3

我们正在运行 SharePoint 2010 场。我已从用户组中删除了对站点集合“提供者”的所有访问权限。“提供者”是用户登录的默认站点集合。我们有一个继承自“UnsecuredLayoutsPageBase”的自定义访问被拒绝页面,并且有一个包含 spwebpartmanager 的母版页。

<WebPartPages:SPWebPartManager ID="m" runat="Server" />

现在,当组中无权访问“Provider”的用户登录时,sharepoint 将重定向到 AccessDeniedPage。但是 SPWebPartManager (使用 .net 反射器检查)抛出 System.UnauthorizedAccessException:尝试执行未经授权的操作,因为登录的用户没有权限。

有没有办法以提升的权限运行 spwebpartmanager?除了 SPSecurity.RunWithElevatedPrivileges 块,我找不到任何东西,但它适用于用户代码。如何使 OTB 代码以提升的权限运行?任何帮助深表感谢。谢谢。

这是堆栈跟踪。

System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context)
   at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)
   at Microsoft.SharePoint.Library.SPRequest.OpenWeb(String bstrUrl, String& pbstrServerRelativeUrl, String& pbstrTitle, String& pbstrDescription, String& pbstrTitleResourceId, String& pbstrDescriptionResourceId, Guid& pguidID, String& pbstrRequestAccessEmail, UInt32& pwebVersion, Guid& pguidScopeId, UInt32& pnAuthorID, UInt32& pnLanguage, UInt32& pnLocale, UInt16& pnTimeZone, Boolean& bTime24, Int16& pnCollation, UInt32& pnCollationLCID, Int16& pnCalendarType, Int16& pnAdjustHijriDays, Int16& pnAltCalendarType, Boolean& pbShowWeeks, Int16& pnFirstWeekOfYear, UInt32& pnFirstDayOfWeek, Int16& pnWorkDays, Int16& pnWorkDayStartHour, Int16& pnWorkDayEndHour, Int16& pnMeetingCount, Int32& plFlags, Boolean& bConnectedToPortal, String& pbstrPortalUrl, String& pbstrPortalName, Int32& plWebTemplateId, Int16& pnProvisionConfig, String& pbstrDefaultTheme, String& pbstrDefaultThemeCSSUrl, String& pbstrThemedCssFolderUrl, String& pbstrAlternateCSSUrl, String& pbstrCustomizedCssFileList, String& pbstrCustomJSUrl, String& pbstrAlternateHeaderUrl, String& pbstrMasterUrl, String& pbstrCustomMasterUrl, String& pbstrSiteLogoUrl, String& pbstrSiteLogoDescription, Object& pvarUser, Boolean& pvarIsAuditor, UInt64& ppermMask, Boolean& bUserIsSiteAdmin, Boolean& bHasUniquePerm, Guid& pguidUserInfoListID, Guid& pguidUniqueNavParent, Int32& plSiteFlags, DateTime& pdtLastContentChange, DateTime& pdtLastSecurityChange, String& pbstrWelcomePage, Boolean& pbOverwriteMUICultures, Boolean& pbMUIEnabled, String& pbstrAlternateMUICultures, Int32& puiVersion, Int16& pnClientTag)
   at Microsoft.SharePoint.SPWeb.InitWeb()
   at Microsoft.SharePoint.SPWeb.get_WebTemplate()
   at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration()
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language)
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion)
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strKey, String strFile, Boolean localizable)
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
4

2 回答 2

0

我建议创建一个没有 Web 部件管理器的不同母版页。

于 2012-12-13T16:15:59.933 回答
0

我们在用户未登录时运行的基于表单的登录页面遇到了类似的问题。

为了解决这个问题,我们不得不将 @Page 指令从:

DynamicMasterPageFile="~masterurl/default.master"


MasterPageFile="~/_layouts/simple.master"

确定原因是一个相当大的挑战。必须PrcessRequest()用一个try/catch块覆盖,然后查看InnerException以获取导致问题的线索,因为/_login/OurLoginPage.aspx它隐藏在 403 错误下,并且仅在堆栈跟踪的深处,我们发现了您在上面谈到的问题。

于 2013-06-26T21:12:40.107 回答