我们正在运行SharePoint 2010服务器场。我已从用户组中删除了对sitecollection“Provider”的所有访问权限。 “Provider”是用户登录的默认sitecollection。 我们有一个自定义访问被拒绝页面,它继承自“UnsecuredLayoutsPageBase”,并且有一个包含spwebpartmanager的母版页。
<WebPartPages:SPWebPartManager ID="m" runat="Server" />
现在当来自无权访问“提供者”的组的用户登录时,sharepoint会重定向到AccessDeniedPage。但是SPWebPartManager(使用.net反射器检查)会抛出System.UnauthorizedAccessException:尝试执行未经授权的操作,因为登录的用户没有权限。
有没有办法运行具有提升权限的spwebpartmanager?除了SPSecurity.RunWithElevatedPrivileges块之外,我找不到任何东西,但这适用于用户代码。如何使用提升的权限运行OTB代码?任何帮助深表感谢。感谢。
这是堆栈跟踪。
System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context)
at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)
at Microsoft.SharePoint.Library.SPRequest.OpenWeb(String bstrUrl, String& pbstrServerRelativeUrl, String& pbstrTitle, String& pbstrDescription, String& pbstrTitleResourceId, String& pbstrDescriptionResourceId, Guid& pguidID, String& pbstrRequestAccessEmail, UInt32& pwebVersion, Guid& pguidScopeId, UInt32& pnAuthorID, UInt32& pnLanguage, UInt32& pnLocale, UInt16& pnTimeZone, Boolean& bTime24, Int16& pnCollation, UInt32& pnCollationLCID, Int16& pnCalendarType, Int16& pnAdjustHijriDays, Int16& pnAltCalendarType, Boolean& pbShowWeeks, Int16& pnFirstWeekOfYear, UInt32& pnFirstDayOfWeek, Int16& pnWorkDays, Int16& pnWorkDayStartHour, Int16& pnWorkDayEndHour, Int16& pnMeetingCount, Int32& plFlags, Boolean& bConnectedToPortal, String& pbstrPortalUrl, String& pbstrPortalName, Int32& plWebTemplateId, Int16& pnProvisionConfig, String& pbstrDefaultTheme, String& pbstrDefaultThemeCSSUrl, String& pbstrThemedCssFolderUrl, String& pbstrAlternateCSSUrl, String& pbstrCustomizedCssFileList, String& pbstrCustomJSUrl, String& pbstrAlternateHeaderUrl, String& pbstrMasterUrl, String& pbstrCustomMasterUrl, String& pbstrSiteLogoUrl, String& pbstrSiteLogoDescription, Object& pvarUser, Boolean& pvarIsAuditor, UInt64& ppermMask, Boolean& bUserIsSiteAdmin, Boolean& bHasUniquePerm, Guid& pguidUserInfoListID, Guid& pguidUniqueNavParent, Int32& plSiteFlags, DateTime& pdtLastContentChange, DateTime& pdtLastSecurityChange, String& pbstrWelcomePage, Boolean& pbOverwriteMUICultures, Boolean& pbMUIEnabled, String& pbstrAlternateMUICultures, Int32& puiVersion, Int16& pnClientTag)
at Microsoft.SharePoint.SPWeb.InitWeb()
at Microsoft.SharePoint.SPWeb.get_WebTemplate()
at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration()
at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
答案 0 :(得分:0)
我建议创建一个不包含Web部件管理器的不同母版页。
答案 1 :(得分:0)
我们遇到类似的问题,基于表单的登录页面在用户未登录时运行。
要解决此问题,我们必须从:
切换@Page指令DynamicMasterPageFile="~masterurl/default.master"
到
MasterPageFile="~/_layouts/simple.master"
确定原因是一个相当大的挑战;必须使用PrcessRequest()块覆盖try/catch,然后查看InnerException以了解造成问题的原因,因为在/_login/OurLoginPage.aspx中它隐藏在403错误之下只有在堆栈跟踪内部,我们才发现您在上面讨论的问题。