SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
2007-09-13 10:35
513 查看
转自:http://westart.blog.enorth.com.cn/article/217988.shtml
SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
回顾:在SharePoint V2 大家应该都用过[b]模拟用户Impersonate[/b]这个功能,
这个功能用来暂时提升某个用户的权限,比如某个普通用户的本来不能修改某个列表的值,但是我们功能需要在修改。
缺点:
我们使用这个模拟用户功能时候,经常是明文保存用户名密码,是个安全隐患。
更加气愤的是,据我所知,在匿名用户访问状态下面,根本不能够模拟成功。
V3解决办法:
Elevation of Privilege
Elevation
of privilege is a new feature of that enables you to programmatically
perform actions in code using an increased level of privilege. The
Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges method
enables you to supply a delegate that runs a subset of code in the
context of an account with higher privileges than the current user.
A standard usage of RunWithElevatedPrivileges is:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// do things assuming the permission of the "system account"
});
Frequently, to do anything useful within SharePoint you'll need to get a new SPSite object within this code to effect the changes. For example:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(web.Site.ID))
{
// do things assuming the permission of the "system account"
}
});
Although elevation
of privilege provides a powerful new technique for managing security,
it should be used with care. You should not expose direct, uncontrolled
mechanisms for people with low privileges to circumvent the permissions
granted to them.
注意:
SPSite要在代码块里面创建,而不能使用当前的SPSite
// Uses the App poll creds with the SPUser's identity reference of user
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// Gets a new security context using
using (SPSite site = new SPSite( SPContext.Current.Site.ID ))
{
using (SPWeb thisWeb = site.OpenWeb())
{
thisWeb.AllowUnsafeUpdates = true;
SPItem item = //web.GetListItem(this.Page.Request.Url.ToString());
thisWeb.GetList(ListName).GetItemById(ID);
item[FieldName] = (item[FieldName] == null) ? 1 : (double)item[FieldName] + 1;
item.Update();
writer.Write("Visited Counter. Current:(" + item[FieldName].ToString() + ")");
}
}
});
运行那一段代码的用户是应用程序池的用户,(在IIS里面设置,避免了明文保存)
注意要关闭SPSite /SPWeb ,可以参考: http://msdn2.microsoft.com/en-us/library/aa973248.aspx
结束:
经过测试,匿名用户也能成功。我的浏览计数功能就使用了该段代码。
MSDN参考:
Elevation of Privilege : http://msdn2.microsoft.com/en-us/library/aa543467.aspx
Best Practices: Using Disposable Windows SharePoint Services Objects
相关文章推荐
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了 提升SharePoint代码的权限
- sharepoint 一个有用的方法SPSecurity.RunWithElevatedPrivileges(delegate(){})
- SharePoint 2010 权限提升-SPSecurity.RunWithElevatedPrivileges method (Microsoft.SharePoint)
- MOSS: SPSecurity.RunWithElevatedPrivileges提升权限来新增列表条目示例
- SPSecurity.RunWithElevatedPrivileges exception 80040154
- 【原创】关于SPSecurity.RunWithElevatedPrivileges的一个问题[A problem about SPSecurity.RunWithElevatedPrivileges]
- MOSS: SPSecurity.RunWithElevatedPrivileges提升权限来新增列表条目示例
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- 利用RunWithElevatedPrivileges模拟管理员权限时慎用SPContext
- 利用RunWithElevatedPrivileges模拟管理员权限时慎用SPContext
- 利用RunWithElevatedPrivileges模拟管理员权限时慎用SPContext
- 正确使用RunWithElevatedPrivileges
- 当使用RunWithElevatedPrivileges时如何修改“修改者”信息
- All ways of RunWithElevatedPrivileges
- Windows的用户管理中的用户模拟 impersonate
- WebApi 数据保护操作未成功。这可能是由于未为当前线程的用户上下文加载用户配置文件导致的。当线程执行模拟时,可能会出现此情况。","ExceptionType":"System.Security.Cryptography.CryptographicException","StackTrace
- SharePoint如何模拟用户
- Vsftpd下如何把用户限制在家目录中 后出现500 OOPS: vsftpd: refusing to run with writable root inside chroot 原因及解决办法初析[ubuntu, vsftpd, ftp server]