tags:

views:

454

answers:

3
Q: 

Site members/visitors get access denied error page because of webpart.

Hello.

I`v developed custom webpart. I can add it to page and site owners can view page with no problems.

However Site visitors/users get redirected to access denied error page. Sure, I must be doing some stuff normal users are not allowed to.

But the thing that bugs me is that when I place breakpoint in webpart constructor or even variable declaration it won't get hit! (If i try to view page with limited privileges). But in my browser, I get the access denied page. However, if I close that webpart, I instantly have access to that page and everything is OK.

What's the catch here? I was hoping I could catch exception with debugger to see which statement is guilty one, but it seems webpart doesn't execute any code and I get that exception.

Edit: Sorry, turns out debugger now hits those breakpoints. Don't know what changed, because symbols were loaded.

A: 

Have you tried to chek the sharepoint logs? that can give you(us) more information about this beavihour.

RCardoso  2009-11-03 13:18:04
I`ll get back in a moment and post those logs.
Janis Veinbergs  2009-11-04 07:21:34
Ok, i checked logs and nothing to post here - no problems.However i said that debugger won't step in - i don't know what was wrong, because now debugger steps in the code and i was able to solve this problem.
Janis Veinbergs  2009-11-06 11:32:27
+2  A: 

What is the trust level at your Sharepoint site ? You might want to give Fulltrust temporarily to see if you have any access problems.

If yes, then you might have a Code Access Security (CAS) problem on your hands. My first instinct is that your assembly does not have neccessary privilages to run correctly for normal users. You can configure it using custom CAS entry in the manifest.xml for the webpart, e.g. if you are calling external resources then you might have to configure System.New.WebPermission and define which url you are allowed to access. You can find more info on this at the U2U site.

Also what does your webpart do ? If you are trying to access resources which normal users don't have access to (e.g. a list in some site) then you have to use the SPSecurity.RunWithElevatedPrivilages method, so that you have the neccessary privilages (be careful to create new Site instance within that method so that the Context populates correctly).

armannvg  2009-11-03 15:04:40
A: 

Found the solution.

Turns out that i wanned to determine if user belongs to a specific group by trying to access that group users. As this was impossible if a user doesn't have such a permissions, it was throwing some kind of internal exception with message

"Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack."

Anyways, i now learned to loop through SPUser.Groups (SPGroupCollection) and check if we have a matching group rather than enumerating group principals and seeing if he's inside.

Janis Veinbergs  2009-11-06 11:39:32

related questions

Can't copy file with appropriate permissions using FileIOPermission
GetProcessesByName() and Windows Server 2003 scheduled task
Starting a process in C# with username & password throws "Access is Denied" exception
How do you set directory permissions in NSIS?
PHP: How to check if a directory is writeable?
Sharepoint Item Level Access & performance
sudo echo "something" >> /etc/privilegedFile doesn't work... is there an alternative?
What is the best way to create a security architecture?
Hierarchical Group Permissions Theory/Resources?
Why is access denied when installing SSL cert on IIS 5?
What databases do I have permissions on
Can an iPhone App Be Run as Root?
SQLite/PHP read-only?
Multiple permission types (roles) stored in database as single decimal
SharePoint Permissions
CakePHP ACL Database Setup: ARO / ACO structure?
LINQ and Database Permissions
What's the best way to implement a SQL script that will grant select, references, insert, update, and delete permissions to a database role on all the user tables in a database?
php scripts writing to non-world-writable files
How do I detect if a function is available during JNLP execution?
Implementing permissions in PHP
Access Control Lists & Access Control Objects, good tutorial?
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
Where should I put my log file for an asp.net application?
What is the best way to handle multiple permission types?