Access Denied when activating features implementing SPFeatureReceiver?
-
09-12-2019 - |
Question
We've developed several features who implement the SPFeatureReceiver interface. When trying this out in the development environment it first failed until I found this script from the MSDN:
function Set-RemoteAdministratorAccessDenied-False()
{
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Administration") > $null
# get content web service
$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
# turn off remote administration security
$contentService.RemoteAdministratorAccessDenied = $false
$contentService.Update()
}
Set-RemoteAdministratorAccessDenied-False
After running the script and reset IIS, it all worked well on development and we could activate the feature (as Farm Admin) in Site Settings > Manage Site Features
with the scope set to Site http://mysolution/_layouts/ManageFeatures.aspx?Scope=Site. After activation we reversed the property RemoteAdministratorAccessDenied to true again, and did a new IISRESET
.
On the production server, we used the same procedure after deployment of the feature:
- Set RemoteAdministratorAccessDenied to false
- IISRESET and tried to activate the feature - but it failed.
The error message we got back is the following:
Server Error in '/' Application.
--------------------------------------------------------------------------------
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Access Denied.
Source Error:
The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:
1. Add a "Debug=true" directive at the top of the file that generated the error. Example:
<%@ Page Language="C#" Debug="true" %>
or:
2) Add the following section to the configuration file of your application:
<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>
Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.
Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.
Stack Trace:
[SecurityException: Access Denied.]
Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate() +27451643
Microsoft.SharePoint.Administration.SPJobDefinition.Update() +152
Company.IssueTracker.Features.NewIssueTimerJob.NewIssueTimerJobEventReceiver.FeatureActivated(SPFeatureReceiverProperties properties) +837
Microsoft.SharePoint.SPFeature.DoActivationCallout(Boolean fActivate, Boolean fForce) +25671814
Microsoft.SharePoint.SPFeature.Activate(SPSite siteParent, SPWeb webParent, SPFeaturePropertyCollection props, Boolean fForce) +25676799
Microsoft.SharePoint.SPFeatureCollection.AddInternal(SPFeatureDefinition featdef, Version version, SPFeaturePropertyCollection properties, Boolean force, Boolean fMarkOnly) +27776095
Microsoft.SharePoint.SPFeatureCollection.AddInternalWithName(Guid featureId, String featureName, Version version, SPFeaturePropertyCollection properties, Boolean force, Boolean fMarkOnly, SPFeatureDefinitionScope featdefScope) +150
Microsoft.SharePoint.SPFeatureCollection.Add(Guid featureId, Boolean force, SPFeatureDefinitionScope featdefScope) +83
Microsoft.SharePoint.WebControls.FeatureActivator.ActivateFeature(Guid featid, SPFeatureDefinitionScope featdefScope) +699
Microsoft.SharePoint.WebControls.FeatureActivatorItem.BtnActivateFeature_Click(Object objSender, EventArgs evtargs) +140
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11058199
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11057738
System.Web.UI.Page.ProcessRequest() +91
System.Web.UI.Page.ProcessRequest(HttpContext context) +240
ASP._layouts_managefeatures_aspx.ProcessRequest(HttpContext context) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.4963; ASP.NET Version:2.0.50727.4971
My environement: Sharepoint Server 2010
Realated Questions in SharePoint 2007:
Solution
If the blogs that C. linked to doesn't help I'd try to make the feature WebApplication scoped which probably is the right thing as you're adding a new timerjob.
I assume that in FeatureDeactiving you remove the job again. In that case you'll have a problem if someone activates the feature in two Webs and then remove it from one of them.
OTHER TIPS
I believe your problem is already tackled here? FeatureActivated event receiver giving access denied when trying so set WebApplication property and the issue is further explained here http://blog.bugrapostaci.com/tag/remoteadministratoraccessdenied/
Hope it helps, C:\Marius