PANVEGA’s Blog

DotNet Development, SharePoint Customizing, Silverlight, MS Infrastructure and other tips and tricks

Asccess Denied when accessing Webpart

Posted by PANVEGA on September 8, 2009

In various cases while developing custom web parts or controls for SharePoint we have to use the SPSecurity.RunWithElevatedPrivileges construct to execute some part of the code which needs elevated permissions or which cannot be run with the current user permissions. For example, updating a SPWeb object or SPList object needs elevated permissions.

If you are getting an unauhtorized access exception even after using this block then the reason could be as follows:

While using this construct: You cannot use the objects available through the Microsoft.SharePoint.SPContext.Current property. That is because those objects were created in the security context of the current user.

So the best practice for using the SPSecurity.RunWithElevatedPrivileges is to get the SPSite/SPWeb objects using the SPContext.Current and then create the SPSite and SPWeb objects seperately.

SPSite siteColl = SPContext.Current.Site;
SPWeb site = SPContext.Current.Web;
SPSecurity.RunWithElevatedPrivileges(delegate() {
  using (SPSite ElevatedsiteColl = new SPSite(siteColl.ID)) {
    using (SPWeb ElevatedSite = ElevatedsiteColl.OpenWeb(site.ID)) {
        //Code to execute
    }
  }
});

The above code is wrong, beceause the Contect is outside the delegate() privileges:

SPSecurity.RunWithElevatedPrivileges(delegate() {

 SPSite siteColl =    SPContext.Current.Site;
 SPWeb site = SPContext.Current.Web;
 //Code to execute

});

In SharePoint Portal Server 2003 you may have needed to impersonate a user with higher priveledges than the current user executing the code. You did this using WindowsIdentity.Impersonate() method.
In SharePoint 2007 and WSS V3 you have SPSecurity.RunWithElevatedPrivileges call.

Note: If you use the SPControl.GetContextSite(this.Context) within the SPSecurity.RunWithElevatedPrivileges call or have an variable defined before the call this will use the current user's rights and not the system's.
SPSecurity.RunWithElevatedPrivileges(delegate() {

using (SPSite site = SPControl.GetContextSite(this.Context))
 {

 // site will be based on the current user that executes this code

 }

});

You should use:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {

      // site will be based on the rights for the system account

    }

});

More information:

http://blogs.tamtam.nl/duarte/2008/12/09/SharepointUsingSPSecurityRunWithElevatedPrivilegesButStillPromptsAWindowLogin.aspx

http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges.aspx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: