Access denied for BCS method in e-mail event receiver

Question

I have a SPItemEventReceiver which does some stuff with an external list when a document is uploaded to a DocLib. I now wanted to have it also run when an e-mail is sent to that DocLib.
I could have used an SPEMailEventReceiver, but I stuck with my old event receiver as it is working up until a point:

When trying to access the external list I get the following error:

Access Denied for User '', which may be an impersonation by 'mydomain\myuser'. Securable MethodInstance with Name 'Read List' has ACL that contains:...

Now there are numerous posts that explain that I should set permissions for the BCS model in the central administration (or the model itself) and this is where my problem resides (as pretty much everyone has permissions).

As the event receiver is being run by owstimer.exe the user (owstimer is being run by the farm account) is somehow cut off or something like that (see the empty user string in the error message). I gave permissions to everyone on the BCS model. The farm account, the app pool account, anonymous access, all authenticated users, IUSR, network service - they all have execute permission - no luck. The BCS model is configured with windows authentication and Kerberos is active.

I am pretty sure that the problem stems from owstimer running the code. Maybe someone else experienced this issue and knows a way around this? Maybe there is some way I could tell my code to run as some user that I know has the permission?

Answer 1

Based on my experiments in the case of an OWSTimer process you should access your external data using the BCS API instead of running a CAML query against the external list. See details here: http://pholpar.wordpress.com/2012/02/14/accessing-external-data-from-sharepoint-timer-jobs-or-from-event-receivers-triggered-by-incoming-mail/