Skip to content

Run code with elevated privileges in SharePoint

A task that is pretty common is to make some code that requires resources in sharepoint that the logged in user does not always have access to.

My latest web part warns users when their account or password is close to expiration (we have sharepoint users that do not log on to any computer using their account, so they will never get a warning otherwise).
This web part uses a list in the root web that keeps track of when a warning email was last sent to the user.
This list could not consistently be read since a few accounts does not have access to the rootweb.

I have also had to use this when writing to a websites property bag. Only owners were able to do that,
in a custom web part of mine.

There are 2 ways to do it.

1: Elevated Priviledges

protected void Button1_Click(object sender, EventArgs e)
{
   SPSecurity.CodeToRunElevated elevatedGetSitesAndGroups = new SPSecurity.CodeToRunElevated(GetSitesAndGroups);
   SPSecurity.RunWithElevatedPrivileges(elevatedGetSitesAndGroups);
}

GetSitesAndGroups is the method to run.
This method requires you to use methods that have no return type and no parameters.

This can also be done with anonymous methods like this:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    // implementation details omitted
});

Anonymous methods is not really something I ever use, so I haven’t quite figured them out yet.
I could not put this inside my method, and have return statements inside the block.

To make this work you have to create a new SPSite object, otherwise it will continue to use the SPSite where the current logged in users permissions are located.

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
    // implementation details omitted
    }
});

More details here

2: System Account User Token
I found an even better solution online though, from Daniel Larsson

He states that he has a better way of getting things done, and suggest we do not use the SPSecurity method unless we need to use network resources.

His solution is simple, he created a new site with the system account as user token.

SPUserToken sysToken = SPContext.Current.Site.SystemAccount.UserToken;
using(var systemSite = new SPSite(SPContext.Current.Site.ID, sysToken))
{
    using (var sysWeb = systemSite.OpenWeb(SPContext.Current.Web.ID))
    {
        // Perform elevated actions here
    }
}

This worked perfectly for me.

DeliciousDiggTwitterFacebookLinkedInStumbleUponNewsVineTechnorati FavoritesSlashdotShare

Related posts:

  1. Object reference not set to an instance of an object. c:\wss\EventPlanning.wsp: The Solution installation failed.
  2. Object reference not set to an instance of an object, when running STSADM commands
  3. Missing websites in the SharePoint flyout menus for everyone but the site collection owner
  4. Clone SharePoint (MOSS / WSS) stand-alone developer virtual machine (Rename SharePoint Server)
  5. The security validation for this page is invalid. Click Back in your Web browser…

Posted in SharePoint 2007.

1 comment

By Code-Journey May 4, 2010

One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Santhosh says

    Thanks for the post, it was helpful.

    August 16, 2012, 18:13 Reply



Some HTML is OK

or, reply to this post via trackback.

« »

Page optimized by WP Minify WordPress Plugin