views:

370

answers:

2

UPDATE

I can now perform succesful UI impersonation. This was an issue with the code I was using and after viewing Jay Nathan's article I have reverted to his code and all is working great.

In response to a comment this is the code I am using to create a new site collection:

Dim newSite As SPSite = webApp.Sites.Add( _
    txtWebApp.Text & "/cg/" & strURL, txtName.Text, txtDesc.Text, 1033, "SITEDEF#0", _
    "DOMAIN\ACCOUNT", "NAME", "EMAIL", _
    "DOMAIN\ACCOUNT", "NAME", "EMAIL")

and yes "SITEDEF#0" is a perfectly valid site defintion.

Hopefully I have overcome this issue by using an Application Page which is available as an element on the Site Actions menu (to site admins only). Using impersonation I can succesfully instigate this process. There are some additional issues which I have highlighted in another question.

ORIGINAL QUESTION

I have a need to allow non farm administrators to be able to create site collections using a very specific site definition. These people will not have access to central admin and so require a custom solution to allow the creation of these. I have tried several solutions, but want some consensus on a recommended approach.

  1. Custom Web Service - I have written a custom web service to perform this task however this caused major headaches and even though the web service was running in an app pool using the same identity as the sharepoint app pool I could not get this to work. Also had form digest issues in trying to perform this v ia a web service.

  2. Web Part/Application Page - No form digest issues here as we are in the SharePoint context, however I have tried using RunWithElevatedPrivileges but I still get an access denied when calling SPWebbApplication.Sites.Add(), even though all SPSite and SPWeb pbjects are being instantiated inside the elevated code block. I have tried direct impersonation at the UI level and I get an UnhandledException saying that impersonation has failed.

  3. Application Wrapper Around stsadm - I have not attempted this yet as I am concerned about the viability of this approach, surely there is a cleaner way than this?

Some guidance on this would be useful as I cannot find much out there on this.

Thanks

A: 

I'd go with option number 1. It's probably an authorization issue. How are you accessing SharePoint? with the SDK or trough its web services?

amhed
All the code is via the WSS 3.0 API
Charlie
A: 

I'd go for number 2. That code should work, maybe the impersonation code is not correct? You can't use SPContext like you normally would for instance.

Also, you are elevating to the identity of the application pool of your SharePoint site. Does this account have sufficient rights to create Site Collections? You can check in Central Administration > Application Management > Policy for Web Application.

ArjanP