Access denied in Sharepoint 2010 HTTP handler (.ashx)

sharepoint.stackexchange https://sharepoint.stackexchange.com//questions/32272

Domanda

I've developed a Visual Web Part for Sharepoint 2010 that includes an HTTP handler for some AJAX functionality. I followed this guide to accomplish this.

I've createad a brand new SP 2010 web application under Sharepoint 2010 server to test this web part.

The problem is that when I try to access the handler with some new users I get access denied as follows:

http://i.imgur.com/IogWB.png

But it works just fine with my user (the one I'm using to develop and deploy the webpart in VS)

The site is configured to use Windows authentication (FBA is not enabled).

Another weird thing is that I've another 2 visual web parts with the same structure and an http handler that works just fine with every user. So there's something in this particular handler that's causing the access denied problem.

Any idea how to solve this problem? Where to start looking at least to see why I'm getting it?

UPDATE I've noticed that the handler only works for user in the site collection admin group. For the site collection members group (with contribute permission) it throws the access denied.

UPDATE 2 I've commented everything and left just the method ProcessRequest with a simple return string and it works for every user. So it's something I'm doing inside the handler that non-admin users doesn't have permission to do. I'll check each method too see what it's causing the error.

Thanks

È stato utile?

Soluzione 2

The problem is that I was trying to do the following inside the handler:

SPSite siteColl = SPContext.Current.Site;
var webs = siteColl.AllWebs;

And that fails when a non-admin user is logged in.

So instead of using AllWebs, I used:

var webs = siteColl.OpenWeb().GetSubwebsForCurrentUser()

More info about GetSubwebsForCurrentUser() here

Altri suggerimenti

Common issue is:

The web part is located on a page of subsite, and tries to retrieve data from '/_layouts/somefolder/somehandler.ashx'. But this url is the url of root site which user have not access to.

In this case you should use '<%= SPContext.Current.Web.ServerRelativeUrl %>/_layouts/somefolder/somehandler.ashx'

$.ajax({
  url: "<%= SPContext.Current.Web.ServerRelativeUrl %>/_layouts/somefolder/somehandler.ashx",
  context: document.body
}).done(function() { 
  $(this).addClass("done");

});

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a sharepoint.stackexchange
scroll top