I've created a web part that gathers information from a Document Library. It works
well under the "admin" web application (we have two web apps: admin site
for non-anonymous users; www site for anonymous users. These two sites
share the same content).
When I open www site, it shows the empty Web Part when it's not
reference to the Document Library. However when it's linked to the
document library, it shows 401 UNAUTHORIZED. The same document library
can be successfully querried by CQWP from both admin and www sites.
It seemed the SPWeb object enumlated from SPSite object
siteCollection's property AllWebs performs security check for every web
object.
If the user don't have permission with a particular web object then
it throws an error in the upper level which result an 401 page.
Using elevated privileges solved the problem.
MSDN article:
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges.aspx
My original question at http://stackoverflow.com/questions/2237872/401-unauthorized-in-sharepoint-2007