Getting access denied when trying to read user profile with RunWithElevatedPrivileges

Question

Hi Guys,

I know that one needs to create a new site hence the SPContext site will keep the current user's credentials, but I am creating a new site and passing its context but I still get an access denied error..not sure what this problem is:

            try
            {
                UserProfile profile = null;
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site = new SPSite(SPContext.Current.Site.ID))
                    {
                        ServerContext context = ServerContext.GetContext(site);
                        UserProfileManager userProfileManager = new UserProfileManager(context,true);

                        //Get account and colleagues
                        UserProfile userProfile = userProfileManager.GetUserProfile(accountName); //Code bombs here
                        profile = userProfile;
                    }                     
                });
                return profile;
            }
            catch (Exception ex)
            {
                LogEx(ex);
                return null;
            }

Any help is greatly appreciated
Mike

Answer 1

Well, you're still calling SPContext from within your elevated method, causing it to cease elevation.

Try this:

            try
            {
                // Get the Site ID before entering RunWithElevated...
                Guid siteID = SPContext.Current.Site.ID;

                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site = new SPSite(siteID))
                    {
                       // Your code logic here, without calling SPContext anywhere inside this method...
                    }                      
                });
            }
            catch (Exception ex)
            {
                LogEx(ex);
            }

It is very important to not call the SPContext from within any elevated method, as it'll result in your elevatev privileges to cease.

Regards,

---

Tobias Zimmergren
Microsoft MCP, MCTS, MCT, MVP (SharePoint)
Blog: www.zimmergren.net
Twitter: twitter.com/zimmergren

Answer 2

Hi Tobias,

Thanks for you reply and I must say that I like your articles..keep up the good work :)

I've changed my code to the following but still get System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))


code:

 Guid siteID = SPContext.Current.Site.ID;
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site = new SPSite(siteID))
                    {
                        ServerContext context = ServerContext.GetContext(site);
                        UserProfileManager userProfileManager = new UserProfileManager(context,true);

                        //Get account and colleagues
                        UserProfile userProfile = userProfileManager.GetUserProfile(accountName);
                        profile = userProfile;
                    }                     
                });

Would I have to impersonate the App_Pool ID account or some other account (possibly the one that was used to create the SSP)? I hope not because it feels like an overkill just to get a user's profile :S

Regards
Mike

Answer 3

Hi Mike,

Try this code... its better than RunWithElevatedPrivilege

SPUserToken sysToken = SPContext.Current.Site.SystemAccount.UserToken;
                
using (var spSite = new SPSite(SPContext.Current.Site.ID, sysToken))
{
    using (var spWeb = spSite.OpenWeb(SPContext.Current.Web.ID))
    {
        //Your code
    }
}

---

Regards, Avinash | avinashkt.blogspot.com