Posts Tagged ‘ SharePoint 2010; Sharepoint Security; C# ’

SharePoint Run with Elevated Privileges Best Practices

Running code in SharePoint with elevated privileges can be risky. It’s always important to make sure you’re using it appropriately. I did a quick Google search and found a great list best practices when using it. You can find the list Here.

The post offers a great alternative to running with elevated privileges. Instead, impersonate the SHAREPOINT\system account and use it to instantiate new SPSite and SPWeb objects. Check out the code below. (Courtesy of Soumya Dasari)

 var user = SPContext.Current.Web.AllUsers[@"SHAREPOINT\SYSTEM"];
 var superToken = user.UserToken;
 using (var site = new SPSite(SPContext.Current.Web.Url, superToken))
 {
    // This code runs under the security context of the SHAREPOINT\system
 // for all objects accessed through the "site" reference. Note that it's a
 // different reference than SPContext.Current.Site.
    using(var elevatedWeb = site.OpenWeb())
    {
       // Perform actions as SYSTEM here
    }
 }