How do I fetch the data from list present in root web of the root site collection?

sharepoint.stackexchange https://sharepoint.stackexchange.com//questions/95567

  •  10-12-2019
  •  | 
  •  

Question

We need to populate some data on an application page. The application page is present in the layouts folder and hence is accessible via the respective site URL. There are multiple site collections. Each site collection has their own set of users (unique) who do not interfere or have rights with other sitecollections.

There is a list in Root Site collection's(the 1st site collection we create after creating a web application) root web.

I need to pull in the data from this list into the application page.

My question is how do I access the root site collections, root web using the SP Server Object model from any other site collections web?

Also, what would be the security implications, because we cannot have a user of say site collection 2 or 3 or 4 to have any rights in the 1st site collection. Does that mean that this scenario is not possible? Is there any other workaround?

The requirement is to have a policy page which should pick up data from a list and show to users. The user wants the policy page data to be dynamically picked from the 1st item of the list. This page is an application page and hence is accessible to each user on every site collection's web. However, my concern is regarding the way to access this data from sitecollection[0].rootweb and regarding security implications as users of other site collections do not have any rights on sitecollection[0].

UPDATE1

 SPSecurity.RunWithElevatedPrivileges(delegate()
                {                   
                    SPWeb rootSiteColRootWeb = SPContext.Current.Site.WebApplication.Sites[0].RootWeb;

                    SPList spList = rootSiteColRootWeb.Lists.TryGetList("MyMenu");
                        if (spList != null)
                        {
                            SPQuery qry = new SPQuery();
                            qry.Query =
                            @"   <OrderBy>
      <FieldRef Name='Title' />
   </OrderBy>";
                            qry.ViewFields = @"<FieldRef Name='Title' /><FieldRef Name='Data' />";
                            SPListItemCollection listItems = spList.GetItems(qry);

                            contentsDiv.InnerHtml = listItems[0]["Data"].ToString();
                        }
                });

Update2

     SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site = new SPSite(SPContext.Current.Site.WebApplication.Sites[0].RootWeb.Url))
                    {
                        SPWeb rootWeb = site.RootWeb;

                        SPList spList = rootWeb.Lists.TryGetList("MyMenu");
                        if (spList != null)
                        {
                            SPQuery qry = new SPQuery();
                            qry.Query =
                            @"   <OrderBy>
      <FieldRef Name='Title' />
   </OrderBy>";
                            qry.ViewFields = @"<FieldRef Name='Title' /><FieldRef Name='Data' />";
                            SPListItemCollection listItems = spList.GetItems(qry);

                            contentsDiv.InnerHtml = listItems[0]["Data"].ToString();
                        }

                    }
                });

The code present in both Update 1 and update 2 run successfully when user with no rights on the sitecollection on which the list is present logs in. I want to know which is better method and why?

Was it helpful?

Solution

for your origional question iv answered here about getting the root web of a site:

for the root web of the site collection:

SPWeb spWeb = SPContext.Current.Site.RootWeb;
SPList spList = spWeb.Lists.TryGetList("MyList");

if its the root web of the root site collection than roberts way is the right way to get the spsite root!

SPSite URL value

following on about sercurity and the account being used:

sharepoint gives restricted read access so you can get to sitecolection 2 URL otherwise you wouldnt be able to. Running on server has nothing todo with it! the code is run under nt authenticated user! and defnaltly not app pool account!!

Just becasue code is run under the server doesnt mean its run under app pool account! the only way that happens is if you set runwithelevatedprivlages otherwise you would be giving all users unnessary access! To prove my point!

within your aspx.cs add the following code, it will show you the current user... it is this user that the current context is being used and it is this user that is used to access the site and _layouts files within hive!

protected override void OnLoad(EventArgs e)
{
    base.OnLoad(e);
    string strUserName = SPContext.Current.Web.CurrentUser.LoginName;
    Label l = new Label();
    l.id = "userID";
    l.Text = strUserName;
    this.Controls.Add(l);
}

If you see system account than its app pool account.... if you see a normal user account than its not running under app pool! If it is running under app pool account than you should be worried as your giving unnessary access that is aginst best practice.

how do i also know it runs under nt authenticated account? well just try and access the file as annoymous :) youll get access denied... for that you need impersonation as not even elevated privlages work!

Application page in layouts folder accessing web application object

OTHER TIPS

To access the rootweb use

var rootWeb = SPContext.Current.Site.WebApplication.Sites[0].RootWeb;

If your user will not have access to this collection, you must open it up in elevated privileges:

        SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            using (SPSite site = new SPSite(SPContext.Current.Site.WebApplication.Sites[0].Id))
            using (SPWeb rootWeb = site.OpenWeb())
            {
                // Do your stuff with rootWeb
            }
        }
Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top