SPSecurity.RunWithElevatedPrivileges and Access Denied error on event receiver

April 2nd, 2009 | Categories: C#, Programming, SharePoint

After looksing half a day for a st00pid mistake I have to write about this to warn anyone that might run into similar problem.

In VS I’ve prepared a custom event receiver which needed to be run as system account (for performing actions that the user running the event receiver doesn’t have – like setting permissions, creating subwebs,…)

So my code began with something lilke that:

public override void ItemUpdated(SPItemEventProperties properties)
        {
            base.ItemUpdated(properties);
            _properties = properties;

            //povišamo pravice na sistemski račun in zaženemo private metodo
            SPSecurity.RunWithElevatedPrivileges(doSomethingWithThis);
        }

        private void doSomethingWithThis()
        {

            SPSite site = new SPSite(_properties.SiteId);
            SPWeb web = site.OpenWeb(_properties.RelativeWebUrl);
            SPListItem item = web.Lists[_properties.ListItem]

after running it and tracing the error I’ve always received “Access denied” error. How come, if I’m running the code with elevated privileges. Do I need even a higher privilege?

After countless attempts to impersonate an administrator or app pool account (I’m still a rookie at this), I’ve discovered that the SPItemEventProperties are instantiated with privileges of user that triggered the event receiver. The error was in my last line (of the example above) — _properties.ListItem still holds the rights of the original user. so fixed my code to

public override void ItemUpdated(SPItemEventProperties properties)
        {
            base.ItemUpdated(properties);
            _properties = properties;

            //povišamo pravice na sistemski račun in zaženemo private metodo
            SPSecurity.RunWithElevatedPrivileges(ustvariPonudbaSubsite);
        }

        private void ustvariPonudbaSubsite()
        {

            SPSite site = new SPSite(_properties.SiteId);
            SPWeb web = site.OpenWeb(_properties.RelativeWebUrl);
            SPListItem item = web.Lists[_properties.ListId].GetItemById(_properties.ListItem.ID);

With that change I’ve open the SPListItem object as system account and magically everything started working as it should! The same goes for site and web object. If you need to run actions with elevated privileges on SPSite and SPWeb object use

new SPSite(_properties.SiteId);
and
site.OpenWeb(_properties.RelativeWebUrl)

instead of

_properties.web
and
web.site;

  1. September 9th, 2009 at 18:53
    Reply | Quote | #1

    Thanks, Boris! This saved me a lot of time today.

  2. Boris Gomiunik
    September 15th, 2009 at 23:23
    Reply | Quote | #2

    Glad you found it useful :)

  3. phil shisbey
    April 12th, 2010 at 20:01
    Reply | Quote | #3

    You’re a genius. Thanks!

  4. KevinHou
    May 21st, 2010 at 22:27
    Reply | Quote | #4

    Awesome! Worked like a champ. How did you discover this? Was this documented somewhere.

  5. June 9th, 2010 at 22:40
    Reply | Quote | #5

    Thank you!
    wish i would have found this post 8 hours ago…

  6. gözde
    August 4th, 2010 at 10:46
    Reply | Quote | #6

    thank you very much!..It solved my problem.

  7. Bob Smith
    September 14th, 2010 at 13:34
    Reply | Quote | #7

    Your my hero. Thanks

  8. Venkatesh
    September 22nd, 2010 at 10:17
    Reply | Quote | #8

    Hi,
    I tried this:
    public override void ItemAdded(SPItemEventProperties properties)
    {
    base.ItemAdded(properties);
    _properties = properties;
    SPSecurity.RunWithElevatedPrivileges(FunctionName);
    }

    I am getting _properties does not exist.

    • Boris Gomiunik
      November 17th, 2010 at 21:08
      Reply | Quote | #9

      You have to declare a private _properties variable – before the public override void … add the
      private SPItemEventProperties _properties;

  9. January 14th, 2011 at 09:49

    I’m having the same issue on Sharepoint 2010 and this solution doesn’t work for it. Any ideas?

  10. January 25th, 2011 at 18:16

    Your my hero. Thanks :)

  11. Siva
    May 21st, 2011 at 00:45

    Thank you very Much It really saved me lot of time. You are Genius