401 UNAUTHORIZED in SharePoint 2007

Question

Hi,

I've created a web part that gathers information from a Document Library. It works well under the "admin" web application (we have two web apps: admin site for non-anonymous users; www site for anonymous users. These two sites share the same content).

When I open www site, it shows the empty Web Part when it's not reference to the Document Library. However when it's linked to the document library, it shows 401 UNAUTHORIZED. The same document library can be successfully querried by CQWP from both admin and www sites.

Any help?

Thanks.

Answer 1

Solved.

It seemed the SPWeb object enumlated from SPSite object siteCollection's property AllWebs performs security check for every web object.

If the user don't have permission with a particular web object then it throws an error in the upper level which result an 401 page.

Using elevated privileges solved the problem.

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    foreach (SPWeb s in siteCollection.AllWebs)
    {...}
});

MSDN article: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges.aspx

Answer 2

Be careful running with elevated privileges. SharePoint knows who is making a request and can adjust results based on the privileges of that user. Running with elevated privileges can return results not intended for that person.