none
VB.Net RunWithElevatedPrivileges Parameters

    Question

  • I have some code that is updating a list, I just realized that I need to elevate permissions for this code to work.

    Since this is in VB.Net I cannot use anonymous methods.  I can convert the class into c#, but I would rather find a workable solution in vb.

    What is the best way to pass parameters to the method I need to use using RunWithElevatedPrivileges?  I could use global variables but that seems pretty sloppy.
    Friday, April 24, 2009 2:46 PM

Answers

  • Hello GreenWaterBoy

    As an alternate answer-- I always recommend impersonating with the system account's user token, RATHER than using RunWithElevatedPrivileges, UNLESS you need the physical network credentials of the app pool. To do this, just use the constructor of SPSite that takes the UserToken parameter, and use the UserToken parameter. It has a lot less overhead, requires less CAS permissions, and is more stable. 

    Here's an example in C# (should be easy for you to translate, but I'll leave that to you!)

    SPUserToken sysToken = SPContext.Current.Site.SystemAccount.UserToken;
    using(var systemSite = new SPSite(SPContext.Current.Site.ID, sysToken))
    {
        using (var sysWeb = systemSite.OpenWeb(SPContext.Current.Web.ID))
        {
            // Perform elevated actions here
        }
    }


    See these blog posts: 
    2. http://daniellarson.spaces.live.com/default.aspx?_c01_BlogPart=blogentry&_c=BlogPart&handle=cns!D3543C5837291E93!2005 

    • Proposed as answer by daniel.larson Friday, April 24, 2009 4:10 PM
    • Marked as answer by GreenWaterBoy Friday, April 24, 2009 5:57 PM
    Friday, April 24, 2009 4:09 PM

All replies

  • In vb.net you can define a parameterless sub that does the code you want executed with higher privileges and declare it as CodeToRunElevated:

    You will have to define module level variables for it to use.

    Dim secureCode As New SPSecurity.CodeToRunElevated(AddressOf Me.SPCode)
    
    
    
            SPSecurity.RunWithElevatedPrivileges(secureCode)
    
    



    http://www.certdev.com
    Friday, April 24, 2009 3:11 PM
  • So sounds like if I wanted to pass parameters to it I would have to declare it outside the method like this.

    Protected Sub updateList(byval ID as string)
    
    
    listID = ID
    
    SPSecurity.RunWithElevatedPrivileges(Address Of Update)
    
    
    End Sub
    
    
    
    Protected listID as string = ""
    
    
    
    Protected Sub Update()
    
    
    
    'Code to run update
    
         Dim mylist As SPList = myweb.Lists("Test List")
    
         Dim myitem As SPListItem
    
    
    
         myitem = mylist.Items.GetItemById(listID)
    
    End Sub
    
    
    Friday, April 24, 2009 3:22 PM
  • Hello GreenWaterBoy

    As an alternate answer-- I always recommend impersonating with the system account's user token, RATHER than using RunWithElevatedPrivileges, UNLESS you need the physical network credentials of the app pool. To do this, just use the constructor of SPSite that takes the UserToken parameter, and use the UserToken parameter. It has a lot less overhead, requires less CAS permissions, and is more stable. 

    Here's an example in C# (should be easy for you to translate, but I'll leave that to you!)

    SPUserToken sysToken = SPContext.Current.Site.SystemAccount.UserToken;
    using(var systemSite = new SPSite(SPContext.Current.Site.ID, sysToken))
    {
        using (var sysWeb = systemSite.OpenWeb(SPContext.Current.Web.ID))
        {
            // Perform elevated actions here
        }
    }


    See these blog posts: 
    2. http://daniellarson.spaces.live.com/default.aspx?_c01_BlogPart=blogentry&_c=BlogPart&handle=cns!D3543C5837291E93!2005 

    • Proposed as answer by daniel.larson Friday, April 24, 2009 4:10 PM
    • Marked as answer by GreenWaterBoy Friday, April 24, 2009 5:57 PM
    Friday, April 24, 2009 4:09 PM
  • Cool thanks.

    Yea the way we are setting this application up, its easier than giving permissions to the list and preventing people from editing the list outside of the application.

    Friday, April 24, 2009 6:03 PM
  • Greetings.

    Daniel - I like your recommendation of using SystemAccount instead of RunWithElevatedPrivileges, but I think I have a scenario that requires the "less-stable" way - at least I have not found another solution yet.

    Suppose that we want to take some SharePoint content actions inside of a customlogin.aspx page? The code is executing in a terrible context - we don't even have credentials yet. I think this is a case where I'm going to have to use RunWithElevatedPrivileges.

    Feedback?

    Wednesday, June 02, 2010 9:31 PM