I am trying to get the membership of a group in WSS 3.0. I am doing this in an elevated permissions block. Here is the code:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Site.ID))
{
using (SPWeb rootWeb = site.RootWeb)
{
SPGroup gAdmins = rootWeb.SiteGroups["Admins"];
}
}
});
I get taken to the "access denied" SharePoint screen when I run this code. The group exists. The identity of the application pool for the web application is in the dbo role in the content database. The code works on my development server, but not on another server, which leads me to believe there is something wrong with the permissions or configuration on this server, maybe something in dcomcnfg?
Here are some lines from the SharePoint log that seem to be related:
PermissionMask check failed. asking for 0x08000000, have 0x00000000 Unknown SPRequest error occurred. More information: 0x80070005 Access Denied for /Pages/UserAdmin.aspx. StackTrace: Microsoft.SharePoint.Utilities.SPUtility:Void HandleAccessDenied(System.Exception), Microsoft.SharePoint.SPGlobal:Void HandleUnauthorizedAccessException(System.UnauthorizedAccessException), ....
[UserAdmin.aspx hosts my custom web part containing the code]
It looks like this was happening because I was running in elevated privileges. This is a non-extended FBA site, which means that domain accounts do not and cannot have any access to it. When you run in elevated privileges, you run as the app pool identity, which is typically a domain account. WSS then throws an error because you have suddenly switched from a FBA user to a domain user who has no access to the site.
If you extend the site to use Windows Authentication in addition to FBA, you can grant access to the site to the domain user and it should work.