views:

543

answers:

1

We have a SharePoint application where we want the user to be able to modify the web.config by activating a feature. The application is extended, so we have an AD based web application and another that uses Forms Based authentication (FBA), with the FBA application being the "main" user application.

We use the SPWebConfigModification class (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.administration.spwebconfigmodification.aspx) to write to the web.config for settings we need for the activated feature.

This works great on the AD based side of things. However, when we try and run this on the FBA based web app, we get an error because the site collection administrator for the FBA site, does not have any access to modify the web.config on the server. Given that they are a FBA user, we can not give them rights on the server either.

Has anyone run into this? Does anyone have any work arounds. I assume I could try and have the application to update the web.conifg run via the command line, but I would really like it be done by the user when they activate the feature. I could also try and loosen security rights on the web.config, but that is a bad path to start down.

Thanks! John

A: 

An alternative would be to write a component which does it. This could be trigged by activating a feature, or updating a webpart.

This would mean you don't need to loosen security, or do it via the command line.

Bravax
Wouldn't the component run in the context of the user still when I get a reference to SPWeb? I am not sure if there is a way to run with elevated privilieges for the file access to the web.config
John Ptacek
Something like this: http://boris.gomiunik.net/2009/04/spsecurityrunwithelevatedprivileges-and-access-denied-error-on-event-receiver/Although this might work directly.
Bravax
I mean using SPSecurity.RunWithElevatedPrivileges might work in your current code.
Bravax
I will have to give that a try. Thanks
John Ptacek