LimitedWebPartManager and RunWithElevatedPriveledges
-
Tuesday, August 28, 2012 7:40 AM
Given the below code, it will not allow someone with Visitor permissions to execute the
following line:
System.Web.UI.WebControls.WebParts.WebPart oWebPart = manager.ImportWebPart(reader, out errorMsg);
Even with RunWithElevatedPriviledges surrounding everything, it still fails there with an access denied message. Anyone know why this is? I want users to be able to modify their personal view of a page, but remain visitors - I dont want them to have contributor permissions to the site. Any ideas?
protected void AddWebPart(SPListItem selectedWebPartListItem) { SPWeb webContext = SPContext.Current.Web; webContext.Site.AllowUnsafeUpdates = true; webContext.AllowUnsafeUpdates = true; webContext.Site.CatchAccessDeniedException = false; SPLimitedWebPartManager manager = webContext.GetLimitedWebPartManager(this.Page.Request.Url.ToString(), PersonalizationScope.User); string fileName = string.Format("{0}/{1}", selectedWebPartListItem.Web.Url, selectedWebPartListItem.File.Url); string wpString = webContext.GetFileAsString(fileName); string exportedWebPartXml = new System.IO.StringReader(wpString).ReadToEnd(); XmlTextReader reader = new XmlTextReader(new System.IO.StringReader(exportedWebPartXml)); reader.Read(); string errorMsg; System.Web.UI.WebControls.WebParts.WebPart oWebPart = manager.ImportWebPart(reader, out errorMsg); if (errorMsg == null || errorMsg == "") { manager.AddWebPart(oWebPart, "1", 0); webContext.Update(); Response.Redirect(Request.Url.ToString()); } }
All Replies
-
Tuesday, August 28, 2012 7:49 AM
Hi
if you try to Elevated user Priviledges, please don't user SPContext.Current.Web;
try to use the following code and have a try.
SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite spSite = new SPSite( SPContext.Current.Web.Site.ID;)) { using (SPWeb webContext= New SPWeb(SPContext.Current.Web.ID) { webContext.Site.AllowUnsafeUpdates = true;
webContext.AllowUnsafeUpdates = true;
webContext.Site.CatchAccessDeniedException = false;
SPLimitedWebPartManager manager = webContext.GetLimitedWebPartManager(this.Page.Request.Url.ToString(), PersonalizationScope.User);
string fileName = string.Format("{0}/{1}", selectedWebPartListItem.Web.Url, selectedWebPartListItem.File.Url);
string wpString = webContext.GetFileAsString(fileName);
string exportedWebPartXml = new System.IO.StringReader(wpString).ReadToEnd();
XmlTextReader reader = new XmlTextReader(new System.IO.StringReader(exportedWebPartXml));
reader.Read();
string errorMsg;
System.Web.UI.WebControls.WebParts.WebPart oWebPart = manager.ImportWebPart(reader, out errorMsg);
if (errorMsg == null || errorMsg == "")
{
manager.AddWebPart(oWebPart, "1", 0); webContext.Update();
Response.Redirect(Request.Url.ToString());
}} } });
SharePoint Gardener in China
Please Kindly mark as Answer if it helps you.
- Edited by Johnny Zhang (China) Tuesday, August 28, 2012 7:50 AM change code
- Edited by Johnny Zhang (China) Tuesday, August 28, 2012 7:51 AM change code
-
Saturday, September 01, 2012 6:05 PM
Sorry, your code did not compile. I changed it to the below, but it still fails if the user executing it is in the Visitor's group. (Still fails at that one line with "Access Denied").
Does anyone know why SPLimitedWebPartManager.ImportWebPart does not respect RunWithElevatedPriveledges, or have we discovered a bug here?
protected void AddWebPart(SPListItem selectedWebPartListItem) { SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPWeb webContext = SPContext.Current.Web) { webContext.Site.AllowUnsafeUpdates = true; webContext.AllowUnsafeUpdates = true; webContext.Site.CatchAccessDeniedException = false; SPLimitedWebPartManager manager = webContext.GetLimitedWebPartManager(this.Page.Request.Url.ToString(), PersonalizationScope.User); string fileName = string.Format("{0}/{1}", selectedWebPartListItem.Web.Url, selectedWebPartListItem.File.Url); string wpString = webContext.GetFileAsString(fileName); string exportedWebPartXml = new System.IO.StringReader(wpString).ReadToEnd(); XmlTextReader reader = new XmlTextReader(new System.IO.StringReader(exportedWebPartXml)); reader.Read(); string errorMsg; System.Web.UI.WebControls.WebParts.WebPart oWebPart = manager.ImportWebPart(reader, out errorMsg); if (errorMsg == null || errorMsg == "") { manager.AddWebPart(oWebPart, "1", 0); webContext.Update(); Response.Redirect(Request.Url.ToString()); } } }); } -
Saturday, September 01, 2012 6:24 PM
I even tried this, thinking that maybe the context had to be defined within the block. Same error though.
protected void AddWebPart(SPListItem selectedWebPartListItem) { SPSecurity.RunWithElevatedPrivileges(delegate() { Guid guid = SPContext.Current.Web.ID; SPSite spSite = SPContext.Current.Site; using (SPWeb spWeb = spSite.OpenWeb(guid)) { SPWeb webContext = SPContext.Current.Web; webContext.Site.AllowUnsafeUpdates = true; webContext.AllowUnsafeUpdates = true; webContext.Site.CatchAccessDeniedException = false; -
Monday, September 03, 2012 12:33 AM
i think i already make it clear.
Please DO NOT use SPSite spSite = SPContext.Current.Site;
try to use using (SPSite spSite = new SPSite( SPContext.Current.Web.Site.ID;))
Thanks.
SharePoint Gardener in China
- Marked As Answer by Qiao WeiMicrosoft Contingent Staff, Moderator Thursday, September 06, 2012 10:07 AM
