SPSecurity.RunWithElevatedPrivileges and Access Denied error on event receiver
After looksing half a day for a st00pid mistake I have to write about this to warn anyone that might run into similar problem.
In VS I’ve prepared a custom event receiver which needed to be run as system account (for performing actions that the user running the event receiver doesn’t have – like setting permissions, creating subwebs,…)
So my code began with something lilke that:
…
public override void ItemUpdated(SPItemEventProperties properties)
{
base.ItemUpdated(properties);
_properties = properties;
//povišamo pravice na sistemski račun in zaženemo private metodo
SPSecurity.RunWithElevatedPrivileges(doSomethingWithThis);
}
private void doSomethingWithThis()
{
SPSite site = new SPSite(_properties.SiteId);
SPWeb web = site.OpenWeb(_properties.RelativeWebUrl);
SPListItem item = web.Lists[_properties.ListItem]
…
after running it and tracing the error I’ve always received “Access denied” error. How come, if I’m running the code with elevated privileges. Do I need even a higher privilege?
After countless attempts to impersonate an administrator or app pool account (I’m still a rookie at this), I’ve discovered that the SPItemEventProperties are instantiated with privileges of user that triggered the event receiver. The error was in my last line (of the example above) — _properties.ListItem still holds the rights of the original user. so fixed my code to
…
public override void ItemUpdated(SPItemEventProperties properties)
{
base.ItemUpdated(properties);
_properties = properties;
//povišamo pravice na sistemski račun in zaženemo private metodo
SPSecurity.RunWithElevatedPrivileges(ustvariPonudbaSubsite);
}
private void ustvariPonudbaSubsite()
{
SPSite site = new SPSite(_properties.SiteId);
SPWeb web = site.OpenWeb(_properties.RelativeWebUrl);
SPListItem item = web.Lists[_properties.ListId].GetItemById(_properties.ListItem.ID);
…
With that change I’ve open the SPListItem object as system account and magically everything started working as it should! The same goes for site and web object. If you need to run actions with elevated privileges on SPSite and SPWeb object use
new SPSite(_properties.SiteId);
and
site.OpenWeb(_properties.RelativeWebUrl)
instead of
_properties.web
and
web.site;
Thanks, Boris! This saved me a lot of time today.
Glad you found it useful
You’re a genius. Thanks!
Awesome! Worked like a champ. How did you discover this? Was this documented somewhere.
Thank you!
wish i would have found this post 8 hours ago…
thank you very much!..It solved my problem.
Your my hero. Thanks
Hi,
I tried this:
public override void ItemAdded(SPItemEventProperties properties)
{
base.ItemAdded(properties);
_properties = properties;
SPSecurity.RunWithElevatedPrivileges(FunctionName);
}
I am getting _properties does not exist.
You have to declare a private _properties variable – before the public override void … add the
private SPItemEventProperties _properties;I’m having the same issue on Sharepoint 2010 and this solution doesn’t work for it. Any ideas?
Your my hero. Thanks
Thank you very Much It really saved me lot of time. You are Genius