tags:

views:

69

answers:

1
Q: 

DoesUserHavePermissions returns false for "DOMAIN\domain users"

Very strange edge case that has me perplexed. I have a web service that returns a list of permissions for a list of site urls. To determine if a user has permissions to the site I use the following code.

[WebMethod]
        public GetSiteListPermissionsResponseCollection GetSiteListPermissions(string[] siteList)
        {
            GetSiteListPermissionsResponseCollection siteListReturn = new GetSiteListPermissionsResponseCollection();
            foreach (string key in siteList)
            {
                string escapedKey = Uri.EscapeUriString(key);
                if (Uri.IsWellFormedUriString(escapedKey, UriKind.Absolute))
                {
                    bool originalCatchValue = SPSecurity.CatchAccessDeniedException;
                    SPSecurity.CatchAccessDeniedException = false;
                    try
                    {
                        using (SPSite site = new SPSite(escapedKey, SPContext.Current.Site.SystemAccount.UserToken))
                        {
                            using (SPWeb web = site.OpenWeb())
                            {
                                siteListReturn.Add(new GetSiteListPermissionsResponse(key, web.DoesUserHavePermissions(SPContext.Current.Web.CurrentUser.LoginName, SPBasePermissions.Open).ToString()));
                            }
                        }
                    }
                    catch
                    {
                        siteListReturn.Add(new GetSiteListPermissionsResponse(key, false.ToString()));
                    }
                    finally
                    {
                        SPSecurity.CatchAccessDeniedException = originalCatchValue;
                    }
                }
            }
            return siteListReturn;
        }

This works fairly well but we ran into a very strange instance in which DoesUserHavePermissions returns False. If the "DOMAIN\domain users" is used to provide access then at ONE PARTICULAR SITE the reult is false. All other sites seem to work fine.

You can add the user directly and it instantly returns a true for access but for some reason this site and this one site only will not return a true response when "domain users" is used to provide access privledges.

Any clues?

A: 

Aside from the possibility of this being a local config issue, what I'd try is calling SPSite.RootWeb instead of SPSite.OpenWeb().

(Just a comment, have in mind that, depending on the length of siteList, this can be slow, generating many DB roundtrips.)

Ariel  2009-12-11 02:00:53
The string URL may contain a sub site so the OpenWeb needs to be used so that it returns the SPWeb that is used in the URL used to construct the SPSite.I'm not sure what config settings would cause one site to behave differently from the rest in terms of checking permissions but I'm open to suggestions.
webwires  2009-12-14 16:25:55

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?