I have a web part that accesses an SP object model packaged in an assembly that is signed and deployed to the GAC. Web.config is configured to trust Full, and yet my web part throws away SecurityException. Offensive lines of code:
SPSecurity.RunWithElevatedPrivileges(new SPSecurity.CodeToRunElevated(() =>
{
foreach (SPGroup g in user.Groups)
{
identity += String.Format(",'{0}'", g.Name.ToLowerInvariant().Replace(@"\", @"\\"));
}
}));
It seems like an exception is thrown when called RunWithElevatedPrivileges(in other words, my delegate fails at all). Any ideas? At the moment I'm completely baffled.
update : this is what the code looked like before I wrapped it in the RunWithElevatedPrivileges method:
public MyWebPart()
{
context = new MyProject.Data.MyDataContext(ConfigurationManager.ConnectionStrings["MyDB"].ConnectionString);
SPUser user = SPContext.Current.Web.CurrentUser;
identity = String.Format("'{0}'", user.LoginName.ToLowerInvariant().Replace(@"\", @"\\"));
foreach (SPGroup g in user.Groups)
{
identity += String.Format(",'{0}'", g.Name.ToLowerInvariant().Replace(@"\", @"\\"));
}
identity = '[' + identity + ']';
}
And an exception:
System.Security.SecurityException occurred
Message="Request failed."
Source="Microsoft.SharePoint"
StackTrace:
at Microsoft.SharePoint.SPBaseCollection.System.Collections.IEnumerable.GetEnumerator()
at MyProject.MyWebPart..ctor()
InnerException:
Based on the allocation granted exceptions assistant, looks like an attempt to access the property SPUser.Groups is a problem user.Groups.
, , , . , - , . RunWithElevatedPrivileges, , , , , SP oject, , RunWithElevatedPrivileges.
update2. , , , -. , ; , , . , . : - -, .
-, , " 3 ", , - , . - , . , - , . , "" , , .
, , , - .