Microsoft SharePoint Development Discussions
 
SPWebCollection
(1)
SPContext
(1)
SPSite
(1)
SPSecurity
(1)
SPWeb
(1)
SPS
(1)
IIS
(1)
SharePoint
(1)

Anonymous Access and Sharepoint Objects

Asked By Willia
27-Mar-07 06:00 PM
Reply
Hi All

I'm having a problem granting access to a web part to read the Sharepoint
objects. What I've done to initially create the environment:

1.Create a new Web Application and name it Intranet and put it on a port
other than 80 – say 6666. Set NTLM, no Anonymous Access and do not use SSL.
Also, configure the App Pool to run under a specific domain account and use
Windows Authentication for DB access. OK to create it
2.Do an IISRESET /NOFORCE
3.Extend the new web application and create a new IIS website. Call it
Internet and change the port to 80. Set it’s host header (e.g.
www.internettest.com ). Set NTLM, Yes to Anonymous Access and do not use SSL.
Change the zone to Internet and OK to create.
4.Do an IISRESET /NOFORCE
5.Create a new Site Collection on the Intranet:6666 web application and use
the Collaboration/Blank Site template
6.Do an IISRESET /NOFORCE
7.Setup the host headers in the hosts file
8.Open the internet site. It should open using the system account. This is
OK as we haven’t allowed the anon access user to do anything yet. Open People
and Groups and select Site Permissions. Under Settings select Manage
Anonymous Access and then give permission to see All and OK.
9.In Central Admin open the Authentication Providers and the Internet Zone
and switch off the Windows Authentication.
10.Do an IISRESET /NOFORCE

I have a webpart that reads the top level site's subsites and lists them. I
build it and drop the dll in the bin directories for my intranet and internet
sites and I add it to the SafeControls list in both sites' web.config files
and I grant WSS_Meduim trust level on both sites. I get 401 errors on the
anon access site when I try to do:

SPSite site = new SPSite(SPContext.Current.Site.ID);
SPWeb web2 = site.OpenWeb();
SPWebCollection webs = web2.Webs;

//error on next line
int _count = webs.Count;

If I comment out all the code in the web part and add the following two lines:

output.Write(this.Context.User.Identity.Name + "<br>");
output.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);

and run the site in Windows Authentication mode i get

(as expected)

returned. However, on the internet site i get:


this.Context.User.Identity.Name is an empty string and different from the
AnonAccess account that's been setup in ISS

Has anyone else tried/had trouble accessing the SPS objects while in Anon
Access - am I missing web.config settings or do I need to use
SPSecurity.RunWithElevatedPrivileges to get at them?

Thanks in advance for any help
William

William,You definitly do not have to run with elevated privileges.

Asked By VincentRothwel
27-Mar-07 06:56 PM
Reply
William,

You definitly do not have to run with elevated privileges.

A few things to try/check really...

Is the IUSR_ or other Anonymous account you are using a member of the
Visitors group in SharePoint?

Is there a reason why you are creating a new SPSite? Could you try using
SPContext.Current.Web.Webs to get the SPWebCollection?

It would also be worth checking to see if there any errors using SQL
trace...there could be a permission problem there.

Have you changes anything using IIS Admin or have you done everything
through SharePoint?

Is this a standard OOB publishing site?

Vince

--
http://blog.thekid.me.uk

Anonymous Access and Sharepoint Objects

Asked By Willia
29-Mar-07 06:36 AM
Reply
Hi Vince

Thanks for your suggestions:

I hadn't got the IUSR_ account setup with visitor rights so I did that

I changed back to SPContext.Current.Web.Webs - I was only using the other
method in the example as I'd changed the code so that I could surround it
with the RunWithElevatedPriviledges call

I hadn't changed anything in IIS - I made all changes via the Sharepoint
interfaces

The site I was using had been created with the Blank Site templates,
however, I've also tried it with the Publishing and Collaboration site
templates

I checked SQL server trace but don't see anything obvious

After all this I'm still getting the same issue. I've opened a call with MS
support so I'll post up what they find - I'm hoping it's something stupid
that I'm missing

William

According to MS, some API function calls need to be run at a higher level of

Asked By Willia
03-Apr-07 09:56 AM
Reply
According to MS, some API function calls need to be run at a higher level of
priviledges and they're saying that webs.Count is one of them (the list isn't
documented). We tried impersonating another user but that only set the
Windows context and not the MOSS user context which remained blank. In the
end they said to use RunWithElevatedPriviledges

My guess is that the code is treated differently because it's in a web part
and not directly on a template. I haven't tried that yet

William
Previous Discussion:  WebForm posting to Sharepoint list
Post Question To EggHeadCafe