"401 Unauthorized" when accessing PublishingWeb.DefaultPage RRS feed

  • Question

  • I have a SharePoint MOSS 2007 WCM Publishing Site. I have created a user control that lives in the 12 hive as an .ascx file and it's asociated ascx.vb file. I have several of these working, but am having security issues with one of them.


    My objective is a Navigation control that lists all the pages in the site on the right-column when you're viewing any of the pages in the site. I can't use the OOTB nav control because I need to add a query string parameter to the end of each page's url.


    This user control is generating a Summary List of the pages in the sub site. My first problem was that when I iterate through the SPWeb.navigation.QuickLaunch items (to preserve the sorting order from the SharePoint UI), it leaves out the default page. My solution was to get the SPWeb PublishingWeb, grab it's default page and create a link to that page before iterating through the SPWeb.navigation.QuickLaunch items. This works great when I'm in the site that has Integrated Security.


    My problem is in the Anonymous Access site. When the page loads and tries to access the PublishingWeb.DefaultPage property, I get the "401 Unauthorized" error. Can anyone help me understand why this is? I've tried setting the SPWeb.AllowUnsafeUpdates to true, but that didn't help.


    Thanks in advance,


    John Way

    Milliken and Company

    Spartanburg, SC

    Friday, March 7, 2008 7:34 PM


All replies

  • You need to use RunWithElevatedPrivileges.




    Friday, March 7, 2008 7:45 PM
  • Thanks! That worked like a champ.



    Friday, March 7, 2008 9:42 PM
  •  Your problem is that an anonymous users get the Limited Access permission level.

     To resolve the problem you should add the BrowseDirectories base permission.

     Here is the code that grant this permission:

                SPWeb web = SPContext.Current.Web;

                SPRoleDefinition RD = web.RoleDefinitions["Limited Access"]; //Set the permission level name according to your case
                web.RoleDefinitions[RD.Name].BasePermissions = (web.RoleDefinitions[RD.Name].BasePermissions | SPBasePermissions.BrowseDirectories);
                web.AllowUnsafeUpdates = true;

    Best Regards,

    Yoel Hor

    • Edited by Yoel Hor Wednesday, November 5, 2008 12:03 PM
    Wednesday, November 5, 2008 11:59 AM