Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

WebPart Security - SPRoleAssignment

  Asked By: Valencia    Date: Dec 13    Category: Sharepoint    Views: 2450

I'm having quite a hard time with security permissions for a webpart
that uses SPRoleAssignment. Any page the webpart is on gives a '403
Forbidden' error, unless browsing with the Admin account.

Steps I've taken to fix: (I know these are far from ideal attempts,
but this after I tried to rewrite a trust.config file )

1.) Set <trust level="Full" originUrl="" /> in the web.config
2.) Deployed the solution to the GAC

3.) I have also attempted to use the
SPSecurity.RunWithElevatedPrivileges as shown below:

SPWeb web = SPContext.Current.Web;
SPUser user = web.CurrentUser; // the calling user

// Uses the SHAREPOINT\system creds with the SPUser's
identity reference of user
// Gets a new security context using SHAREPOINT\system
using (SPSite site = new
using (SPWeb thisWeb = site.OpenWeb())
thisWeb.AllowUnsafeUpdates = true;
SPFolder folder = web.GetFolder(foldername);
SPListItem itemFolder = folder.Item;
SPRoleAssignmentCollection perms =

foreach (SPRoleAssignment perm in perms)

Obviously none of these attempts have made a change at all, what am I
missing?!?!? I mean Full Trust Level, running from GAC even...



3 Answers Found

Answer #1    Answered By: Richa Verma     Answered On: Dec 13

First, there is no reason to set trust  level to Full and put the
assembly in the GAC. All assemblies in the GAC run at full trust no
matter what the trust level is ste to. But that's only to fix  a problem
with the code violating code access security. I don't think that's the
problem for you or the webpart  wouldn't run under the admin  account.

I think the problem is that your code is impersonating the logged in
user (as it should), but only the administrator has authority to do what
your code is doing. Running some of your code with elevated privileges
should fix that, but it doesn't look from the code below like you are
using it correctly. Here's a simple code example of how to use

// Main code of webpart

//Declare a delegate to the DoSomething method that will

//run under the Application Pool Identify context

SPSecurity.CodeToRunElevated codeToRun =

new SPSecurity.CodeToRunElevated(DoSomething);

//Invoke the delegate you declared above to Run with elevated


protected void DoSomething()


//Perform actions that may require elevated privileges


This still may not work if the App Pool Identity account  doesn't have
the SharePoint permissions  required. But in the code below I didn't see
you putting the problem code in a subroutine that is invoked using the
delegate declared by CodeToRunElevated.

Answer #2    Answered By: Corrine Potts     Answered On: Dec 13

And I have it
all working except I'm wondering how it's possible to use
HTMLTextwriter inside the protect void SecureCode() context. Or if
there's a simple workaround I'm unaware of, being new to this.

Example Code:
protected override void RenderContents(HtmlTextWriter writer)
SPSecurity.CodeToRunElevated codeToRun = new


protected void SecureCode()

using (SPWeb site  = SPContext.Current.Web)
//All Other Code..

//Return Results



-Obviously when I do this, it states "The name 'writer' doesn't exist
in current  context."
But I'm not sure how I can either have .writer assigned in the
SecureCode() or just pass the results back to RenderContents() to
write from there.

I apologize for my ignorance - I try and search all over before I ask
these stupid questions but had no luck.

Answer #3    Answered By: Kabeer Karkare     Answered On: Dec 13

The code to run Elevated always uses a delegate that has a void return
and passes no parameters. So you would need to do something like this

Declare a global field of type System.Web.UI.HtmlTextWriter

Set that equal to the HTMLtextwriter passed to the RenderContents method

Call the method with elevated priveledges inside the RenderContents

Didn't find what you were looking for? Find more on WebPart Security - SPRoleAssignment Or get search suggestion and latest updates.