我有一个SPUser,它是网站集管理员并包含在Owners组中,并且我在获取文档库时获得访问被拒绝错误,因为知道该库通过从站点本身继承来获取其权限。最烦人的部分是当我用这个用户登录网站时,我可以打开库并下载它的文件。
主要问题发生在使用与网站相同的AppPool的自定义Web Api中。我也尝试在控制台应用程序中测试该案例,我面临相同的结果。注意我正在使用网站AppPool的相同用户登录服务器,因此控制台应用程序运行系统帐户,这意味着runwithelevated工作,无论如何错误发生在GetList上,如下面评论代码中所述
以下是控制台应用代码示例:
var ListName = "Documents";
SPUserToken userToken = null;
//Getting the userToken to impersonate it
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SiteURL))
{
using (SPWeb web = site.OpenWeb())
{
web.AllowUnsafeUpdates = true;
site.CatchAccessDeniedException = false;
userToken = web.GetUserToken("mydomain\\myusername");
site.CatchAccessDeniedException = true;
web.AllowUnsafeUpdates = false;
}
}
});
//Accessing the site with this user so he just see what he should see
using (SPSite site = new SPSite(SiteURL, userToken))
{
using (SPWeb web = site.OpenWeb())
{
web.AllowUnsafeUpdates = true;
SPList list = web.GetList(ListName);//Here is the error
var items = list.GetItems();
web.AllowUnsafeUpdates = false;
}
}
错误是:
An unhandled exception of type 'System.UnauthorizedAccessException' occurred in Microsoft.SharePoint.dll
Additional information: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
堆栈跟踪
at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex)
at Microsoft.SharePoint.Library.SPRequest.GetMetadataForUrl(String bstrUrl, Int32 METADATAFLAGS, Guid& pgListId, Int32& plItemId, Int32& plType, Object& pvarFileOrFolder)
at Microsoft.SharePoint.SPWeb.GetList(String strUrl)
at SPTest.TestCls.GetUserContent(String SiteURL) in c:\Projects\SPTest\SPTest\SPTest\TestCls.cs:line 1155