and shouldn’t] have sufficient rights to the farm’s configuration DB where the specific stored procedure resides that is called when you register a job. So what was everyone’s fix? Grant it rights… ooo… that’s not good! What I should have done was make that feature non-visible and force you to be logged in with an account that has sufficient rights to the farm’s configuration DB when activating the Feature. A small oversight, but one that confused quite a few people.

The code in the post and article have since been updated for future hits.

comments powered by Disqus