Impersonating a user

Posted: October 21, 2008 in Impersonation, Object Model

If a user have read only permission for a list and in case there is a need for that user to add or update the list item, then he can be given the permission to add/update using code only for the time of updating.

Here AppSettings[“DomainAdmin”] is the entry in web.config which gives the admin ID of the site. This can be anyother ID having write permissions.

protected SPList ImpersonateUser(string strListName)
{
this.web = SPContext.Current.Web;
SPList listCollection;
string domainAdmin = System.Configuration.ConfigurationManager.AppSettings[“DomainAdmin”];
using (WindowsImpersonationContext impctx = WindowsIdentity.Impersonate(IntPtr.Zero))
{
SPUser admin = web.AllUsers[domainAdmin];
using (SPSite adminSite = new SPSite(web.Site.Url.ToString(), admin.UserToken))
{
using (SPWeb adminWeb = adminSite.OpenWeb())
{
listCollection = adminWeb.Lists[strListName];
}
}
}
return listCollection;
}

Now you can use the list returned by this method to update the item. Its better to use

SPSecurity.RunWithElevatedPrivileges(delegate()
{ });

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s