SharePoint Error while Creating Site Collections or Sites – Cannot complete this action

Yesterday I came across weird error while provisioning sites programmatically from the WCF service – Cannot complete this action. The reason why this error was weird because I was able to execute exact same code from console application to provision site collection by running code block as an user in farm administration group. Since my WCF service was running under farm admin account, I was running exactly same code using exact same identity.

In theory, this code should work but it seems like SharePoint doesn’t work same for WCF and Console Application.

After spending couple of hours troubleshooting usual service accounts settings, WCF services configuration, security permissions checks, and Google search, finally I stumbled upon MSDN Blog and KB article written in 2005 for WSS 2.o SP2.

Basically these articles suggests that even though accounts might have enough permission to execute code, explicit impersonation is required to make successful SharePoint actions. Apparently this kind of impersonation requires even at the sites, lists, and document libraries level.

After wrapping up my site collections provisioning code with impersonation, I was able to successfully execute code in the WCF service.

using System.Security.Principal
....
WindowsImpersonationContext wic = WindowsIdentity.GetCurrent().Impersonate();
//implement OM code here
wic.Undo();

I was really surprised that ages old articles helped me to resolve SharePoint 2010 programmatic issues without much explanation by KB article. Since farm account has sufficient rights to perform farm level operations, it simply doesn’t make sense to explicitly impersonate with farm account again in code. I am still trying to figure out what exactly required impersonation, what exactly enhanced security in framework means, and why farm account explicit impersonation required even though WCF service was running under same account which has full privileges to perform farm level actions. My search for correct explanation continues.

Hope this really helps someone. It took me while to figure it out and stumble upon correct solution or I should rather say, peculiar situation. 😉

Advertisements
This entry was posted in SP2010 DEV General. Bookmark the permalink.