SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了 提升SharePoint代码的权限
2010-06-20 02:38
681 查看
回顾:
在SharePoint V2 大家应该都用过模拟用户Impersonate这个功能,
这个功能用来暂时提升某个用户的权限,比如某个普通用户的本来不能修改某个列表的值,但是我们功能需要在修改。
缺点:
我们使用这个模拟用户功能时候,经常是明文保存用户名密码,是个安全隐患。
更加气愤的是,据我所知,在匿名用户访问状态下面,根本不能够模拟成功。
V3解决办法:
Elevation of Privilege
Elevation of privilege is a new feature of that enables you to programmatically perform actions in code using an increased level of privilege. The Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges method enables you to supply a delegate that runs a subset of code in the context of an account with higher privileges than the current user.
A standard usage of RunWithElevatedPrivileges is:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// do things assuming the permission of the "system account"
});
Frequently, to do anything useful within SharePoint you'll need to get a new SPSite object within this code to effect the changes. For example:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(web.Site.ID))
{
// do things assuming the permission of the "system account"
}
});
Although elevation of privilege provides a powerful new technique for managing security, it should be used with care. You should not expose direct, uncontrolled mechanisms for people with low privileges to circumvent the permissions granted to them.
注意:
SPSite要在代码块里面创建,而不能使用当前的SPSite
// Uses the App poll creds with the SPUser's identity reference of user
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// Gets a new security context using
using (SPSite site = new SPSite( SPContext.Current.Site.ID ))
{
using (SPWeb thisWeb = site.OpenWeb())
{
thisWeb.AllowUnsafeUpdates = true;
SPItem item = //web.GetListItem(this.Page.Request.Url.ToString());
thisWeb.GetList(ListName).GetItemById(ID);
item[FieldName] = (item[FieldName] == null) ? 1 : (double)item[FieldName] + 1;
item.Update();
writer.Write("Visited Counter. Current:(" + item[FieldName].ToString() + ")");
}
}
});
运行那一段代码的用户是应用程序池的用户,(在IIS里面设置,避免了明文保存)
public void WriteToLib()
同样的代码如果用户是网站管理员就没有这个权限问题。
那么解决方案是什么呢?我们需要提升这段代码的权限,而不管当前的用户是不是有足够的权限。从SharePoint SDK中看到可以这样做:
SPSecurity.CodeToRunElevated ElevatedWriteToLibrary = new SPSecurity.CodeToRunElevated(WriteToLib);
SPSecurity.RunWithElevatedPrivileges(ElevatedWriteToLibrary);
这样就把我们的方法的权限提高到了系统帐号的高度,问题就解决了。
如果用到SPSite对象的话,则一定要在这个方法内部来创建,不可以用SPContext.Current.Site,不然没有效果.
if ($ != jQuery) {
$ = jQuery.noConflict();
}
if ($ != jQuery) {
$ = jQuery.noConflict();
}
在SharePoint V2 大家应该都用过模拟用户Impersonate这个功能,
这个功能用来暂时提升某个用户的权限,比如某个普通用户的本来不能修改某个列表的值,但是我们功能需要在修改。
缺点:
我们使用这个模拟用户功能时候,经常是明文保存用户名密码,是个安全隐患。
更加气愤的是,据我所知,在匿名用户访问状态下面,根本不能够模拟成功。
V3解决办法:
Elevation of Privilege
Elevation of privilege is a new feature of that enables you to programmatically perform actions in code using an increased level of privilege. The Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges method enables you to supply a delegate that runs a subset of code in the context of an account with higher privileges than the current user.
A standard usage of RunWithElevatedPrivileges is:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// do things assuming the permission of the "system account"
});
Frequently, to do anything useful within SharePoint you'll need to get a new SPSite object within this code to effect the changes. For example:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(web.Site.ID))
{
// do things assuming the permission of the "system account"
}
});
Although elevation of privilege provides a powerful new technique for managing security, it should be used with care. You should not expose direct, uncontrolled mechanisms for people with low privileges to circumvent the permissions granted to them.
注意:
SPSite要在代码块里面创建,而不能使用当前的SPSite
// Uses the App poll creds with the SPUser's identity reference of user
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// Gets a new security context using
using (SPSite site = new SPSite( SPContext.Current.Site.ID ))
{
using (SPWeb thisWeb = site.OpenWeb())
{
thisWeb.AllowUnsafeUpdates = true;
SPItem item = //web.GetListItem(this.Page.Request.Url.ToString());
thisWeb.GetList(ListName).GetItemById(ID);
item[FieldName] = (item[FieldName] == null) ? 1 : (double)item[FieldName] + 1;
item.Update();
writer.Write("Visited Counter. Current:(" + item[FieldName].ToString() + ")");
}
}
});
运行那一段代码的用户是应用程序池的用户,(在IIS里面设置,避免了明文保存)
public void WriteToLib()
同样的代码如果用户是网站管理员就没有这个权限问题。
那么解决方案是什么呢?我们需要提升这段代码的权限,而不管当前的用户是不是有足够的权限。从SharePoint SDK中看到可以这样做:
SPSecurity.CodeToRunElevated ElevatedWriteToLibrary = new SPSecurity.CodeToRunElevated(WriteToLib);
SPSecurity.RunWithElevatedPrivileges(ElevatedWriteToLibrary);
这样就把我们的方法的权限提高到了系统帐号的高度,问题就解决了。
如果用到SPSite对象的话,则一定要在这个方法内部来创建,不可以用SPContext.Current.Site,不然没有效果.
if ($ != jQuery) {
$ = jQuery.noConflict();
}
if ($ != jQuery) {
$ = jQuery.noConflict();
}
相关文章推荐
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- SharePoint 2010 权限提升-SPSecurity.RunWithElevatedPrivileges method (Microsoft.SharePoint)
- MOSS: SPSecurity.RunWithElevatedPrivileges提升权限来新增列表条目示例
- MOSS: SPSecurity.RunWithElevatedPrivileges提升权限来新增列表条目示例
- sharepoint 一个有用的方法SPSecurity.RunWithElevatedPrivileges(delegate(){})
- 利用RunWithElevatedPrivileges模拟管理员权限时慎用SPContext
- 【原创】关于SPSecurity.RunWithElevatedPrivileges的一个问题[A problem about SPSecurity.RunWithElevatedPrivileges]
- SPSecurity.RunWithElevatedPrivileges exception 80040154
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- 利用RunWithElevatedPrivileges模拟管理员权限时慎用SPContext
- 利用RunWithElevatedPrivileges模拟管理员权限时慎用SPContext
- sharepoint 代码提升匿名用户、只读用户修改列表的权限
- SharePoint 权限提升(SPSecurity)
- WSS3 Elevation of Privilege 替代 用户身份模拟Impersonate 进行权限提升
- ASP.NET中模拟管理员用户提升权限
- 提升当前用户在MOSS中代码的运行权限
- 如何在不提升用户权限的情况下,使普通用户执行sp_OACreate存储过程
- EventHandler中如何提升用户权限(模拟管理员权限)