How to enable a user for impersonation in Tridion 2009?

StackOverflow https://stackoverflow.com/questions/10382521

Question

I'm trying to use Tridion's ContentManagment API to retrieve taxonomy categories and keywords, but I'm running into an Access denied error.

I have the following method:

public Dictionary<string, string> GetKeywords(string tcmUri)
{
     var result = new Dictionary<string, string>();

     try 
     {
         // _settings.ImpersonationUser = "MYDOMAIN/myusername"
         using (var session = new Session(_settings.ImpersonationUser))
         {
             var category = new Category(new TcmUri(tcmUri), session);
             var keywords = category.GetKeywords(new Filter());

             if (keywords != null && keywords.Count > 0)
             {
                 foreach (var keyword in keywords)
                 {
                     result.Add(keyword.Id.ToString(), keyword.Title);
                 }
             }
         }
     }
     catch (Exception ex)
     {
         Logger.Log.Error(
             "Failed to retrieve keywords for '{0}'.".FormatWith(tcmUri), ex);
     }

     return result;
}

The user I've got in _settings.ImpersonationUser has access to the Tridion Content Manager, is configured as an administrator, and has been added to Impersonation users in the "SDL Tridion Content Manager configuration" snap-in.

The error I'm getting is the following:

System.Runtime.InteropServices.COMException (0x80040302):
<?xml version="1.0"?>
<tcm:Error xmlns:tcm="http://www.tridion.com/ContentManager/5.0" 
    ErrorCode="80040302" Category="16" Source="Kernel" Severity="2">
    <tcm:Line ErrorCode="80040302" Cause="true" MessageID="16226">
        <![CDATA[Access denied for the user MYDOMAIN\myuser.]]
        <tcm:Token>MYDOMAIN\myuser</tcm:Token>
    </tcm:Line>
    <tcm:Details>
        <tcm:CallStack>
            <tcm:Location>SystemBLST.GetUserContext</tcm:Location>
            <tcm:Location>SystemBLST.IBLSecurityST_GetUserContext</tcm:Location>
        </tcm:CallStack>
    </tcm:Details>
</tcm:Error>

Does anyone have any clues to what I'm doing wrong? Thanks in advance!

Was it helpful?

Solution

Here's a few things to understand when it comes to impersonation & Tridion...

  • The user executing the code should not have access to Tridion.
  • The user executing the code should be configured as a valid "Impersonation User"
  • The user that the code impersonates should be a valid Tridion user.

If all those 3 conditions are true, impersonation will work.

By executing the code, I mean the Windows account under which the code is being executed. If this account has access to Tridion, you do NOT need to use impersonation.

Hope this helps.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top