Wss3 Elevation of Privilege replaces user identity simulation impersonate for permission escalation

Body: Microsoft. sharepoint. spsecurity. runwithelevatedprivileges replaces impersonate for permission escalation. the advantage is that you do not need to write any username or password in the configuration file, which saves you trouble and adds a certain amount of password leakage security, but also increases the security. Code Runwithelevatedprivileges uses the process pool account of your IIS application, so pay attention to security. Hey hey. spsecurity. runwithelevatedprivileges (delegate ()
{
// Perform operations with the system account}); spsecurity. runwithelevatedprivileges (delegate ()
{
Using (spsite site = new spsite (spcontext. Current. Site. ID ))
{// Pay attention to the new one. If spcontext. Current. Site is used, it is the security level of the current account.
// Use a system account to operate the site
}
}); Copy the msdn code example: spweb web = spcontext. Current. Web;
Spuser user = web. currentuser; // The Calling user

 
// Uses the SharePoint \ System creds with the spuser's identity reference of user
Spsecurity. runwithelevatedprivileges (delegate (){
// Gets a new security context using SharePoint \ System
Using (spsite site = new spsite (this. Page. Request. url. tostring ())){
Using (spweb thisweb = site. openweb ()){
Thisweb. allowunsafeupdates = true;
Splist theList = thisweb. Lists [listname];
Splistitem record = theList. Items. Add ();
Record ["user"] = user; // calling user
Record. Update (); // uses SharePoint \ System
}
}
});
 

(Http://msdn2.microsoft.com/en-us/library/aa543467.aspx) Category: SharePoint Release date: