MOSS 2007 - Changing ListItem permissions in EventReciever

I'm using MOSS 2007 B2TR.
I need the next functionality: when user adds new element to forms
library he and only he can view it later.

I create this next way:
1) Feature registrates FeatureEventReciever
2) FeatureEventReciever registrates ListItemEventReciever
3) ItemAdded event changes access rights of item that was created to
'currentuser->view, admin->full'.

I'm not sure, that this is the perfect way. Is there are others?

But I encounter the problem:
This code is runned in the context of user, that added an item. So
rightless users can not change permissions, because they do not have
appropriate permissions.
I can not give them the rights to change the rights, cause then they
can do bad stuff...

So I need to impersonate programmatically Admin user.
But it did not work. =(
I tried "advapi32.dll"/LogonUser(...)+DuplicateToken(...) function. It
did work.
But every call to SP libs inside the impersonated context lead to:
InnerException {"Cannot complete this action.\n\nPlease try again."}
System.Exception {System.Runtime.InteropServices.COMException}

Source: Microsoft.SharePoint

StackTrace:
at
Microsoft.SharePoint.Library.SPRequest.GetListItemDataWithCallback(String
bstrUrl, String bstrListName, String bstrViewName, String bstrViewXml,
SAFEARRAYFLAGS fSafeArrayFlags, ISP2DSafeArrayWriter pSACallback,
ISPDataCallback pPagingCallback, ISPDataCallback pSchemaCallback)
at Microsoft.SharePoint.SPListItemCollection.EnsureListItemsData()
at Microsoft.SharePoint.SPListItemCollection.get_Item(Int32 iIndex)
at Microsoft.SharePoint.SPListItem.EnsureItemIsValid()
at Microsoft.SharePoint.SPListItem.GetValue(SPField fld, Int32
columnNumber, Boolean bRaw)
at Microsoft.SharePoint.SPListItem.GetValue(String strName, Boolean
bThrowException)
at Microsoft.SharePoint.SPListItem.GetValue(String strName)
at Microsoft.SharePoint.SPListItem.get_Url()
at Microsoft.SharePoint.SPListItem.InitSecurity()
at Microsoft.SharePoint.SPListItem.get_SecurableObjectImpl()
at Microsoft.SharePoint.SPListItem.get_AllRolesForCurrentUser()

And all the fields of addedItem show the same error in debugger.

What I'm doing wrong?..

Is there any other way of impersonating?.. should I try to use COM+ or
WebServices?..

.

Relevant Pages

  • Re: System.Security.Principal.WindowsImpersonation
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... >>' This sample can be run only on Windows XP. ... >>' proper execution presents a security risk. ... >>impersonate a user on this machine. ...
    (microsoft.public.dotnet.security)
  • Re: System.Diagnostic.Process and disfunctional process
    ... I think you will still need to impersonate a user that has rights to ... > connections. ... The process is a service that accepts incoming tcp ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: anonymous access + impersonation
    ... If i understood your problem exactly, my advice u to impersonate your com+ ... application(or you can modify IIS application protection level). ... ASPNET user and give directory listing rights on that hard drive... ... > apppool user & its password. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Problem with user impersonation and access rights
    ... rights to access the directory 'A' but have full rights on 'B' and SECOND ... If I use LogonUser and ImpersonateLoggedOnUser to impersonate the user ... but I cannot copy because SECOND doesn have permission to access B. ... of FIRST and SECOND and copying the files directly in one pass. ...
    (microsoft.public.win2000.security)
  • Problem with user impersonation and access rights
    ... rights to access the directory 'A' but have full rights on 'B' and SECOND ... If I use LogonUser and ImpersonateLoggedOnUser to impersonate the user ... but I cannot copy because SECOND doesn have permission to access B. ... of FIRST and SECOND and copying the files directly in one pass. ...
    (microsoft.public.win2000.security)