locked
Getting access denied when trying to read user profile with RunWithElevatedPrivileges RRS feed

  • Question

  • Hi Guys,

    I know that one needs to create a new site hence the SPContext site will keep the current user's credentials, but I am creating a new site and passing its context but I still get an access denied error..not sure what this problem is:

                try
                {
                    UserProfile profile = null;
                    SPSecurity.RunWithElevatedPrivileges(delegate()
                    {
                        using (SPSite site = new SPSite(SPContext.Current.Site.ID))
                        {
                            ServerContext context = ServerContext.GetContext(site);
                            UserProfileManager userProfileManager = new UserProfileManager(context,true);

                            //Get account and colleagues
                            UserProfile userProfile = userProfileManager.GetUserProfile(accountName); //Code bombs here
                            profile = userProfile;
                        }                     
                    });
                    return profile;
                }
                catch (Exception ex)
                {
                    LogEx(ex);
                    return null;
                }

    Any help is greatly appreciated
    Mike
    Wednesday, September 9, 2009 10:39 AM

Answers

  • Well, you're still calling SPContext from within your elevated method, causing it to cease elevation.

    Try this:

                try
                {
                    // Get the Site ID before entering RunWithElevated...
                    Guid siteID = SPContext.Current.Site.ID;
    
                    SPSecurity.RunWithElevatedPrivileges(delegate()
                    {
                        using (SPSite site = new SPSite(siteID))
                        {
                           // Your code logic here, without calling SPContext anywhere inside this method...
                        }                      
                    });
                }
                catch (Exception ex)
                {
                    LogEx(ex);
                }

    It is very important to not call the SPContext from within any elevated method, as it'll result in your elevatev privileges to cease.

    Regards,
    Tobias Zimmergren
    Microsoft MCP, MCTS, MCT, MVP (SharePoint)
    Blog: www.zimmergren.net
    Twitter: twitter.com/zimmergren
    • Edited by Tobias ZimmergrenMVP Wednesday, September 9, 2009 10:51 AM Edited bad code-editor html output...
    • Proposed as answer by Madhu918 Wednesday, September 9, 2009 12:06 PM
    • Marked as answer by Aaron Han - MSFT Tuesday, September 15, 2009 2:18 AM
    Wednesday, September 9, 2009 10:50 AM
  • Hi Mike,

    Try this code... its better than RunWithElevatedPrivilege

    SPUserToken sysToken = SPContext.Current.Site.SystemAccount.UserToken;
                    
    using (var spSite = new SPSite(SPContext.Current.Site.ID, sysToken))
    {
        using (var spWeb = spSite.OpenWeb(SPContext.Current.Web.ID))
        {
            //Your code
        }
    }

    Regards, Avinash | avinashkt.blogspot.com
    Wednesday, September 9, 2009 6:45 PM

All replies

  • Well, you're still calling SPContext from within your elevated method, causing it to cease elevation.

    Try this:

                try
                {
                    // Get the Site ID before entering RunWithElevated...
                    Guid siteID = SPContext.Current.Site.ID;
    
                    SPSecurity.RunWithElevatedPrivileges(delegate()
                    {
                        using (SPSite site = new SPSite(siteID))
                        {
                           // Your code logic here, without calling SPContext anywhere inside this method...
                        }                      
                    });
                }
                catch (Exception ex)
                {
                    LogEx(ex);
                }

    It is very important to not call the SPContext from within any elevated method, as it'll result in your elevatev privileges to cease.

    Regards,
    Tobias Zimmergren
    Microsoft MCP, MCTS, MCT, MVP (SharePoint)
    Blog: www.zimmergren.net
    Twitter: twitter.com/zimmergren
    • Edited by Tobias ZimmergrenMVP Wednesday, September 9, 2009 10:51 AM Edited bad code-editor html output...
    • Proposed as answer by Madhu918 Wednesday, September 9, 2009 12:06 PM
    • Marked as answer by Aaron Han - MSFT Tuesday, September 15, 2009 2:18 AM
    Wednesday, September 9, 2009 10:50 AM
  • Hi Tobias,

    Thanks for you reply and I must say that I like your articles..keep up the good work :)

    I've changed my code to the following but still get System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))


    code:

     Guid siteID = SPContext.Current.Site.ID;
                    SPSecurity.RunWithElevatedPrivileges(delegate()
                    {
                        using (SPSite site = new SPSite(siteID))
                        {
                            ServerContext context = ServerContext.GetContext(site);
                            UserProfileManager userProfileManager = new UserProfileManager(context,true);

                            //Get account and colleagues
                            UserProfile userProfile = userProfileManager.GetUserProfile(accountName);
                            profile = userProfile;
                        }                     
                    });

    Would I have to impersonate the App_Pool ID account or some other account (possibly the one that was used to create the SSP)? I hope not because it feels like an overkill just to get a user's profile :S

    Regards
    Mike
    Wednesday, September 9, 2009 12:38 PM
  • Hi Mike,

    Try this code... its better than RunWithElevatedPrivilege

    SPUserToken sysToken = SPContext.Current.Site.SystemAccount.UserToken;
                    
    using (var spSite = new SPSite(SPContext.Current.Site.ID, sysToken))
    {
        using (var spWeb = spSite.OpenWeb(SPContext.Current.Web.ID))
        {
            //Your code
        }
    }

    Regards, Avinash | avinashkt.blogspot.com
    Wednesday, September 9, 2009 6:45 PM