SharePoint 2010 - Items Added By Anonymous Users Cannot Start Workflows
On a public-facing website on SharePoint 2010, I was building a simple list to be used as the Contact Us form, so that when an item is added to the list, a workflow will run which sends an email to the owner of the website.
It all worked fine until I tested as an anonymous user that wasn't logged in. I could create the item fine, but the workflow would not run. The reason for this is, when an item is created by an anonymous user, the item does not set an author against itself (created by, modified by), which means the Workflow does not know what permissions it should use to run.
Turns out there's really only one way to get around this. Open up your old mate Visual Studio and create an Event Receiver on the ItemAdded event. What needs to happen is as soon as the item is added to the list, the event receiver will grab the item, and set the Author value to something generic (I used the System Account), then run the workflow.
(code in text at the bottom of this blog)
However, after deploying the solution to the site, I was still having issues with the Event Receiver & Workflow refusing to run and returning an error to the Event Viewer:
Error loading and running event receiver ExecuteWorkflow.EventReceiver1.EventReceiver1 in ExecuteWorkflow, Version=1.0.0.0, Culture=neutral, PublicKeyToken=0e007c3794fb9704. Additional information is below.
: <nativehr>0x80070005</nativehr><nativestack></nativestack>
After much hair pulling, I now realised I should have been face slapping myself, as the issue was happening because I had set Advanced Settings on the list so that users could only see and edit items that were created by themselves. This was causing the event receiver to say 'hang on buddy, an item has been added, but I can't read it'.
Changed those settings back to being able to view and edit all items and the event receiver worked fine.
To get around the issues with Anonymous users being able to view all the data in the list, you have two options:
- Get the workflow to delete the item after it's details have been emailed.
- If you need to report on the list data (it needs to be kept), Get the workflow to copy the item to an identical list that Anonymous cannot access.
--------------------------------------------------
using System;
using System.Security.Permissions;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Security;
using Microsoft.SharePoint.Utilities;
using Microsoft.SharePoint.Workflow;
namespace SetAuthorForWorkflow.EventReceiver1
{
/// <summary>
/// List Item Events
/// </summary>
public class EventReceiver1 : SPItemEventReceiver
{
/// <summary>
/// An item was added.
/// </summary>
///
public override void ItemAdded(SPItemEventProperties properties)
{
if (properties.ListTitle == "BookingList" || properties.ListTitle == "ContactUsList")
{
Guid siteID, webID, listID;
int itemID;
listID = properties.ListId;
itemID = properties.ListItem.ID;
using (SPWeb web = properties.OpenWeb())
{
siteID = web.Site.ID;
webID = web.ID;
}
//run this block as System Account
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(siteID))
{
using (SPWeb web = site.OpenWeb(webID))
{
web.AllowUnsafeUpdates = true;
SPListItem item = web.Lists[listID].GetItemById(itemID);
if (item != null)
{
//Impersonate the Author to be System Account
item["Author"] = web.AllUsers[@"SHAREPOINT\system"];
item.SystemUpdate();
//start the by add the item and workflow name
if (properties.ListTitle == "BookingList") { StartWorkflow(item, "EmailBooking"); }
else if (properties.ListTitle == "ContactUsList") { StartWorkflow(item, "ContactUs"); }
}
web.AllowUnsafeUpdates = false;
}
}
});
}
else
{
return;
}
}
private static void StartWorkflow(SPListItem listItem, string workflowName)
{
SPWorkflowAssociation wfAssoc = listItem.ParentList.WorkflowAssociations.GetAssociationByName(workflowName, System.Globalization.CultureInfo.CurrentCulture);
listItem.Web.Site.WorkflowManager.StartWorkflow(listItem, wfAssoc, wfAssoc.AssociationData, true);
listItem.Update();
}
}
}
------------------------------------------
It all worked fine until I tested as an anonymous user that wasn't logged in. I could create the item fine, but the workflow would not run. The reason for this is, when an item is created by an anonymous user, the item does not set an author against itself (created by, modified by), which means the Workflow does not know what permissions it should use to run.
Turns out there's really only one way to get around this. Open up your old mate Visual Studio and create an Event Receiver on the ItemAdded event. What needs to happen is as soon as the item is added to the list, the event receiver will grab the item, and set the Author value to something generic (I used the System Account), then run the workflow.
(code in text at the bottom of this blog)
However, after deploying the solution to the site, I was still having issues with the Event Receiver & Workflow refusing to run and returning an error to the Event Viewer:
Error loading and running event receiver ExecuteWorkflow.EventReceiver1.EventReceiver1 in ExecuteWorkflow, Version=1.0.0.0, Culture=neutral, PublicKeyToken=0e007c3794fb9704. Additional information is below.
: <nativehr>0x80070005</nativehr><nativestack></nativestack>
After much hair pulling, I now realised I should have been face slapping myself, as the issue was happening because I had set Advanced Settings on the list so that users could only see and edit items that were created by themselves. This was causing the event receiver to say 'hang on buddy, an item has been added, but I can't read it'.
Changed those settings back to being able to view and edit all items and the event receiver worked fine.
To get around the issues with Anonymous users being able to view all the data in the list, you have two options:
- Get the workflow to delete the item after it's details have been emailed.
- If you need to report on the list data (it needs to be kept), Get the workflow to copy the item to an identical list that Anonymous cannot access.
--------------------------------------------------
using System;
using System.Security.Permissions;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Security;
using Microsoft.SharePoint.Utilities;
using Microsoft.SharePoint.Workflow;
namespace SetAuthorForWorkflow.EventReceiver1
{
/// <summary>
/// List Item Events
/// </summary>
public class EventReceiver1 : SPItemEventReceiver
{
/// <summary>
/// An item was added.
/// </summary>
///
public override void ItemAdded(SPItemEventProperties properties)
{
if (properties.ListTitle == "BookingList" || properties.ListTitle == "ContactUsList")
{
Guid siteID, webID, listID;
int itemID;
listID = properties.ListId;
itemID = properties.ListItem.ID;
using (SPWeb web = properties.OpenWeb())
{
siteID = web.Site.ID;
webID = web.ID;
}
//run this block as System Account
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(siteID))
{
using (SPWeb web = site.OpenWeb(webID))
{
web.AllowUnsafeUpdates = true;
SPListItem item = web.Lists[listID].GetItemById(itemID);
if (item != null)
{
//Impersonate the Author to be System Account
item["Author"] = web.AllUsers[@"SHAREPOINT\system"];
item.SystemUpdate();
//start the by add the item and workflow name
if (properties.ListTitle == "BookingList") { StartWorkflow(item, "EmailBooking"); }
else if (properties.ListTitle == "ContactUsList") { StartWorkflow(item, "ContactUs"); }
}
web.AllowUnsafeUpdates = false;
}
}
});
}
else
{
return;
}
}
private static void StartWorkflow(SPListItem listItem, string workflowName)
{
SPWorkflowAssociation wfAssoc = listItem.ParentList.WorkflowAssociations.GetAssociationByName(workflowName, System.Globalization.CultureInfo.CurrentCulture);
listItem.Web.Site.WorkflowManager.StartWorkflow(listItem, wfAssoc, wfAssoc.AssociationData, true);
listItem.Update();
}
}
}
------------------------------------------
Thanks a lot man, it really helped
ReplyDeleteThank you for the feedback!
ReplyDelete