Reset page library permission for anonymouse user in SharePoint

Question

In the Site Collection level there is a Page library, which has been created along with the whole site. I didn't touch it for long time until recently I added new content types, modified some page layouts and master pages using a solution file. When accessing the home page using the site configured for anonymouse user it failed with "401 UNAUTHORIZED" error on the web page. I noticed the URL was /_layouts/AccessDenied.aspx?Source=...&Type=list&name={...} Then I copy this string to the site for authenticated user, it appears as "Error: Access Denied". I also checked the guid of name={...}. It's the page library list ID.

It seemed the page library permission is not correctly set. However the other page libraries of sub sites are all working well under anonymous user, using the same new content type, master page and page layouts. Their permission are identical on the settings page (all inherit from parent) and all have "allow anonymous" enabled.

I also tried create pages with other page layouts in that page library, clean up content types, all didn't help.

Answer 1

It's not the permission issue of the page library, rather it is related to the code I modified. SPContext.Current.Site.RootWeb is the the refernce by anonymous user. That user do not have privilege to access root folder. I assumed that SPContext.Current.Site.RootWeb.RootFolder.WelcomePage would work with elevated privilege, but after some reading I realized it's not elevate the privilege as I thought. Here's an explanation.

    bool rtn = false;               
    SPWeb rootWeb = SPContext.Current.Site.RootWeb;
    SPSecurity.RunWithElevatedPrivileges(delegate()
    {
        using (SPSite site = new SPSite(rootWeb.Site.Url))
        {
            using (SPWeb web = site.OpenWeb())
            {
                rtn = web.Url + "/" + web.RootFolder.WelcomePage
                      == this.Page.Request.Url.AbsoluteUri;
            }
        }
    });
    return rtn;