A simple code impersonation in Sharepoint


Hello Everyone,

In this article i share with you a sample function that provide us code impersonation.For example you have login to sharepoint as system account and what to add an item to a custom list but you impersonate it by another user. As you know SPSecurity.RunWithElevatedPrivileges can provide us to run code as Sharepoint\system account.
So what if you impersonate with another user. The main key point is SPSite object constructor has parameter as SPUserToken, if you pass this token to the constructor,
it provide execute code with related user rights as defined with SPUserToken. For a real code impersonation you should better to use some native dll references (AdvApi32 DLL) . but this is also work for simple operations well.

Here the RunAsAdmin static class that contains ImpersonateRun fuction getting 2 parameters .
1) Account : the account to use rights
2) RunWithAdminDelegate : which is a delegate that provide us writing less codding for our implementations using lambda functions

Code Impersonation Sample
  1. public static class RunAsAdmin
  2. {
  3.     public delegate void RunWithAdminDelegate(SPSite site, SPWeb web);
  4.     public static void ImpersonateRun(string account,RunWithAdminDelegate myDelegate)
  5.     {
  6.         Guid webID = SPContext.Current.Web.ID;
  7.         Guid siteID = SPContext.Current.Site.ID;
  8.         SPUser privilegedAccount =null ;
  9.         if(string.IsNullOrEmpty(account))
  10.         {
  11.             privilegedAccount = SPContext.Current.Web.CurrentUser;
  12.         }
  13.         else
  14.         {
  15.             privilegedAccount = SPContext.Current.Web.EnsureUser(account);
  16.         }
  17.         SPUserToken privilegedToken = privilegedAccount.UserToken;
  18.         using (SPSite site = new SPSite(siteID, privilegedToken))
  19.         {
  20.             site.AllowUnsafeUpdates = true;
  21.             using (SPWeb web = site.OpenWeb(webID))
  22.             {
  23.                 //SPWebApplication webApp = web.Site.WebApplication;
  24.                 //  webApp.FormDigestSettings.Enabled = false;
  25.                 web.AllowUnsafeUpdates = true;
  26.                 myDelegate.Invoke(site, web);
  27.                 web.AllowUnsafeUpdates = false; ;
  28.                 //   webApp.FormDigestSettings.Enabled = true;
  29.             }
  30.         }
  31.     }
  32. }

the usage is very simple , Less coded less simple .

The usage
  1. protected void Page_Load(object sender, EventArgs e)
  2. {
  3.     RunAsAdmin.ImpersonateRun(“BLOG\\bpostaci”, (site, web) =>
  4.     {
  5.         SPList list = web.Lists[“MyList”];
  6.         foreach (SPListItem item in list.Items)
  7.         {
  8.             //Add Some items.
  9.         }
  10.     });
  11. }

see you next time.

Advertisements

About bpostaci
Escalation Engineer in Microsoft.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: