Search This Blog

Monday, April 18, 2011

Access denied while activating feature in Sharepoint 2010



In my recent project I encountered a problem with Feature activation. I had to deploy some web.config changes using the package and then needed to propagate those changes across all the WFE’s on the server.  So I thought of creating a “Web Application” scoped feature to propagate the changes. But I received “Access Denied” while activating the feature from SharePoint. However when I tried doing the same through command line, it worked. 

After doing some R&D on this, I discovered that in SharePoint 2010, a new security feature has been added to all objects inheriting from SPPersistedObject in the Microsoft.SharePoint.Administration namespace. This feature explicitly disallows modification of the above stated objects from content web applications. The error message thrown was also very misleading but after some more tracing through the code I found a property in SharePoint API which controls this behavior. The property is:

“Microsoft.SharePoint.Administration.SPWebService.ContentService.RemoteAdministratorAccessDenied”

You can write this to your custom feature before executing your custom code.

public override void FeatureActivated(SPFeatureReceiverProperties properties)
        {
            try
            {
              if (SPWebService.ContentService.RemoteAdministratorAccessDenied == true)
                {
                    SPWebService.ContentService.RemoteAdministratorAccessDenied = false;
                    SPWebService.ContentService.Update(true);
                }

              // Your custom logic goes here

            }
            catch (Exception Ex)
            {
// In case of any exception, you can easily trace it in the System Event //viewer
System.Diagnostics.EventLog.WriteEntry("Your custom Message", Ex.StackTrace, System.Diagnostics.EventLogEntryType.Error);
            }
        }


I have also written a PowerShell script for the same. Copy the below code and paste the contents in Note pad and save it with extension as .ps1

function LoadSharePointPowerShellEnvironment
{
   write-host
   write-host "Setting up PowerShell environment for SharePoint..." -foregroundcolor Yellow
   write-host
   Add-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue
   write-host "SharePoint PowerShell Snapin loaded." -foregroundcolor Green
}

function SetRemoteAdministratorAccessDenied()
{
       # load sharepoint API libs
       [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
       [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Administration") > $null

  # First get the content web service
 $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
  # Now set the remote administration security to off
 $contentService.RemoteAdministratorAccessDenied = $false
  # Also update the web service
 $contentService.Update()
        
}


#
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#                          Configuring RemoteAdministratorAccessDenied
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#

write-host
LoadSharePointPowerShellEnvironment

SetRemoteAdministratorAccessDenied




1 comment:

  1. The C# code doesn't work for the very reason that the property of remoteadministratoraccessdenied is true, right?

    ReplyDelete