Feedback
Did this article resolve your question/issue?

   

Article

Exception when uploading documents

« Go Back

Information

 
TitleException when uploading documents
URL NameException-when-uploading-doc-using-the-API-when-user-is-not-logged-in
Article Number000178171
EnvironmentProduct: Sitefinity
Version: 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, 11.x
OS: All supported OS versions
Database: All supported Microsoft SQL Server versions
Question/Problem Description
When trying to upload a document using the API, an exception is thrown when the user is not logged in.
When trying to upload a document or file in a library through the backend an error pops up.
Steps to Reproduce
Clarifying Information
Error MessageTelerik.Sitefinity.Libraries.Model.DocumentLibrary, Telerik.Sitefinity.Model was not granted ManageDocument in Document for principals with IDs .....
Defect Number
Enhancement Number
Cause
The exception means that the current user who is trying to perform the action does not have proper rights.
Resolution
1. One way to overcome this is to elevate the security context and skip the security checks by using the SuppressSecurityChecks property of the manager's provider. The SuppressSecurityChecks is set for the different managers that are instantiated. After the custom logic is executed the SuppressSecurityChecks property of the manager can be set to false again. Here is an example:
LibrariesManager librariesManager = LibrariesManager.GetManager();
librariesManager.Provider.SuppressSecurityChecks = true;

// custom code goes here

librariesManager.Provider.SuppressSecurityChecks = false;
When the SuppressSecurityChecks is set to true all security checks/demands/filtering will be turned off and this allows the code to be executed by anonymous users without the need to be logged in Sitefinity with an admin account or an account that has the permissions to perform the actions (created, edit or delete).

2. Another option is to wrap the code in ElevatedModeRegion() method and pass the Sitefinity manager to this method. 

Here is a sample code for reference demonstrating this for the Libraries manager:
LibrariesManager librariesManager = LibrariesManager.GetManager();
  
using(new ElevatedModeRegion(librariesManager))
{
      // custom code goes here
}
In cases when the code does not use an instance of the Manager, use SystemManager Run with elevated privileges.

For example for the WorkflowManager use the below approach:
SystemManager.RunWithElevatedPrivilege(d => { WorkflowManager.MessageWorkflow(...); });
Another option is to use:
SystemManager.RunWithElevatedPrivilege(DoWork);

public void DoWork(object[] parameters)
{
}

3. If the file is uploaded through the backend check what roles can "Modify library and manage document" by going to  Content >> Documents & Files >> MyLibrary >> Actions >> Set permissions and grant the user some of these permissions.


 
Workaround
Notes
References to Other Documentation:

Sitefinity Documentation, Implement security - http://docs.sitefinity.com/for-developers-implement-security
Sitefinity Documentation, Users and roles - http://docs.sitefinity.com/for-developers-users-and-roles#add-user-to-roles
Sitefinity Documentation, CRUD operations with documents and files - http://docs.sitefinity.com/for-developers-crud-operations-with-documents-and-files
Last Modified Date10/8/2018 6:52 AM
Attachment 
Files
Disclaimer The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.