SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
来源:互联网 发布:京东数据罗盘 编辑:程序博客网 时间:2024/04/30 17:40
回顾:
在SharePoint V2 大家应该都用过模拟用户Impersonate这个功能,
这个功能用来暂时提升某个用户的权限,比如某个普通用户的本来不能修改某个列表的值,但是我们功能需要在修改。
缺点:
我们使用这个模拟用户功能时候,经常是明文保存用户名密码,是个安全隐患。
更加气愤的是,据我所知,在匿名用户访问状态下面,根本不能够模拟成功。
V3解决办法:
Elevation of Privilege
Elevation of privilege is a new feature of that enables you to programmatically perform actions in code using an increased level of privilege. The Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges method enables you to supply a delegate that runs a subset of code in the context of an account with higher privileges than the current user.
A standard usage of RunWithElevatedPrivileges is:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// do things assuming the permission of the "system account"
});
Frequently, to do anything useful within SharePoint you'll need to get a new SPSite object within this code to effect the changes. For example:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(web.Site.ID))
{
// do things assuming the permission of the "system account"
}
});
Although elevation of privilege provides a powerful new technique for managing security, it should be used with care. You should not expose direct, uncontrolled mechanisms for people with low privileges to circumvent the permissions granted to them.
注意:
SPSite要在代码块里面创建,而不能使用当前的SPSite
// Uses the App poll creds with the SPUser's identity reference of user
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// Gets a new security context using
using (SPSite site = new SPSite( SPContext.Current.Site.ID ))
{
using (SPWeb thisWeb = site.OpenWeb())
{
thisWeb.AllowUnsafeUpdates = true;
SPItem item = //web.GetListItem(this.Page.Request.Url.ToString());
thisWeb.GetList(ListName).GetItemById(ID);
item[FieldName] = (item[FieldName] == null) ? 1 : (double)item[FieldName] + 1;
item.Update();
writer.Write("Visited Counter. Current:(" + item[FieldName].ToString() + ")");
}
}
});
运行那一段代码的用户是应用程序池的用户,(在IIS里面设置,避免了明文保存)
注意要关闭SPSite /SPWeb ,可以参考: http://msdn2.microsoft.com/en-us/library/aa973248.aspx
结束:
经过测试,匿名用户也能成功。我的浏览计数功能就使用了该段代码。
MSDN参考:
Elevation of Privilege : http://msdn2.microsoft.com/en-us/library/aa543467.aspx
Best Practices: Using Disposable Windows SharePoint Services Objects
------------
转自: http://www.cnblogs.com/llbofchina/archive/2007/04/17/717065.html
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- SharePoint 2010 权限提升-SPSecurity.RunWithElevatedPrivileges method (Microsoft.SharePoint)
- sharepoint 一个有用的方法SPSecurity.RunWithElevatedPrivileges(delegate(){})
- SPSecurity.RunWithElevatedPrivileges exception 80040154
- Windows的用户管理中的用户模拟 impersonate
- SharePoint如何模拟用户
- SharePoint如何模拟用户
- 利用RunWithElevatedPrivileges模拟管理员权限时慎用SPContext
- 利用RunWithElevatedPrivileges模拟管理员权限时慎用SPContext
- 忘掉过去,重新来过
- 关于 web.config impersonate 帐号模拟
- 忘掉一切,记住从用户场景出发
- 在ASP.NET应用程序中使用身份模拟 impersonate
- AutoIt V3.2.13.7 可模拟PC鼠标移动和窗口来实现自动化任务
- libevent的几个范例,记下来防止自己忘掉
- 用户点击回车键,模拟用户点击了登录按钮
- 取SharePoint用户Profile
- sharepoint 用户问题
- SAP46C双机上运用HP MC ServiceGuard大大增加了维护难度和提高了系统故障率
- SQL:利用存储过程实现分页
- 关于MOSS的应用和开发的一些联接
- 食品真相大揭密
- JAVA源文件的命名规则
- SharePoint v3:忘掉模拟用户Impersonate,SPSecurity.RunWithElevatedPrivileges来了
- PHP中GBK和UTF8编码处理
- JDBC知识点罗列
- Asp.Net细节性问题精萃
- 2007.04.17 Digital Zoom项目准备递交
- 语音检测与mapx相结合
- 得到 XML 元素
- 用JSmooth将jar文件生成exe文件- -
- 请牛人帮助 syscall