'System.UnauthorizedAccessException' when accessing AllProperites if elevated web
https://sharepoint.stackexchange.com/questions/168901
-
07-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Though the web is elevated, I get the following exception
'elevatedWeb.AllowAnonymousAccess' threw an exception of type 'System.UnauthorizedAccessException'
when I try to access the elevated web properties. Here is the code:
string urlmp = ConfigurationManager.AppSettings["urlmp"];
SPSite spsite = new SPSite(urlmp);
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite elevatedSite = new SPSite(spsite.ID);
SPWeb elevatedWeb = elevatedSite.OpenWeb();
ht = elevatedWeb.AllProperties; // HERE the exception
});
Any idea about what's wrong?
EDIT: The code runs in a membership provider.
Solution
Your membership provider may be loaded by the SharePoint Web application itself, running in the SharePoint pool's identity. This identity has obviously full access to all site collections in the Web app.
But the membership provider can also be loaded in the Security Token service, a dedicated Web application in SharePoint, loaded in a dedicated app pool. That app pool may (should) have another service's identity.
The SPSecurity.RunWithElevatedPrivileges only reverts context from current user to app pool's identity. It works great when used in code running in the SharePoint application pool (that's the way it's expected to be used).
If you "RunWithElevatedPrivileges" from another pool, it reverts to that other pool's identity. And it has then no effect on the privileges gained to access the SharePoint DB.
