To demonstrate the use of the SPUserToken object, I will programmatically check out a file on behalf of a different user. We have created a test document called Test.doc and uploaded it to the Shared Documents document library (as shown in fig below). Make sure that versioning is enabled on the Shared Documents document library. Later in this section, we will use the version history of this
document to check whether the code involving the SPUserToken object has succeeded.
In the next example, I will programmatically check out and then check in a document. I have created a web part called SuperPart that is responsible for doing this. The code retrieves the current site collection from the current SharePoint context and gets the PrivilegesTest SharePoint site from this site collection. By default, you are not allowed to check out and check in files in SharePoint using HTTP GET requests. To get around that, my code sample allows unsafe updates on the PrivilegesTest SharePoint site. An instance of SPFile associated with the test document can be retrieved from the PrivilegesTest SPWeb instance. Finally, the code adds some information to the test document’s versioning comment. The code responsible for checking out and checking in the
test document looks like this (it will be added to the Load event of a web part shortly):
SPSite objSite = SPControl.GetContextSite(Context);
SPWeb objWeb = objSite.AllWebs[“PrivilegesTest”];
objWeb.AllowUnsafeUpdates = true;
SPFile objFile = objWeb.GetFile(“Shared Documents/Test.doc”);
objFile.CheckOut();
SPUser objUser = objFile.CheckedOutBy;
objFile.CheckIn(“check-in version: “ + objFile.UIVersion + å
“ by “ + objUser.Name);
The complete code looks like this...
using System;
using System.Runtime.InteropServices;
using System.Web.UI;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Serialization;
using Microsoft.SharePoint;
using Microsoft.SharePoint.WebControls;
using Microsoft.SharePoint.WebPartPages;
namespace KwikSliver.ImpersonationAndElevationDemo
{
[Guid(“47500629-54d5-4ac4-ac44-097b4ce2e3eb”)]
public class SuperPart : System.Web.UI.WebControls.WebParts.WebPart
{
public SuperPart()
{
this.ExportMode = WebPartExportMode.All;
}
protected override void OnLoad(EventArgs e)
{
SPSite objSite = SPControl.GetContextSite(Context);
SPWeb objWeb = objSite.AllWebs[“PrivilegesTest”];
objWeb.AllowUnsafeUpdates = true;
SPFile objFile = objWeb.GetFile(“Shared Documents/Test.doc”);
objFile.CheckOut();
SPUser objUser = objFile.CheckedOutBy;
objFile.CheckIn(“check-in version: “ + objFile.UIVersion + “ by “ +
objUser.Name);
}
}
}
In this example, I first navigated to a page containing the SuperPart web part while logged in as user SuperB. This caused the SuperPart web part to load and execute, which checked out and then checked in a document in a document library under the SuperB system account. Then, I logged in as user NormalA and went back to the same page, causing the creation of a new version of Test.doc under the identity of NormalA. Figure down below shows the version history of the test document.
The version history can be used to check our results. As you can see, the document was first updated by a system account, followed by an update by the NormalA user.
Now we are ready to show how to impersonate a user account using the SPUserToken object. We will access the default page of the PrivilegesTest site while logged in as SuperB, but we will check out and check in the file using the NormalB account. To make it easier to concentrate on the impersonation part of the code, copy the code concerning document modification to a new private method called CheckInAndOut() in the web part.
First, the web part needs to retrieve a valid SPUser object from the current SharePoint site representing the NormalB user account. We will use the AllUsers collection of the current SharePoint site to retrieve the NormalB user account. Then, we will need to create an instance of an SPSite object in the context of the NormalB user account. This is done by passing a valid user token representing
the NormalB user account. This token is retrieved from a property called UserToken that is a member of an SPUser object. The UserToken object needs to be passed to an SPSite object’s constructor in order to impersonate a given user. This is shown in the following code fragment:
SPUser user = web.AllUsers[@”web1\NormalB”];
SPSite objSite = new SPSite(“http://web1”, user.UserToken);
The complete code for the web part that uses the NormalB account to check out and then check in a document is listed here..
using System;
using System.Runtime.InteropServices;
using System.Web.UI;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Serialization;
using Microsoft.SharePoint;
using Microsoft.SharePoint.WebControls;
using Microsoft.SharePoint.WebPartPages;
namespace KwikSilver.ImpersonationAndElevationDemo
{
[Guid(“47500629-54d5-4ac4-ac44-097b4ce2e3eb”)]
public class SuperPart : System.Web.UI.WebControls.WebParts.WebPart
{
public SuperPart()
{
this.ExportMode = WebPartExportMode.All;
}
protected override void CreateChildControls()
{
try
{
string strValue = String.Empty;
SPSite site = SPControl.GetContextSite(Context);
SPWeb web = site.AllWebs[“PrivilegesTest”];
SPUser user = web.AllUsers[@”web1\NormalB”];
CheckInAndOut(user);
}
catch (Exception err)
{
Controls.Add(new LiteralControl(err.Message));
}
}
private void CheckInAndOut(SPUser user)
{
SPSite objSite = new SPSite(“http://web1”, å
user.UserToken);
SPWeb objWeb = objSite.AllWebs[“PrivilegesTest”];
objWeb.AllowUnsafeUpdates = true;
SPFile objFile = objWeb.GetFile(“Shared Documents/Test.doc”);
objFile.CheckOut();
SPUser objUser = objFile.CheckedOutBy;
objFile.CheckIn(“check-in version: “ + objFile.UIVersion + “ by “ +
objUser.Name);
Controls.Add(new LiteralControl(objFile.Name +
“ checked out by: “ + objUser.Name));
}
}
}
The result of executing this web part is shown in Figure below:
It does not matter which account you use to log in to the SharePoint site containing the SuperPart web part; the web part uses the SPUserToken object to impersonate the NormalB account and then checks out test.doc using this account. You can also use the document version history to check this.
In this posting, you have learned how to use the SharePoint SPUserToken object. We have used the SPUserToken object to add a new version to the version history of a document stored in a SharePoint list.
In this posting, you have learned how to use the SharePoint SPUserToken object. We have used the SPUserToken object to add a new version to the version history of a document stored in a SharePoint list.
