Try our conversational search powered by Generative AI!

Magnus Rahl
Dec 15, 2010
(3 votes)

Run a scheduled job as a specific role

As you may all know, executing a scheduled job by manually triggering it and letting the scheduler trigger it at a specific time or interval is not exactly the same thing. The manual trigger will cause the task to run with the currently logged in user’s account and with access to that HttpContext. The scheduler will run as an anonymous principal and without HttpContext.

Setting the task scheduler user

Some of you probably solved the user problem, and any access rights problems that come with it, by emulating the user executing the job, maybe inspired by Ted Nyberg’s blog post. In many situations it is also possible to bypass the access check, like when passing AccessLevel.NoAccess for required access level to DataFactory.Save.

FindAllPagesWithCriteria problem

In CMS 5 R2 most DataFactory methods which return PageDatas were changed so that they don’t automatically filter by access rights. One that still does however is FindPagesWithCritera. It’s cousin, FindAllPagesWithCriteria is supposed to ignore access rights and return all matches, but because of a bug still present in CMS 6 it still does (fixed in CMS 6 R2). This problem is why I started exploring ways to give the task scheduler extended access rights.

Setting a task scheduler role

Now, if you’re in a situation like mine where users and roles are not stored in the EPiServer database but instead issued by WIF, or for some other reason you can’t use users actually existing but you still want to give your scheduled job permissions, you can emulate a role with permissions, like Administrators:

public class DummyScheduledTask
    public static string Execute()
        if (HttpContext.Current == null)
            PrincipalInfo.CurrentPrincipal = new GenericPrincipal(
                new GenericIdentity("Scheduled DummyTask"),
                new[] { "Administrators" });
        // Calls made here, for example to FindAllPagesWithCritera
        // will see a user in role Administrators when executed by
        // the task scheduler.

A few notes on this:

  • I only do this when there’s no HttpContext, meaning it is not manually started. If it is, the user starting it will be the one running the task. You could also check if the user is anonymous but in that there is at least a theoretical risk that you are giving administrator rights to a real anonymous user (like an attacker of some sort).
  • You can set any user name you like and it will appear for example in the version history if the job publishes pages. If you use different names for different jobs you’ll know who’s responsible :)
Dec 15, 2010


Henrik Molnes
Henrik Molnes Mar 3, 2014 10:24 AM

Thanks, exactly what I was looking for :)

Sep 29, 2016 07:00 PM

Very nice

I was just missing this part

Aziz Khakulov
Aziz Khakulov May 4, 2017 11:19 AM

How to run a scheduled job in Anonymous context (as it stated in documentation while debugging/running the site on Visual Studio? Anyone knows?

Please login to comment.
Latest blogs
The A/A Test: What You Need to Know

Sure, we all know what an A/B test can do. But what is an A/A test? How is it different? With an A/B test, we know that we can take a webpage (our...

Lindsey Rogers | Apr 15, 2024

.Net Core Timezone ID's Windows vs Linux

Hey all, First post here and I would like to talk about Timezone ID's and How Windows and Linux systems use different IDs. We currently run a .NET...

sheider | Apr 15, 2024

What's new in Language Manager 5.3.0

In Language Manager (LM) version 5.2.0, we added an option in appsettings.json called TranslateOrCopyContentAreaChildrenBlockForTypes . It does...

Quoc Anh Nguyen | Apr 15, 2024

Optimizely Search & Navigation: Boosting in Unified Search

In the Optimizely Search & Navigation admin view, administrators can set a certain weight of different properties (title, content, summary, or...

Tung Tran | Apr 15, 2024