SharePoint Security “Do As System User”

Published on December 18, 2008 in sharepoint. 0 Comments Tags: , .

Scenario

You are writing a custom web part or control and want to be able to access a list or resource within your code that the current user otherwise does not have permissions to. For me, this happens quite frequently. For example:

  • Reading info from a list dedicated to storing Application Settings that only an administrator can read and edit
  • Modifying permissions on a list item after creating it
  • Modifying a list item other than the specific item in context
  • Updating Web properties
  • Kicking off a workflow from code as a result of a users action (event handlers are also a good place to do this, which already run under the context of the System user)

What Didn’t Work

SPSecurity.RunWithElevatedPriveleges - this only impersonates the user account running the thread in order to access network resources, etc. But if you are accessing SharePoint resources using the SPContext.Current.Web, your SPWeb object is still limited to the permission set of the original user initiating the request.

What Did Work

Create a new site using the Site.SystemAccount UserToken and then open the web using this Site. Here are two helper methods I am using for doing just this:

        public delegate void SPWebAction(SPWeb web);
 
        public static void DoAsSystemUser(SPWeb web, SPWebAction action)
        {
            SPUser systemUser = web.Site.SystemAccount;
            DoAsUser(web, systemUser, action);
        }
 
        public static void DoAsUser(SPWeb web, SPUser user, SPWebAction action)
        {
            // If we are already running as the given User Token, just pass the web along
            if (web.CurrentUser != null &&
                web.CurrentUser.UserToken.CompareUser(user.UserToken))
            {
                action(web);
                return;
            }
 
            using (SPSite site = new SPSite(web.Site.ID, user.UserToken))
            {
                using (SPWeb userWeb = site.OpenWeb(web.ID))
                {
                    action(userWeb);
                }
            }
        }

Two more things that still need to be addressed are Security Validation and Unsafe Updates, which I will talk about in the next post.

Top 5 Most Useful SharePoint Links of the Month

Published on December 17, 2008 in sharepoint. 0 Comments Tags: , , .

So I just completed and released to production my first approval workflow application using ASP.Net forms and Visual Studio Workflow Designer. I have combed through hundreds of web pages working out many many kinks. These are the top 5 links for this month (measured on subjective scale of usefulness to me for completing my project):

Get Public Key Token Visual Studio Trick

SharePoint Workflow Basics

Design and Bind ASPX Forms to Workflow

Locked Workflow tasks Bug

WSS WebService DISCO and WSDL Generator

Great Reads by My Colleague Winston

Published on October 18, 2008 in asp.net. 0 Comments Tags: , , , .

I’m not sure how much exposure these posts are receiving, so I am posting them here because they are well worth the read:

On the WebForms vs MVC Debate

ASP.NET WebForms: As *Component Frameworks* Go, It’s Pretty Good

Winston Fassett is a previous manager of mine when I was working at ORIX USA, where building rapid applications for demanding financial analysts was our focus. When I made the move to racenation.com, the founder soon after lured Winston to join us, and from the ground up we architected and developed what is racenation.com. I have learned an immense amount from working with him and can safely say he is the sharpest developer I’ve been in contact with throughout my career. Also check out his self-developed mindmapping tool MindTree, which I am using extensively for a variety of tasks from meeting notes to project management.

Galleriffic JQuery Plugin

Published on September 15, 2008 in javascript. 54 Comments Tags: , , .

UPDATE: Version 1.0 is now available. Read about it here.

Galleriffic is a dynamic photo gallery optimized to handle a high volume of photos. I would love feedback on how to improve this plugin.

02/03/2009 Update: Released v 1.0

  • Read up on 1.0 release in this post.

10/05/2008 Update: Released v 0.7

  • Added support for multiple galleries per page
  • New 0.7 jAlbum skin release

9/30/2008 Update: Released v 0.6

  • Now supports graceful degradation (see example for updated instructions on how to set up your gallery)
  • Added configuration option to specify the number of slides to preload in advance

9/25/2008 Update: Released v 0.5

  • Replaced several lingering hardcoded titles and link text with settings values to allow for internationalization
  • Updated the jAlbum skin

9/20/2008 Update: Released v 0.4

  • Added support for onFadeOut and onFadeIn events (see example for how this can be used)
  • Removed unnecessary iframe that is created when using IE
  • Released a new jAlbum skin that makes creating static albums a breeze (View the demo)

9/17/2008 Update: Released v 0.3

  • Implemented additional options for title and description element selectors
  • To enable the ‘Download Link’, a link element selector is now needed

9/16/2008 Update: Released v 0.2

  • Reworked image preloading to load a single image at a time

Screenshot

Welcome to trentacular

Published on August 22, 2008 in Other. 1 Comment Tags: .

Welcome to trentacular. This marks the beginning of my techinical blog. I have been previously blogging here (my personal blog), and the time has arrived to separate the technical related posts from my personal posts. I hope this blog proves interesting and helpful to you, and please don’t be a stranger … leave a comment.