Access Denied when access another site collection properties
-
06-10-2020 - |
سؤال
I have two site collections:
http://company
- this is main portalhttp://company:200
- this is personal sites.
On a personal sites collection, in its root web properties we stores Guid
of main portal site collection: personalWeb.Properties[MainPortalGuid]
.
On a main site, also in web.Properties
we had stored some specific info: mainWeb.Properties[SomeInfo]
Being in Personal sites collection, I need to access this specific info, and I always get "Access denied" exception when trying to read main site properties. I'm acting that way:
Guid portalGuid = new Guid();
SPServiceContext serviceContext = SPServiceContext.GetContext(SPContext.Current.Site);
UserProfileManager upm = new UserProfileManager(serviceContext);
string pesonalSitesUrl = upm.MySiteHostUrl;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite personalSite = new SPSite(pesonalSitesUrl))
{
using (SPWeb personalWeb = personalSite.RootWeb)
{
string guid = personalWeb.Properties[MainPortalGuid];
portalGuid = new Guid(guid);
}
}
using (SPSite secureSite = new SPSite(portalGuid))
{
using (SPWeb secureWeb = secureSite.RootWeb))
{
// And this line throws "access denied" exception:
if (secureWeb.Properties.ContainsKey(CommonConsts.RssKeyCommon))
{
someInfo = secureWeb.Properties[SomeInfo];
}
}
}
});
I'm creating new SPSite/SPWeb objects
in RunWithElevatedPrivileges
delegate. All Guids and consts are correct, all properties exists and not empty.
I've also tried SPSecurity.CatchAccessDeniedException
with no luck.
المحلول
We've found the answer - the problem is that these site collections were created under different Application Pool Users.
Main portal runs under Pool_Portal_User
, and Personal Sites runs under Pool_Personal_User
.
Because of that we've got Access Denied when trying to access Main Portal from Personal Sites.
To resolve this, we need to grant access to Pool_Personal_User
on Main Portal.
In SharePoint PowerShell console (run as Fram administrator account):
$app = Get-SPWebApplication http://company
$app.GrantAccessToProcessIdentity("Domain\Pool_Personal_User")
$app.Update()