Briefly LINQ to SharePoint and privilege elevation

SharePoint 2010 supports LINQ to SharePoint, allowing programmers to directly access data in a SharePoint 2010 Web site using LINQ syntax. However, by default, LINQ to SharePoint does not support elevation of privilege, that is, if you try to elevate execution permissions through the Spsecurity.runwithelevatedprivileges () method in your code, you may find that The code does not, as you would like, Access data from the SharePoint site as a system account.

The following is a typical code for elevation of privilege, in which the new SPSite and SPWeb objects are constructed first, and then LINQ to SharePoint is used to query the titles of all list items in a list. Although it seems that LINQ to SharePoint will be elevated to the permissions it performs, this is not the case. In the following code, the intermediate LINQ to SharePoint code is not affected by the outside call to the Spsecurity.runwithelevatedprivileges () method.

Private ienumerable<string> Getallhardwarenames ()
{
    var currentweburl = SPContext.Current.Web.Url;
    list<string> result = null;
    
    Spsecurity.runwithelevatedprivileges (delegate ()
    {
        using (var site = new SPSite (currentweburl))
        {
            using (var Web = site. OpenWeb ())
            {
                using (var ctx = new Contosodatacontext (currentweburl))
                {
                    var names = from h in CTX. Hardware assets Trace
                                select H. title;
                    result = names. ToList ();}}}
    );
    
    return result;
}

If you want LINQ to SharePoint code to be able to elevate its execution permissions, a more trick thing to do before using LINQ to SharePoint is to set the current HttpContext object to null. In the following code, these special codes are identified by using bold.

Spsecurity.runwithelevatedprivileges (delegate ()
{
    using (var site = new SPSite (currentweburl))
    {
        using (var Web = site. OpenWeb ())
        {
            var httpcontext = HttpContext.Current;
            HttpContext.Current = null;
    
            using (var ctx = new Contosodatacontext (currentweburl))
            {
                var names = from h in CTX. Hardware Asset Tracking
                            select H. title; 
  
   result = names. ToList ();
            }
    
            HttpContext.Current = HttpContext
        }}
);
  

The only reason to use this technique is because in the implementation of LINQ to SharePoint, A class called Microsoft.SharePoint.Linq.Provider.SPServerDataConnection is used to actually connect to a SharePoint site. In the constructor of this class, there is a code like this:

if (spcontext.current!= null)
{
    this.defaultsite = SPContext.Current.Site;
    This.defaultweb = (SPContext.Current.Web.Url = = URL)? SPContext.Current.Web:this.defaultSite.OpenWeb (The new Uri (URL). pathandquery);
}
else
{
    this.defaultsite = new SPSite (URL);
    This.defaultweb = This.defaultSite.OpenWeb (new Uri (URL). pathandquery);
}

To improve performance, it overrides the cached SPWeb and SPSite objects in the SPContext object. This behavior can improve the efficiency of your code, but it will invalidate the elevation of privilege, because code that has elevated permissions must use a newly constructed SPSite and SPWeb object.

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/web/sharepoint/