locked
User impersonation is not allowing the impersonated account to see a list they have 'read' permissions to RRS feed

  • Question

  • I have a list that is using an AD security group to allow a set of users 'read' permissions on the list.  I have verified that I can login as UserA and navigate and view the list.

    I am developing a web part that will always be run under UserB's account.  The web part then impersonates UserA's account before trying to access the list.  The code I'm using to accomplish this looks like:

    SPUser user = SPControl.GetContextWeb(Context).AllUsers[(string)this.ViewState["ACCOUNT_NAME"]];
    SPSite site = new SPSite(SPControl.GetContextWeb(Context).Url, user.UserToken);
    SPWeb web = site.OpenWeb(SPControl.GetContextWeb(Context).ServerRelativeUrl);
    SPList list = web.Lists["LLC Sign-In"];
    
    As soon as the last line of code executes, an "Access Denied" pages comes up.  If I explicitly add the user to the list with 'read' permissions (as opposed to just having the user inside of the AD security group), then it works fine.

    Does anyone know if I'm going about this the correct way?  I'd rather use user impersonation rather than elevate privs since next in the code, I display a particular view of data, and the list is set so that users can only read their own items.  If I elevate privs, then I won't be able to get that view with just the items from UserA.

    Monday, June 14, 2010 7:56 PM

Answers

  • Hi William,

    You can debug under  which account does the web Part run using the code below:

    Web.CurrentUser.LoginName

     

    I replay the scenario in my server, it works fine. There are some differences, hope it’s helpful to you:

     

    public void TestUserToken(string siteUrl)
    
        {
    
          SPUser user;
    
          using (SPSite site = new SPSite(siteUrl))
    
          {
    
            using (SPWeb web = site.OpenWeb())
    
            {
    
              user = web.EnsureUser("domainname\\accountname ");
    
            }
    
          }
    
     
    
          using (SPSite site = new SPSite(siteUrl, user.UserToken))
    
          {
    
            using (SPWeb web = site.OpenWeb())
    
            {
    
              Console.WriteLine(web.CurrentUser.LoginName);
    
              SPList list = web.Lists["Books"];
    
            }
    
          }      
    
          
    
        }
    

    Run and run.
    Wednesday, June 16, 2010 7:02 AM