尝试读取有关 SharePoint 组的信息时访问被拒绝
我正在尝试获得 WSS 3.0 中某个组的成员资格。我正在提升的权限块中执行此操作。下面是代码:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Site.ID))
{
using (SPWeb rootWeb = site.RootWeb)
{
SPGroup gAdmins = rootWeb.SiteGroups["Admins"];
}
}
});
当我运行此代码时,我进入“访问被拒绝”SharePoint 屏幕。 该团体存在。 Web 应用程序的应用程序池的标识位于内容数据库中的 dbo 角色中。 该代码可以在我的开发服务器上运行,但不能在另一台服务器上运行,这使我相信该服务器上的权限或配置有问题,也许是 dcomcnfg 中的问题?
以下是 SharePoint 日志中似乎相关的一些行:
PermissionMask check failed. asking for 0x08000000, have 0x00000000 Unknown SPRequest error occurred. More information: 0x80070005 Access Denied for /Pages/UserAdmin.aspx. StackTrace: Microsoft.SharePoint.Utilities.SPUtility:Void HandleAccessDenied(System.Exception), Microsoft.SharePoint.SPGlobal:Void HandleUnauthorizedAccessException(System.UnauthorizedAccessException), ....
[UserAdmin.aspx 托管包含代码的自定义 Web 部件]
I am trying to get the membership of a group in WSS 3.0. I am doing this in an elevated permissions block. Here is the code:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Site.ID))
{
using (SPWeb rootWeb = site.RootWeb)
{
SPGroup gAdmins = rootWeb.SiteGroups["Admins"];
}
}
});
I get taken to the "access denied" SharePoint screen when I run this code.
The group exists. The identity of the application pool for the web application is in the dbo role in the content database.
The code works on my development server, but not on another server, which leads me to believe there is something wrong with the permissions or configuration on this server, maybe something in dcomcnfg?
Here are some lines from the SharePoint log that seem to be related:
PermissionMask check failed. asking for 0x08000000, have 0x00000000 Unknown SPRequest error occurred. More information: 0x80070005 Access Denied for /Pages/UserAdmin.aspx. StackTrace: Microsoft.SharePoint.Utilities.SPUtility:Void HandleAccessDenied(System.Exception), Microsoft.SharePoint.SPGlobal:Void HandleUnauthorizedAccessException(System.UnauthorizedAccessException), ....
[UserAdmin.aspx hosts my custom web part containing the code]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这行代码中的问题“SPSite site = new SPSite(SPContext.Current.Site.ID)”获取 RWEP 范围之外的 Site.ID,然后通过传递该 ID 创建 SPSite 对象。问题是因为 SPContext.Current 是针对实际用户的,如果您尝试在 RWEP 下访问它,可能会给您带来问题或意外错误。
The problem in this line of your code "SPSite site = new SPSite(SPContext.Current.Site.ID)" Get the Site.ID outside the RWEP scope and then create the SPSite object by passing that ID. The problem is because SPContext.Current is for the actual user and if you try to access that under RWEP it may give you problems or unexpected errors.
看起来发生这种情况是因为我以提升的权限运行。这是一个非扩展的 FBA 站点,这意味着域帐户没有也不能对其进行任何访问。当您以提升的权限运行时,您将以应用程序池身份运行,该身份通常是域帐户。然后,WSS 会抛出错误,因为您突然从 FBA 用户切换到无权访问该站点的域用户。
如果您将站点扩展为除了 FBA 之外还使用 Windows 身份验证,则可以向域用户授予对该站点的访问权限,并且它应该可以工作。
It looks like this was happening because I was running in elevated privileges. This is a non-extended FBA site, which means that domain accounts do not and cannot have any access to it. When you run in elevated privileges, you run as the app pool identity, which is typically a domain account. WSS then throws an error because you have suddenly switched from a FBA user to a domain user who has no access to the site.
If you extend the site to use Windows Authentication in addition to FBA, you can grant access to the site to the domain user and it should work.