使用系统帐户执行SPWebApplication.Update会引发SecurityException [英] Executing SPWebApplication.Update with System account throws SecurityException

问题描述

我正在使用SPWebConfigModification类对web.config进行一些修改.将它们添加到WebApplication并调用Update时，尽管

I`m doing some web.config modifications with SPWebConfigModification class. When adding them to WebApplication and calling Update to it, it throws me SecurityException, although

• 我以特权较高的身份运行代码 (并打开SPSite的新实例)
• 我的程序集在GAC中
• 应用程序池帐户来自 wss_admin_wpg 组和web.config文件写入了 wss_admin_wpg 允许.

• I run code with elevated privilages (and open new instance of SPSite)
• my assembly is in GAC
• application pool account is from wss_admin_wpg group and web.config file has wss_admin_wpg write permissins.

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    addProviderProxy(properties);
});

其中addProviderProxy(SPItemEventProperties属性)

where addProviderProxy(SPItemEventProperties properties)

using (SPSite site = new SPSite(properties.SiteId))
using (SPWeb web = site.OpenWeb())
{
  ensureSectionGroup(web);
  ...
}

其中suresureSectionGroup(SPWeb网站)

where ensureSectionGroup(SPWeb web)

  SPWebApplication webApp = web.Site.WebApplication; 
  ...
  webApp.Update(); <--Throws exception here

异常详细信息

System.Security.SecurityException was caught
  Message="Piekļuve liegta." //(Translates to something like "Access Denied")
  Source="Microsoft.SharePoint"
  StackTrace:
       at Microsoft.SharePoint.Administration.SPPersistedObject.Update()
       at Microsoft.SharePoint.Administration.SPWebApplication.Update()
       at Balticovo.SharePoint.AdjustWebConfigForOutlook.ensureSectionGroup(SPWeb web)
  InnerException: 

推荐答案

由于SPPersistedObject.Update()发生访问被拒绝"错误，因此这显然表明持久化对象存在问题.这很可能是写入SharePoint配置数据库(或其他SP数据库)的权限错误.

As the "Access Denied" error is occurring at SPPersistedObject.Update(), this obviously indicates that there is a problem persisting the object. This is very likely to be a permissions error writing to the SharePoint configuration database (or maybe another SP database).

如果可能，请检查SQL日志或运行SQL Profiler跟踪以获取有关引起问题的帐户的更多信息.检查您的代码所运行的帐户是否有权访问配置数据库.

If possible check the SQL logs or run a SQL Profiler trace to get more information on what account is causing the problem. Check that the account your code is running under has access to the configuration database.

更新:

您可以通过将用户添加到服务器场管理员的组中来授予配置数据库权限.这使他们对该数据库具有db_owner权限，这是不理想的，因为这意味着该帐户可以执行任何操作.但是，没有其他方法(我知道)可以授予对此数据库的访问权限.

You can give permission to the configuration database by adding the user to the Farm Administrator's group. This gives them db_owner permission on that database which isn't ideal as that means the account can do anything. However there is no other way (that I know of) that can give access to this database.

如果这是一个主要问题，则可以通过SQL Server Management Studio自己更改权限.理想情况下，使用SQL Profiler并设计一个仅提供所需权限的新角色.或者，尝试将帐户添加到WSS_Content_Application_Pools角色和/或data_reader和data_writer角色.

If this is a major concern, you could change the permissions yourself via SQL Server Management Studio. Ideally use SQL Profiler and devise a new role that gives just the permissions required. Alternatively try adding the account to the WSS_Content_Application_Pools role and/or the data_reader and data_writer roles.

这篇关于使用系统帐户执行SPWebApplication.Update会引发SecurityException的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！