tags:

views:

64

answers:

1
Q: 

Strange behavoir of RunWithElevatedPrivileges in Console Aplication with FBA

Hi 1. I have a named site collection where FBA is on und i use ActiveDirectoryMembershipProvider. 2. We have a farm administrator domain\administrator. He is not explicitly sitecollection administrator.

I created a sample console application that I run under the domain\administrator account. In the code is something like that:

                    using (SPSite site = new SPSite(serverUrl))
                    {
                        using (SPWeb web = site.OpenWeb())
                        {
                            Console.WriteLine(web.CurrentUser.LoginName);
                            Console.WriteLine(WindowsIdentity.GetCurrent().Name);
                            string userName = "domain\\testuser";
                            SPUser spUser = web.EnsureUser(userName);
                            SPGroup group = web.SiteGroups["GroupName"];
                            group.AddUser(spUser);
                            group.Update();
                        }
                    }

The console output is domain\administrator however I become an AccessDenied exception when I try to add user to the group. However when I run this with RunWithElevetadPrivileges (which according to all posts I read should have no influence in console app) and set AllowUnsafeUpdates = true (the same story) the code goes smoothly through, no exception thrown and the user is added to the group. The interesting thing is that the user that is written to the console output is still domain\administrator.

So my question is: WTF? Is there a better way? Why is this happenning? Has anyone already had this problem? Should I use another membershipprovider?

Small hint: When the FBA is off I become no exceptions.

A: 

RunWithElevatedPrivileges runs code with permissions of user that the application pool runs. It can be other than Administrator. Are you sure you get the same result with RunWithElevatedPrivileges?

Anyway, a better, more reliable way of elevating privileges is to pass system users User token in SPSite constructor. Try it.

Janis Veinbergs  2010-04-29 12:17:10
Thanks for the tip. It really makes the code more clear. I have double checked the test application and yes it always returns domain\administrator as the current user. I would expect that the current user will be the apppool user and then it would work or that it remains domain\administrator and in this case it should be no difference between a runwithprivileges and a standard call.
Vojtech Nadvornik  2010-04-30 08:29:00

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?