What is Impersonation?
Impersonation is the security feature that enables control of the Identity under which code is executed. Impersonation gives the following advantages:
SharePoint 2010 provides the following methods of Impersonation:
Now let us see how to use the above methods.
The attached source contains the following samples:
References
http://msdn.microsoft.com/en-us/library/aa543158.aspx
Summary
In this article we have explored 2 methods of Impersonation in SharePoint 2010. The associated code contains the example we have discussed.
Impersonation is the security feature that enables control of the Identity under which code is executed. Impersonation gives the following advantages:
- Run a high privilege code through a low privilege user
- Record changes in the account of another user
SharePoint 2010 provides the following methods of Impersonation:
- RunWithElevatedPrivileges to impersonate as System Account user
- Passing User Token inside SPSite to impersonate as a particular user
- Using Windows API
Now let us see how to use the above methods.
- RunWithElevatedPrivileges
This is the most commonly used method to impersonate.
SPSecurity.RunWithElevatedPrivileges(() =>
{
// Your code here
}); Note: In the case of RunWithElevatedPrivileges the System Account is used to perform the activity.
- Passing User Token
SPUserToken is the server model which we use for the purpose. Each user's token can be represented by this class. The User Token is actually a byte array.
The SPUser class contains the property named UserToken. Passing SPUserToken instance into the SPSite constructor impersonates the particular user.
Eg: new SPSite(UrlText.Text, user.UserToken);
For enumerating all the users of a site the web.Users property can be used.
Eg: web.Users
The attached source contains the following samples:
- Enumerate Users
For enumerating users for a given website the following code can be used:
using (SPSite site = new SPSite(UrlText.Text)){
using (SPWeb web = site.OpenWeb())
{
SPContext context = SPContext.GetContext(web);
var users = context.Web.Users;
// Display to grid usersGrid.DataSource = users.Cast<SPUser>().ToList<SPUser>();
}
}
On clicking the button we will see the following users as shown below:
- Please note that there are only 2 users for the site I use
- The current user is logged in as Admin
- Create Data Impersonating each User
Now we can try creating list items impersonating each user. The created item will have the system property > Created By set to various users:
The following code does that:
int count = 1;foreach (SPUser user in web.Users)
{
SPSite newSite = new SPSite(UrlText.Text, user.UserToken); // Impersonate SPWeb newWeb = newSite.OpenWeb();
SPListItem item = newWeb.Lists[ListName].AddItem();
item["Title"] = "Item " + count++.ToString();
item.Update();
newSite.Dispose();
newWeb.Dispose();
}
On running the code the above we will see the items created as shown below:
- Please note that the Created By property is different for each row
Note: An exception will be thrown if any of the users above do not have write permission. - Please note that the Created By property is different for each row
- Create Data using RunWithElevatedPrivileges
Now we can try creating the list items using a RunWithElevatedPrivileges block. In this case the user is impersonated to be the System Account.
The code for the same is shown below:
SPSecurity.RunWithElevatedPrivileges(() =>
{
using (SPSite site = new SPSite(UrlText.Text))
{ using (SPWeb web = site.OpenWeb())
{
SPListItem item = web.Lists[ListName].AddItem();
item["Title"] = "Item created with RunWithElevatedPriveleges";
item.Update();
// Item will be created with System Account
ShowData(web);
}
} });
References
http://msdn.microsoft.com/en-us/library/aa543158.aspx
Summary
In this article we have explored 2 methods of Impersonation in SharePoint 2010. The associated code contains the example we have discussed.
Comments