Listing a site's owners or users with full control

Code below will list down a site's owners or users with full control

//first try the code below, should work most of the time

//unless users/admins mess up with the default groups

try
{

SPGroup myOwnerGroup = myWeb.AssociatedOwnerGroup;
foreach (SPUser myOwner in myOwnerGroup.Users)
{

//do what needs to be done here

}
}

catch (Exception ex)
{
//just ignore & proceed with the fall back mechanism to get the owners
}

//if the code above didn't return any values then the code below is the fall back mechanism

SPSite mySite = new SPSite(<website url>);
SPWeb myWeb = mySite.OpenWeb();

try
{
foreach (SPUser myWebUser in myWeb.AllUsers)
{

if (myWeb.DoesUserHavePermissions(myWebUser.LoginName, SPBasePermissions.ManagePermissions))
{

//do what needs to be done here

}
}

}
catch (Exception ex)
{

//error processing here

}

Customizing SharePoint 2007 "Access Denied" Page

In SharePoint 2010, we can run the powershell command below to "tell" SharePoint that we have our own "Custom Access Denied" page & which web applications should use that custom page.

Set-SPCustomLayoutsPage -Identity <None | AccessDenied | Confirmation | Error | Login | RequestAccess | Signout
| WebDeleted> -RelativePath <String> -WebApplication <SPWebApplicationPipeBind>
[-AssignmentCollection <SPAssignmentCollection>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]

However, we don't have the same feature in SharePoint 2007. Below is a workaround to achieve just that. Explanation follows.

1. First make a backup copy of out of box version of the  AccessDenied.aspx file. Keep it safe somewhere.

2. Open the Accessdenied.aspx file in your favourite editor (Notepad? Visual Studio?)

3. Insert the code below in the file between the last register statement line and content place holder code

<script runat="server">

protected void Page_Load(object sender, EventArgs e)
{
string strIncoming = Page.Request.Url.AbsoluteUri.ToLower();

string strTargetURL = "";
string strSource = Request.QueryString["Source"];
string strType = Request.QueryString["type"];
string strQuery = "";

///Check if its customized web apps
if (IsCADeniedWebApp(strIncoming))
{

//check  if user is trying to sign in as another user
if (!strIncoming.Contains("loginasanotheruser"))
{
strQuery = "Source=" + strSource + "&Type=" + strType;
strTargetURL = "/_layouts/<your custom folder>/<your custom page>" + strQuery;

SPUtility.Redirect(strTargetURL, SPRedirectFlags.Default, HttpContext.Current);
}
}
}

private bool IsCADeniedWebApp(string strURL)
{
try
{
string strWebApp = "";
string[] arrWebApps = File.ReadAllLines("C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\12\\TEMPLATE\\LAYOUTS\\<your custom folder>\\CustomisedWebApps.txt");
int intNumberOfWebApps = arrWebApps.Length;

for (int i = 0; i < intNumberOfWebApps; i++)
{
if (arrWebApps[i] != null)
{
strWebApp = arrWebApps[i].Trim();
if (strWebApp != "")
{
if (strURL.Contains(strWebApp))
return true;
}
}
}

return false;
}
catch (Exception ex)
{
return false;
}
}
</script>

The code makes use of a text file which contains the list of web apps that will use the customized access denied page.

Basically, the code above will check for 2 conditions.

i) if the URL that user accessing belongs to a web apps that uses customized access denied page. If not, just ignore it.

ii) if user is trying to login as another user.  For some reason, MS is re-using the AccessDenied.aspx to handle "signing in as another user".

If, the URL belongs to the web apps that uses customized access denied page and user is not trying to sign in as another user, the code will redirect the user to another page. this is where you need to add your custom code.In my case, i will display the list of users with full control to the site or resource.