Access Denied when activating features implementing SPFeatureReceiver?

Question

We've developed several features who implement the SPFeatureReceiver interface. When trying this out in the development environment it first failed until I found this script from the MSDN:

function Set-RemoteAdministratorAccessDenied-False() 
{ 
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null 
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Administration") > $null 

    # get content web service 
    $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService 
    # turn off remote administration security 
    $contentService.RemoteAdministratorAccessDenied = $false 
    $contentService.Update()          
} 

Set-RemoteAdministratorAccessDenied-False

After running the script and reset IIS, it all worked well on development and we could activate the feature (as Farm Admin) in Site Settings > Manage Site Features with the scope set to Site http://mysolution/_layouts/ManageFeatures.aspx?Scope=Site. After activation we reversed the property RemoteAdministratorAccessDenied to true again, and did a new IISRESET.

On the production server, we used the same procedure after deployment of the feature:

1. Set RemoteAdministratorAccessDenied to false
2. IISRESET and tried to activate the feature - but it failed.

The error message we got back is the following:

    Server Error in '/' Application.
--------------------------------------------------------------------------------

Security Exception 
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

Exception Details: System.Security.SecurityException: Access Denied.

Source Error: 

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

  <%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
   <system.web>
       <compilation debug="true"/>
   </system.web>
</configuration>

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.  

Stack Trace: 


[SecurityException: Access Denied.]
   Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate() +27451643
   Microsoft.SharePoint.Administration.SPJobDefinition.Update() +152
   Company.IssueTracker.Features.NewIssueTimerJob.NewIssueTimerJobEventReceiver.FeatureActivated(SPFeatureReceiverProperties properties) +837
   Microsoft.SharePoint.SPFeature.DoActivationCallout(Boolean fActivate, Boolean fForce) +25671814
   Microsoft.SharePoint.SPFeature.Activate(SPSite siteParent, SPWeb webParent, SPFeaturePropertyCollection props, Boolean fForce) +25676799
   Microsoft.SharePoint.SPFeatureCollection.AddInternal(SPFeatureDefinition featdef, Version version, SPFeaturePropertyCollection properties, Boolean force, Boolean fMarkOnly) +27776095
   Microsoft.SharePoint.SPFeatureCollection.AddInternalWithName(Guid featureId, String featureName, Version version, SPFeaturePropertyCollection properties, Boolean force, Boolean fMarkOnly, SPFeatureDefinitionScope featdefScope) +150
   Microsoft.SharePoint.SPFeatureCollection.Add(Guid featureId, Boolean force, SPFeatureDefinitionScope featdefScope) +83
   Microsoft.SharePoint.WebControls.FeatureActivator.ActivateFeature(Guid featid, SPFeatureDefinitionScope featdefScope) +699
   Microsoft.SharePoint.WebControls.FeatureActivatorItem.BtnActivateFeature_Click(Object objSender, EventArgs evtargs) +140
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11058199
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11057738
   System.Web.UI.Page.ProcessRequest() +91
   System.Web.UI.Page.ProcessRequest(HttpContext context) +240
   ASP._layouts_managefeatures_aspx.ProcessRequest(HttpContext context) +9
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171




--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.4963; ASP.NET Version:2.0.50727.4971 

---

My environement: Sharepoint Server 2010

Realated Questions in SharePoint 2007:

• Access denied when adding web application features programmatically
• Error activating feature

Answer 1

If the blogs that C. linked to doesn't help I'd try to make the feature WebApplication scoped which probably is the right thing as you're adding a new timerjob.

I assume that in FeatureDeactiving you remove the job again. In that case you'll have a problem if someone activates the feature in two Webs and then remove it from one of them.

Answer 2

I believe your problem is already tackled here? FeatureActivated event receiver giving access denied when trying so set WebApplication property and the issue is further explained here http://blog.bugrapostaci.com/tag/remoteadministratoraccessdenied/

Hope it helps, C:\Marius