Some times we are blindly using RunWithElevatedPrivileges in the code. But we should know what user context using when using that. Some times we are blindly thinking that if we wrap the code in elevated privileges, its running in app pool account. But its wrong.
Observe the below two code blocks.
In first code block user is App pool accont user, but in 2nd senario user is current logedin user. Even u wrap the code its using current login user because your using spcontext.
1. SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite("http://xrm:1234"))
{
using (SPWeb web = site.OpenWeb())
{
SPUser user = web.CurrentUser;
string username = user.LoginName;
}
}
});
2. SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite site = new SPSite(SPContext.Current.Site.ID);
SPWeb web = SPContext.Current.Web;
SPUser user2 = SPContext.Current.Web.CurrentUser;
string currentUser2 = user2.LoginName;
});
Observe the below two code blocks.
In first code block user is App pool accont user, but in 2nd senario user is current logedin user. Even u wrap the code its using current login user because your using spcontext.
1. SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite("http://xrm:1234"))
{
using (SPWeb web = site.OpenWeb())
{
SPUser user = web.CurrentUser;
string username = user.LoginName;
}
}
});
2. SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite site = new SPSite(SPContext.Current.Site.ID);
SPWeb web = SPContext.Current.Web;
SPUser user2 = SPContext.Current.Web.CurrentUser;
string currentUser2 = user2.LoginName;
});
No comments:
Post a Comment