Home > Uncategorized > RunWithElevatedPrivileges tricks

RunWithElevatedPrivileges tricks

July 12th, 2007 Leave a comment Go to comments

SPSecurity exposes a method called “RunWithElevatedPrivileges” which gives you an option to elevate the privilege to the application pool identity under which your code is executing. Looks nice, eh?


But Wait a second!! You are not done yet. I wish it was that easy when it comes to impersonation. In order to get this method call to properly impersonate your application pool identity you need to do some more work. Basically, SPSite and SPWeb objects created outside do not have Full Control even when referenced inside the delegate (anonymous method), so you need to find out their GUID before impersonation is performed and re-create the context one more time. Finally,never forget to dispose your objects!


 


//Don’t dispose the following two objects. Sharepoint will take care of their disposal when page is completely rendered.
SPWeb  webInUserContext = SPContext.Current.Web;
SPSite SiteInUserContext = SPContext.Current.Site;
               
Guid webGuid = webInUserContext.ID;
Guid siteGuid = SiteInUserContext.ID;


SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    // get the site in impersonated context
                    using (SPSite site = new SPSite(siteGuid))
                    {


                        // get the web in the impersonated context
                        SPWeb web = site.OpenWeb(webGuid);
                   
                       // Do your work here  
                       


                     web.Dispose();
                    }


               });


Categories: Uncategorized Tags:
  1. No comments yet.
You must be logged in to post a comment.