Impersonating a user

If a user have read only permission for a list and in case there is a need for that user to add or update the list item, then he can be given the permission to add/update using code only for the time of updating.

Here AppSettings[“DomainAdmin”] is the entry in web.config which gives the admin ID of the site. This can be anyother ID having write permissions.

protected SPList ImpersonateUser(string strListName)
this.web = SPContext.Current.Web;
SPList listCollection;
string domainAdmin = System.Configuration.ConfigurationManager.AppSettings[“DomainAdmin”];
using (WindowsImpersonationContext impctx = WindowsIdentity.Impersonate(IntPtr.Zero))
SPUser admin = web.AllUsers[domainAdmin];
using (SPSite adminSite = new SPSite(web.Site.Url.ToString(), admin.UserToken))
using (SPWeb adminWeb = adminSite.OpenWeb())
listCollection = adminWeb.Lists[strListName];
return listCollection;

Now you can use the list returned by this method to update the item. Its better to use

{ });


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a website or blog at

Up ↑

%d bloggers like this: