Click here to Skip to main content
15,867,488 members
Articles / Productivity Apps and Services / Sharepoint
Article

Impersonation in SharePoint 2010

Rate me:
Please Sign up or sign in to vote.
5.00/5 (4 votes)
2 Aug 2012CPOL2 min read 60.5K   335   5   12
The methods of Impersonation inside SharePoint 2010.

Introduction

In this article we can explore the methods of Impersonation inside SharePoint 2010.

What is Impersonation?

Impersonation is the security feature that enables to control the Identity under which code is executed. Impersonation gives the following advantages:

  • Run a high privilege code through a low privilege user
  • Record changes in account of another user
  • Image 1

What are the Impersonation methods in SharePoint 2010?

SharePoint 2010 provides the following methods of Impersonation:

  1. RunWithElevatedPrivileges to impersonate as System Account user
  2. Passing User Token inside SPSite to impersonate as particular user
  3. Using Windows API

Note: System Account (SHAREPOINT\system) is the application pool user of SharePoint. If you are using Developer Installations on client Operating Systems (Windows 7 / Vista) the account name will be different.

Now let us see how to use the above methods.

  1. RunWithElevatedPrivileges
  2. This is the most commonly used method to impersonate.

    C#
    SPSecurity.RunWithElevatedPrivileges(() =>
                    {
                        // Your code here
                    });

    Note: In the case of RunWithElevatedPrivileges the System Account is used to perform the activity.

  3. Passing User Token
  4. SPUserToken is the server model which we use for the purpose. Each user’s token can be represented by this class. The User Token is actually a byte array.

    The SPUser class contains the property named UserToken. Passing a SPUserToken instance into the SPSite constructor impersonates the particular user.

    E.g.: new SPSite(UrlText.Text, user.UserToken);

    For enumerating all the users of a site the web.Users property can be used.

    E.g.: web.Users

Running the code

The attached source contains the following samples:

  1. Enumerate users
  2. For enumerating users for a given website the following code can be used:

    C#
    using (SPSite site = new SPSite(UrlText.Text))
    {
        using (SPWeb web = site.OpenWeb())
        {
            SPContext context = SPContext.GetContext(web);
            var users = context.Web.Users;
    
            // Display to grid
            usersGrid.DataSource = users.Cast<SPUser>().ToList<SPUser>();
        }
    }

    On clicking the button we can see the following users as shown below:

    • Please note that there are only two users for the site I use
    • The current user logged in is Admin

    Image 2

  3. Create data impersonating each user
  4. Now we can try creating list items impersonating each user. The created item will have the system property > Created By set to different users:

    The following code performs the same:

    C#
    int count = 1;
    foreach (SPUser user in web.Users)
    {
        SPSite newSite = new SPSite(UrlText.Text, user.UserToken); // Impersonate
        SPWeb newWeb = newSite.OpenWeb();
        SPListItem item = newWeb.Lists[ListName].AddItem();
        item["Title"] = "Item " + count++.ToString();
        item.Update();
    
        newSite.Dispose();
        newWeb.Dispose();
    }

    On running the code above, we can see the items created as shown below:

    Please note that the Created By property is different for each row.

    Image 3

    Note: An exception will be thrown if any of the users above does not have write permission.

  5. Create data using RunWithElevatedPrivileges
  6. Now we can try creating the list items using the RunWithElevatedPrivileges block. In this case the user is impersonated to System Account.

    The code for the same is shown below:

    C#
    SPSecurity.RunWithElevatedPrivileges(() =>
    {
        using (SPSite site = new SPSite(UrlText.Text))
        {
            using (SPWeb web = site.OpenWeb())
            {
                SPListItem item = web.Lists[ListName].AddItem();
                item["Title"] = "Item created with RunWithElevatedPriveleges";
                item.Update(); // Item will be created with System Account
    
                ShowData(web);
            }
        }
    });

    We can see that the new item is created with a System Account as shown below:

    Image 4

References

Summary

In this article we have explored two methods of Impersonation in SharePoint 2010. The associated code contains the example we have discussed.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Architect
United States United States
Jean Paul is a Microsoft MVP and Architect with 12+ years of experience. He is very much passionate in programming and his core skills are SharePoint, ASP.NET & C#.

In the academic side he do hold a BS in Computer Science & MBA. In the certification side he holds MCPD & MCTS spanning from .Net Fundamentals to SQL Server.

Most of the free time he will be doing technical activities like researching solutions, writing articles, resolving forum problems etc. He believes quality & satisfaction goes hand in hand.

You can find some of his work over here. He blogs at http://jeanpaulva.com

Comments and Discussions

 
GeneralMy vote of 5 Pin
MB Seifollahi24-Dec-12 21:39
professionalMB Seifollahi24-Dec-12 21:39 
GeneralRe: My vote of 5 Pin
Jean Paul V.A25-Dec-12 6:32
Jean Paul V.A25-Dec-12 6:32 
GeneralRe: My vote of 5 Pin
MB Seifollahi25-Dec-12 6:51
professionalMB Seifollahi25-Dec-12 6:51 
GeneralRe: My vote of 5 Pin
Jean Paul V.A25-Dec-12 7:04
Jean Paul V.A25-Dec-12 7:04 
GeneralRe: My vote of 5 Pin
MB Seifollahi25-Dec-12 7:53
professionalMB Seifollahi25-Dec-12 7:53 
GeneralRe: My vote of 5 Pin
Jean Paul V.A25-Dec-12 8:42
Jean Paul V.A25-Dec-12 8:42 
QuestionRe: My vote of 5 Pin
MB Seifollahi25-Dec-12 18:23
professionalMB Seifollahi25-Dec-12 18:23 
AnswerRe: My vote of 5 Pin
Jean Paul V.A26-Dec-12 3:25
Jean Paul V.A26-Dec-12 3:25 
GeneralRe: My vote of 5 Pin
MB Seifollahi26-Dec-12 3:34
professionalMB Seifollahi26-Dec-12 3:34 
GeneralRe: My vote of 5 Pin
Jean Paul V.A26-Dec-12 3:39
Jean Paul V.A26-Dec-12 3:39 
GeneralMy vote of 5 Pin
Steven Oberholzer12-Dec-12 13:41
professionalSteven Oberholzer12-Dec-12 13:41 
GeneralRe: My vote of 5 Pin
Jean Paul V.A12-Dec-12 15:01
Jean Paul V.A12-Dec-12 15:01 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.