SharePoint Run with Elevated Privileges Best Practices


Running code in SharePoint with elevated privileges can be risky. It’s always important to make sure you’re using it appropriately. I did a quick Google search and found a great list best practices when using it. You can find the list Here.

The post offers a great alternative to running with elevated privileges. Instead, impersonate the SHAREPOINT\system account and use it to instantiate new SPSite and SPWeb objects. Check out the code below. (Courtesy of Soumya Dasari)

 var user = SPContext.Current.Web.AllUsers[@"SHAREPOINT\SYSTEM"];
 var superToken = user.UserToken;
 using (var site = new SPSite(SPContext.Current.Web.Url, superToken))
 {
    // This code runs under the security context of the SHAREPOINT\system
 // for all objects accessed through the "site" reference. Note that it's a
 // different reference than SPContext.Current.Site.
    using(var elevatedWeb = site.OpenWeb())
    {
       // Perform actions as SYSTEM here
    }
 }
Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: