Skip to main content

Access denied within SPSecurity.RunWithElevatedPrivileges


Normally we will use  SPSecurity.RunWithElevatedPrivileges() to execute some code that has to be run under some higher privileges.

Whenever we use SPSecurity.RunWithElevatedPrivileges(), it will execute the code under the context of Application Pool identity. Now we can see a scenario where we will get the “Access denied” exception from the code block even if you use SPSecurity.RunWithElevatedPrivileges.

This was the code snippet that I have used initially inside a custom webpart to read XML content from of an InfoPath form which was uploaded in a document library. This code will throw an “Access denied” exception while calling the OpenBinaryStream() method whenever I execute it through an Anonymous user account.

SPSecurity.RunWithElevatedPrivileges(delegate()
 {
      SPWeb oWeb = SPContext.Current.Web;
      SPList oList = oWeb.Lists["TestList"];

 });

Here the problem was, whenever we take the SPWeb instance using  
SPWeb oWeb = SPContext.Current.Web;, then SPWeb instance still running under anonymous account only , because we are taking it through the current web context in which the current user is running under anonymous account (IUSR_MachineName). That was the reason that we got that “Access Denied” exception. We need to remember this point all time whenever we use RunWithElevatedPrivileges under the web context.

So what we need to that, we have to take the current context outside the SPSecurity.RunWithElevatedPrivileges block and then create a new instance of SPSite and SPWeb inside the that block which will run under application pool identity.
         
SPWeb oWeb1 = SPContext.Current.Web; // taking the current SPWeb context running under the anonymous account
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite oSite = new SPSite(oWeb1.Site.Url))
                {
                    // creating a new SPSite running under Application pool idenity
                    using (SPWeb oWeb = oSite.OpenWeb())
                    {

                        SPList oList = oWeb.Lists["TestList"];

                    }
                }

            });
The above code will work fine. So, please do not forget to create a new instance of SPSite and SPWeb inside SPSecurity.RunWithElevatedPrivileges,while using it in a web context.   



Labels:

Comments

Post a Comment

Popular posts from this blog

How to get SPUser or SPGroup from Person or Group field

You have person or group field in SharePoint list and you want to programmatically get the user or person. The below code to gets SPUser from User or Group field in the list when multiple choice and Groups are not allowed in the field: //get SPUser SPFieldUser userField = (SPFieldUser)item.Fields.GetField("Users"); SPFieldUserValue userFieldValue = (SPFieldUserValue)userField.GetFieldValue(item["Users"].ToString()); SPUser user = userFieldValue.User; This part of code would help you to get SPUser when multiple choice is allowed and groups are not allowed: //Multiple choices are allowed SPFieldUser userField = (SPFieldUser)item.Fields.GetField("Users"); SPFieldUserValueCollection userFieldValueCollection = (SPFieldUserValueCollection)userField.GetFieldValue(item["Users"].ToString()); foreach (SPFieldUserValue userFieldValue in userFieldValueCollection) {     Console.WriteLine("     " + userFieldValue.User.LoginName); } And when group
1 comment
Read more

SharePoint publishing page scheduling

In SharePoint 2010 publishing enabled team site collection is not showing schedule button in publish ribbon. Solution: Here is how to enable it  though the UI: Locate the SharePoint Server Web site on which you want to enable content approval and item scheduling. Click  Site Actions , click  Site Settings , and then click  Modify Pages Library Settings . Under  General Settings , click  Versioning Settings . Click  Yes  next to  Content Approval , and then click  OK . Click  Manage item scheduling .   Click to enable the  Enable scheduling of items in this list  check box, and then click  OK .
2 comments
Read more

Changing Content Type Hub URL

Change the Hub URL through powershell by using: Set-SPMetadataServiceApplication -Identity " " -HubURI " " For Ex: Set-SPMetadataServiceApplication -Identity "Managed Metadata Service" -HubURI "http://contenttype.Domain.Com" When you try to do this you get this rather scary message: This is SharePoint telling you that this is a major thing so be careful! Essentially all your content types that you have published out will be removed if they can, and you have to republish all of your content types out again which can cause some issue.
2 comments
Read more