Unauthorized problem with impersonating an user
https://sharepoint.stackexchange.com//questions/28774
-
07-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to get this result: i want me to impersonate an user X, write down a file in a List (in which X has contribute rights), and change the privileges so that noone else can modify that..
So i decide..
1. Elevate Privilage
2. Open SC as User (by Token)
3. Add item
4. Add User as Contributor
5. Remove the group of User from the Contribution
Is there something wrong?
Here's my code:
string fullsite = SPContext.Current.Web.Url + "/sites/ReplyCorp";
SPUserToken myToken = TokenManager.GetToken(addContentObj.userId);
Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite scSite = new SPSite(fullsite, myToken))
{
using (SPWeb scWebAllReplyers = scSite.OpenWeb("AllReplyers"))
{
scWebAllReplyers.AllowUnsafeUpdates = true;
scWeb.AllowUnsafeUpdates = true;
SPList listContenuti = scWebAllReplyers.Lists["Contenuti"];
SPListItem nuovoElemento = listContenuti.AddItem();
nuovoElemento["Title"] = addContentObj.contentTitle;
nuovoElemento.Update();
var allreplyers = scWebAllReplyers.Groups["AllReplyers"];
AssignPermissionsToItem(nuovoElemento, (SPPrincipal)scWebAllReplyers.AllUsers[addContentObj.userId], SPRoleType.Contributor);
AssignPermissionsToItem(nuovoElemento, (SPPrincipal)allreplyers, SPRoleType.Readern);
}
}
}
}
public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
{
if (!item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(false, true);
item.Update();
}
SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
item.RoleAssignments.Add(roleAssignment);
}
The problem I get is "Unauthorized User", even if my user is Admin and the other user is contributor and owner of the file (running withelevated Privileges!)
Thank you very much!
Solution
Just understand WHY it wont work... I was impersonating the user, so the "ElevatedPrivileges" where "capped" by the impersonated "roles"... I split the code in two parts: first of all, impersonating, I create the item, and then, creating another SPWeb i connect as Admin and change the privileges on that item!
string fullsite = SPContext.Current.Web.Url + "/sites/ReplyCorp";
SPUserToken myToken = TokenManager.GetToken(addContentObj.userId);
Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite scSite = new SPSite(fullsite, myToken))
{
using (SPWeb webRoot = scSite.OpenWeb())
{
using (SPWeb webAllReplyers = scSite.OpenWeb("AllReplyers"))
{
webAllReplyers.AllowUnsafeUpdates = true;
scSite.AllowUnsafeUpdates = true;
SPList listContenuti = webAllReplyers.Lists["Contenuti"];
SPListItem nuovoElemento = listContenuti.AddItem();
nuovoElemento["Title"] = addContentObj.contentTitle;
nuovoElemento.Update();
DEBUG = nuovoElemento.UniqueId;
Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite SiteColl = new SPSite(fullsite))
{
using (SPWeb scWebElevated = SiteColl.OpenWeb("AllReplyers"))
{
scWebElevated.AllowUnsafeUpdates = true;
scSite.AllowUnsafeUpdates = true;
SPList listaContenuti = scWebElevated.Lists["Contenuti"];
SPListItem item = listaContenuti.Items[DEBUG];
item.BreakRoleInheritance(true);
item.Update();
scWebElevated.AllowUnsafeUpdates = true;
var allreplyers = scWebElevated.Groups["AllReplyers"];
AssignPermissionToItem(item, (SPPrincipal)scWebElevated.AllUsers[addContentObj.userId], SPRoleType.Contributor, scWebElevated);
AssignPermissionToItem(item, (SPPrincipal)allreplyers, SPRoleType.Reader, scWebElevated);
}
}
});
}
}
