Access Denied when access another site collection properties

https://sharepoint.stackexchange.com/questions/163597

06-10-2020
|

题

I have two site collections:

http://company - this is main portal
http://company:200 - this is personal sites.

On a personal sites collection, in its root web properties we stores Guid of main portal site collection: personalWeb.Properties[MainPortalGuid].

On a main site, also in web.Properties we had stored some specific info: mainWeb.Properties[SomeInfo]

Being in Personal sites collection, I need to access this specific info, and I always get "Access denied" exception when trying to read main site properties. I'm acting that way:

Guid portalGuid = new Guid();
SPServiceContext serviceContext = SPServiceContext.GetContext(SPContext.Current.Site);
UserProfileManager upm = new UserProfileManager(serviceContext);
string pesonalSitesUrl = upm.MySiteHostUrl;

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite personalSite = new SPSite(pesonalSitesUrl))
    {
        using (SPWeb personalWeb = personalSite.RootWeb)
        {
            string guid = personalWeb.Properties[MainPortalGuid];
            portalGuid = new Guid(guid);
        }
    }

    using (SPSite secureSite = new SPSite(portalGuid))
    {
        using (SPWeb secureWeb = secureSite.RootWeb))
        {
            // And this line throws "access denied" exception:
            if (secureWeb.Properties.ContainsKey(CommonConsts.RssKeyCommon))
            {
                someInfo = secureWeb.Properties[SomeInfo];
            }
        }
    }
});

I'm creating new SPSite/SPWeb objects in RunWithElevatedPrivileges delegate. All Guids and consts are correct, all properties exists and not empty.

I've also tried SPSecurity.CatchAccessDeniedException with no luck.

解决方案

We've found the answer - the problem is that these site collections were created under different Application Pool Users. Main portal runs under Pool_Portal_User, and Personal Sites runs under Pool_Personal_User.

Because of that we've got Access Denied when trying to access Main Portal from Personal Sites.

To resolve this, we need to grant access to Pool_Personal_User on Main Portal.

In SharePoint PowerShell console (run as Fram administrator account):

$app = Get-SPWebApplication http://company
$app.GrantAccessToProcessIdentity("Domain\Pool_Personal_User")
$app.Update()

许可以下： CC-BY-SA 和归因

不隶属于 sharepoint.stackexchange