locked
Problem with SPSecurity.RunWithElevatedPrivileges RRS feed

  • Question

  • Hi all,

    I am facing a problem where SPSecurity.RunWithElevatedPrivileges is not behaving the way it should. 

    Consider this code:

    public SPFieldUserValue GetEnsureUser(string userName, SPWeb spweb)
            {
                try
                {
                    _objSPWeb = spweb;
                    _userName = userName;
                    bool originalCatchValue = SPSecurity.CatchAccessDeniedException;
                    SPSecurity.CatchAccessDeniedException = false;
                    try
                    {
                        SPUser user = default(SPUser);
                        SPFieldUserValue userValue = default(SPFieldUserValue);
    
                        SPSecurity.RunWithElevatedPrivileges(delegate()
                        {
                            
                            spweb =  SPContext.Current.Web;
                            spweb.AllowUnsafeUpdates = true;
                            user = spweb.EnsureUser(GetLoginName(userName));
                            
                            spweb.AllowUnsafeUpdates = false;
                            
                            userValue = new SPFieldUserValue(spweb, user.ID, userName);
                        });
    
    
                        _userValue = userValue;
                    }
                    catch (Exception ex)
                    {
                        ErrorLogger.LogErrors(ex);
                        
                    }
                    finally { SPSecurity.CatchAccessDeniedException = originalCatchValue; }
    
                    return _userValue;
                }
                catch (Exception ex)
                {
                    return _userValue;
                }
            }

    Here whenever the userName is not found and it tries to add into spweb, it throws me this exception:

    System.UnauthorizedAccessException was unhandled by user code
      Message="Attempted to perform an unauthorized operation."
      Source="Microsoft.SharePoint"
      StackTrace:
           at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex)
           at Microsoft.SharePoint.SPWeb.EnsureUser(String loginName)
           at mDart.ScheduleProjectSQA.<>c__DisplayClass3.<GetEnsureUser>b__0()
           at Microsoft.SharePoint.SPSecurity.CodeToRunElevatedWrapper(Object state)
           at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<RunWithElevatedPrivileges>b__2()
           at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)

    Any clue why?

    Friday, February 24, 2012 5:31 AM

Answers

  • You should create the SPWeb object within the Elevated privileges block, you shouldn't get the object from SPContext.

    So, instead of this statement 'spWeb = SPContext.Current.Web' try to create a object

    SPSite site = new SPSite();

    SPWeb spWeb = site.OpenWeb();

    and use this spWeb to call EnsureUser method.

    Hope this should work.


    Ram Prasad Meenavalli | MCTS SharePoint 2010 | MCPD SharePoint 2010

    Monday, February 27, 2012 4:37 AM

All replies

  • You should create the SPWeb object within the Elevated privileges block, you shouldn't get the object from SPContext.

    So, instead of this statement 'spWeb = SPContext.Current.Web' try to create a object

    SPSite site = new SPSite();

    SPWeb spWeb = site.OpenWeb();

    and use this spWeb to call EnsureUser method.

    Hope this should work.


    Ram Prasad Meenavalli | MCTS SharePoint 2010 | MCPD SharePoint 2010

    Monday, February 27, 2012 4:37 AM
  • Dear Mavericksxxx ,

    You have to create the SPWeb obj in RunWithElevatedPrivileges delegate, and your problem will get solved.

    SPSecurity.RunWithElevatedPrivileges(delegate()
    {
        using (SPSite site = new SPSite(web.Site.ID))
        {
          // site will be based on the rights for the system account
        }
    });

    for more info in same, please check the syntax and example on below URL.

    http://parandekar.blogspot.in/2011/05/running-spsecurityrunwithelevatedprivil.html

    Sandeep Parandekar http://www.parandekar.blogspot.com


    Tuesday, February 28, 2012 7:44 AM
  • This is not correct usage of "SPSecurity.RunWithElevatedPrivileges". Check this out when and how to use the SPSecurity.RunWithElevatedPrivileges block:

    http://extreme-sharepoint.com/2012/05/30/impersonation-elevation-of-privileges/


    amitkumawat2025

    Sunday, June 3, 2012 2:31 PM