All ways of RunWithElevatedPrivileges

本文探讨了在SharePoint中使用RunWithElevatedPrivileges方法进行权限提升的最佳实践,包括在不同场景如事件接收器、特性接收器中的应用技巧。同时介绍了如何正确使用SPUserToken实现用户身份冒充,并对比了不同方法之间的区别。

Download it:
https://sites.google.com/site/sasivalipireddy/home/RunWithElevatedPrivileages_ALL.pdf

  1. RunWithElevatedPrivileges?
  2. Why can’t we use RunWithElevatedPrivileges in event handlers?
  3. Impersonation Improvements in SharePoint 2010 Event Receivers?
  4. Best recommended practice use of it?
  5. Best recommended practice to use of it in Event Receivers?
  6. Best recommended practice to use of it in Feature Receivers?
  7. RunWithElevatedPrivileges in visual studio workflows:
  8. Is RunWithElevatedPrivileges allowed in sandbox solution?
  9. By using which credentials the RunWithElevatedPrivileges will run?
  10. Difference between SPSecurity.CodeToRunElevated and SPSecurity. RunWithElevatedPrivileges?


Impersonation:
Impersonation is the process of executing code in the context (or on behalf) of another user identity.
What are the Impersonation methods in SharePoint 2010?
  • RunWithElevatedPrivileges to impersonate as System Account user
  • Passing User Token inside SPSite to impersonate as particular user
  • Using Windows API
SPUserToken:
The SPSite object takes an SPUserToken object in its constructor in order to support impersonation. To impersonate the system, use the SystemAccount.UserToken property of the current SPSite context, such as:
var site = new SPSite(SPContext.Current.Site.ID, SPContext.Current.Site.SystemAccount.UserToken);

Difference between RunWithElevatedPrivileges Vs SPUserToken:
  • RunWithElevatedPrivileges to impersonate as System Account user
  • Passing User Token inside SPSite to impersonate as particular user
RunWithElevatedPrivileges?
As per the msdn: Executes the specified method with Full Control rights even if the user does not otherwise have Full Control. 

Whenever we use SPSecurity.RunWithElevatedPrivileges (), it will execute the code under the context of Application Pool identity, so you must ensure that the App Pool account is a member of a site collection group with sufficient perms to add/edit/delete or whatever your code is trying to do. If not, the code will quietly break without popping an exception.

Method: Microsoft.SharePoint. SPSecurity.RunWithElevatedPrivileges

The code will not run within the elevated privilege if the object accessed was not created within the SPSecurity.RunWithElevatedPrivileges block. The main reason for doing so is to ensure that all the objects are in the context of the App Pool's identity.


SPSecurity.RunWithElevatedPrieveleges, there are too much tricks that you should take care of.
For Instance: You must create the new SPSite objects inside the delegate because SPSite objects created outside do not have Full Control even when referenced inside the delegate.

RunWithElevatedPrivileges does not work when HTTPContext is null:
RunWithElevatedPrivileges don’t work when HTTPContext (SPContext to be more specific) is null. So, you will not have elevation of privilege when using  RunWithElevatedPrivileges in Console Application, Workflow, Timer Job or Event handlers not initiated by a request in browser.

What is the need of defining SPSite, SPWeb objects especially in RunWithElevatedPrivileges block? 
If you use instances of SPSite or SPWeb, obtained prior to the RunWithElevatedPrivileges block, it won't work as expected because they are already associated to a non-elevated security context[ means current logger user]  

Why can’t we use SPContext.Current.Web inside RunWithElevatedPrivileges:
SPContext.Current.Web can not be used directly with in the RunWithElevatedPrivileges block as the SPWeb object becomes a instance of current logged-in user's context and it gives the below error if tries to update any content in the same Web with READ only access.
Error : Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack.
To address the issue, a new instance of SPSite and SPWeb should be cerated within the RunWithElevatedPrivileges code block as above. 

Impersonation Improvements in SharePoint 2010 Event Receivers?
Instead of using RunWithElevatedPrivileges, In SharePoint 2010, there are new properties namely OriginatingUserToken, UserDisplayName and UserLoginName which help the developers to revert back to the original user who triggered the event very easily. 

I will update once get the clear idea on what use of the new properties OriginatingUserToken, UserDisplayName and UserLoginName introduced in SharePoint 2010.

RunWithElevatedPrivileges in visual studio workflows:
No need to use any elevated privileges when working with workflows because it runs under SharePoint System Account by default (the App Pool account).

Is RunWithElevatedPrivileges allowed in sandbox solution?
You cannot use SPSecurity.RunWithElevatedPrivileges method in case of Sandboxed solution. The main reason is Sandbox solutions execute in User Code service with limited privileges.

Best recommended practice use of it:
Can’t use SPContext inside the code being RunWithElevatedPrivileges. We may get “ access denied” error if instead write the SPWeb site = SPContext.Current.Web inside the RunWithElevatedPrivileges, because your web was created in the context of the current user.

Best recommended practice is:Take the current context outside the SPSecurity.RunWithElevatedPrivileges block and then create a new instance of SPSite and SPWeb inside the block which will run under application pool identity.

Simply to say is:The objects you’re working with need to be recreated within your RunWithElevatedPrivileges code block.

 

Recommended practice #1:

        private void Test()
        {
            Guid webID = SPContext.Current.Web.ID;
            Guid siteID = SPContext.Current.Site.ID;
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite site = new SPSite(siteID))
                {
                    using (SPWeb web = site.OpenWeb(webID))
                    {
                        // Code Using the SPWeb Object goes here
                    }
                }
            });
        }


Best recommended practice #2:

private void Test()
        {
            SPSite site = SPContext.Current.Site;
            SPWeb web = SPContext.Current.Web;

            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite CurrentSite = new SPSite(site.ID))
                {
                    using (SPWeb CurrentWeb = CurrentSite.OpenWeb(web.ID))
                    {
                        // Code Using the SPWeb Object goes here
                    }
                }
            });
        }


RunWithElevatedPrivileges” in Feature Receivers:

[Guid("b321499d-9b43-410e-8a8f-779ffb81d738")]
    public class Feature1EventReceiver : SPFeatureReceiver
    {
        public override void FeatureActivated(SPFeatureReceiverProperties properties)
        {
            try
            {
                using (SPSite spSite = properties.Feature.Parent as SPSite)
                {
                    using (SPWeb spWeb = spSite.OpenWeb())
                    {
                        SPSecurity.RunWithElevatedPrivileges(delegate()
                        {
                            //code here
                        });
                    }
                }
            }
            catch (Exception ex)
            {
            }
        }


 

“RunWithElevatedPrivileges” in Event Receivers: Better to use the ID properties of the properties object, to get new instances of SPSite, SPWeb and SPListItem. If you need to run actions with elevated privileges on SPSite and SPWeb object use new SPSite(properties.SiteId); and site.OpenWeb(properties.RelativeWebUrl) instead of properties.web and web.site;

Best Recommended Practice #1

namespace MyCustomDlgFramework.EventReceiver
{
    /// <SUMMARY>
    /// List Item Events
    /// </SUMMARY>
    public class EventReceiver : SPItemEventReceiver
    {
       /// <SUMMARY>
       /// An item is being added.
       /// </SUMMARY>
       public override void ItemAdding(SPItemEventProperties properties)
       {
           SPSecurity.RunWithElevatedPrivileges(delegate()
           {
               using (SPSite site = new SPSite(properties.SiteId))
               {
                   using (SPWeb web = site.OpenWeb(properties.RelativeWebUrl))
                   {
                       //code here
                   }
               }
           });
           
       }

    }
}


Best recommended practice #2:

namespace MyCustomDlgFramework.MyEventReceiver
{
    /// <SUMMARY>
    /// List Item Events
    /// </SUMMARY>
    public class MyEventReceiver : SPItemEventReceiver
    {
       /// <SUMMARY>
       /// An item is being added.
       /// </SUMMARY>
       public override void ItemAdding(SPItemEventProperties properties)
       {
            using (SPSite site = new SPSite(properties.WebUrl))
           {
               using (SPWeb web = site.OpenWeb())
               {
                   SPSecurity.RunWithElevatedPrivileges(delegate()
                   {  
                       //Code here
                   });
               }
        }
    }
  }
}


Best recommended practice #3:

namespace MyCustomDlgFramework.EventReceiver
{
    /// <SUMMARY>
    /// List Item Events
    /// </SUMMARY>
    public class EventReceiver : SPItemEventReceiver
    {
       /// <SUMMARY>
       /// An item is being added.
       /// </SUMMARY>
       public override void ItemAdding(SPItemEventProperties properties)
       {
           SPSecurity.RunWithElevatedPrivileges(delegate()
           {
               using (SPWeb web = properties.OpenWeb())
               {
                   //Code here
               }

           });
       }

    }
}

Chances of getting “Access Dined” error:
Note: Elevation of privilege occurs only if newSPSite created inside the block :

Reason: SPContext.Current.Site and SPContext.Current.Web runs the List Item update code in the context of the currently logged in user and not in the context of the App Pool identity

 

private void Test()
        {
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                SPWeb currentWeb = SPContext.Current.Web;
                SPList spList = currentWeb.Lists["MyList"];
            });
        }

        private void Test()
        {
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite currentSite = new SPSite(SPContext.Current.Site.Url))
                {
                    using (SPWeb currentWeb = currentSite.OpenWeb())
                    {
                        // Access granted as System account!! 
                    }
                }
            });
        }

private void Test()
        {
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                SPSite site = SPContext.Current.Site;
                SPWeb web = SPContext.Current.Web;
                web.AllowUnsafeUpdates = true;

                SPList list = web.Lists["MyList"];
                SPListItem item = list.GetItemById(1);
                item["MyField"] = "SharePoint";
                item.Update();

                web.AllowUnsafeUpdates = false;
            });
        }


内容概要:本文围绕“光伏-储能-数据中心”系统的容量优化配置展开研究,旨在通过构建数学模型并结合Matlab编程实现,对园区内光伏发电、储能设备与数据中心算力负荷之间的多能互补关系进行协同优化。研究综合考虑可再生能源出力的波动性、储能系统的充放电特性以及数据中心的动态用电需求与算力调度特性,建立以最小化综合成本、降低碳排放强度、提升能源自给率等为目标的多目标优化模型,并采用先进的智能优化算法(如粒子群、灰狼、鲸鱼等)进行求解,从而确定光伏装机容量与储能系统配置的最优方案。文中提供了完整的Matlab代码实现流程,涵盖数据预处理、模型构建、算法求解与结果可视化全过程,属于综合能源系统与信息基础设施深度融合的前沿交叉课题。; 适合人群:具备电力系统、能源工程、自动化或计算机等相关专业背景,熟悉Matlab编程与基本优化算法原理,从事新能源利用、绿色数据中心、综合能源系统规划与低碳调度等方向的研究生、科研人员及工程技术人员。; 使用场景及目标:① 掌握光伏-储能-数据中心耦合系统的建模思路与多能流协同机制;② 学习基于Matlab的多目标容量优化配置方法与智能算法应用技巧;③ 为工业园区、数字经济园区及绿色数据中心的能源系统规划、节能减排与可持续运行提供科学决策依据和技术解决方案。; 阅读建议:建议结合所提供的Matlab代码,深入理解目标函数设计、约束条件设定及算法实现细节,可通过调整负荷参数、改变气候数据、引入新的优化目标或约束条件等方式进行拓展性实验,以深化对系统特性的认知并提升实际科研与工程应用能力。
内容概要:本文档聚焦于“考虑源网荷储协调的主动配电网优化调度方法”的Matlab代码复现研究,属于电力系统与综合能源系统领域的高水平科研资源。文档系统阐述了融合电源侧、电网侧、负荷侧及储能系统(源-网-荷-储)协同优化的主动配电网调度模型,旨在通过先进的数学优化方法提升电力系统的经济性、可靠性与低碳化水平。研究内容涵盖多时间尺度调度架构、不确定性建模(如新能源出力波动)、鲁棒优化或分布鲁棒优化(DRO)等核心技术,并依托Matlab平台完成模型构建与仿真验证。同时,文档列举了多个前沿研究方向,如光储充一体化、主从博弈、微电网双层优化、电氢耦合系统、电动汽车集群调度等,体现出其在现代智能电网与综合能源系统优化调度中的代表性与前瞻性。; 适合人群:具备电力系统基础理论知识和Matlab编程能力,从事能源、电气工程、自动化、可再生能源等方向研究的研究生、科研人员及工程技术人员,特别适合致力于优化建模、智能算法应用与综合能源系统仿真的研究人员。; 使用场景及目标:① 复现高水平期刊论文中的主动配电网优化调度模型;② 掌握源网荷储协同优化的建模方法与Matlab实现技术;③ 借助所提供的完整代码资源开展二次开发、算法改进或新场景拓展,服务于科研创新、项目申报与学术论文撰写。; 阅读建议:建议结合文档中提及的相关文献与案例,按照目录结构循序渐进地学习,重点理解模型构建的逻辑框架与代码实现的关键细节,并利用附带的百度网盘资源获取全部代码与数据文件,通过动手实践加深对优化算法与工程应用的理解。
内容概要:本文围绕《考虑光伏-储能-数据中心多能互补的园区容量优化配置(Matlab代码实现)》这一技术资源,系统研究了工业园区内光伏发电、储能系统与数据中心之间的能量协同与容量优化问题。通过构建融合可再生能源出力不确定性、负荷波动及数据中心算力负荷特性的数学优化模型,采用Matlab编程实现多能互补系统的容量配置求解,旨在提升能源利用效率、降低运营成本与碳排放,并增强园区能源系统的稳定性与经济性。文中综合运用分布鲁棒机会约束(DRCC)、N-1安全准则、鲁棒优化等先进建模方法,确保方案在复杂运行环境下的可行性与可靠性,适用于综合能源系统(IES)的规划与调度研究。; 适合人群:面向具备电力系统、能源系统或优化算法基础的研究生、科研人员及工程技术人员,尤其适合熟悉Matlab编程及YALMIP、CPLEX等优化工具的专业人士;对于从事智慧园区、绿色数据中心或低碳能源系统研究的人员亦具有较高参考价值。; 使用场景及目标:①支撑科研项目中对含数据中心的智慧园区进行多能互补建模与仿真分析;②用于撰写学位论文、期刊投稿中的案例验证与算法对比;③指导实际工程中光伏与储能容量的科学规划与配置决策;④深入学习分布鲁棒优化、N-1安全约束等高级方法在能源系统中的集成应用。; 阅读建议:建议结合提供的Matlab代码逐模块解析模型实现过程,重点关注目标函数构建、约束条件设定及求解器接口调用逻辑。推荐对照“顶级EI复现”案例,掌握工业级建模规范,并尝试复现关键结果以加深理解。同时可延伸学习文中关联的多时间尺度调度与协同优化策略,全面提升综合能源系统的研究与实践能力。
内容概要:本文介绍了一项基于支持向量机(SVM)的风力涡轮机故障检测技术研究,结合Matlab代码与Simulink仿真平台实现风力涡轮机的故障诊断与容错控制。该方法利用SVM强大的分类能力对风力涡轮机运行数据进行分析,有效识别早期故障特征,提升系统可靠性与安全性。资源包包含完整的算法实现代码、仿真模型及实验数据,适用于开展风电系统智能故障诊断相关的科研与工程应用。此外,文中还提及多个相关研究方向,涵盖风电系统建模、功率预测、储能优化、多能源协同调度等,展示了在新能源系统中机器学习技术的广泛应用前景。; 适合人群:具备一定MATLAB/Simulink基础,从事新能源、电力系统、智能诊断或自动化方向研究的科研人员及工程技术人员,尤其适合研究生与高校教师。; 使用场景及目标:① 实现风力涡轮机典型故障(如传感器故障、传动链异常等)的快速检测与分类;② 结合Simulink搭建风电系统仿真模型,验证SVM故障检测算法的有效性与鲁棒性;③ 支持科研复现、论文写作、项目开发及教学演示等多种应用场景; 阅读建议:建议读者结合提供的Matlab代码与Simulink模型进行实操演练,重点关注数据预处理、特征提取与SVM参数调优环节,以深入掌握故障检测系统的构建流程。同时可参考文档中列出的其他研究主题拓展研究思路。
内容概要:本文围绕“计及数据中心算力等效的电热综合能源系统调度策略”展开,提出一种将数据中心的算力需求等效为可调度电力负荷的创新方法,通过Matlab代码实现了电、热、算力多能耦合系统的协同优化调度。该策略充分挖掘数据中心在能耗特性与算力弹性方面的潜力,将其作为灵活负荷参与综合能源系统调度,有效提升系统对可再生能源的消纳能力,降低弃风弃光率,并增强系统运行的经济性与灵活性。研究涵盖了系统建模、优化求解与仿真分析全过程,提供了完整的Matlab代码与复现方案,具有较高的科研价值与工程应用前景,属于高水平学术论文复现内容。; 适合人群:具备电力系统、综合能源系统、优化建模等相关背景,熟练掌握Matlab编程及YALMIP等优化工具箱,从事能源互联网、绿色计算、数据中心节能等领域研究的研究生、高校教师及工程技术人员。; 使用场景及目标:①用于高水平科研论文复现与算法验证,掌握算力-电力耦合系统建模与优化方法;②支撑综合能源系统、数据中心低碳运行等课题研究与项目开发;③深化对多能协同调度、需求侧响应及可再生能源消纳机制的理解与实践能力。; 阅读建议:建议结合网盘提供的完整代码包与说明文档,按照目录结构循序渐进学习,重点关注模型构建逻辑与Matlab实现细节,熟练使用YALMIP调用求解器进行仿真调试,并可在掌握核心思想的基础上进一步拓展至多场景、分布鲁棒等高级优化方法。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值