Thursday, 1 January 2015

Allow unsafe update vs run with elevated privileges in sharepoint

In this blog, we will see the differences between AllowUnsafeUpdates and RunWithElevatedPrivileges

What is allow unsafe update and run with elevated privileges in SharePoint 2010? What are the differences between Allow unsafe update and RWEP.

AllowUnsafeUpdates Vs RunWithElevatedPrivileges


AllowUnsafeUpdates -

 AllowUnsafeUpdates is set to true when you are trying to update the database.
To GET the content from the content DB, we need to set the AllowUnsafeUpdates = true.
For reasons of security, Microsoft SharePoint does not allow you to make posts from a Web application to modify the content database unless you include security validation on the page.

SPList list= web.Lists["MyList"];
SPListItemCollection items= list.GetItems();
web.AllowUnsafeUpdates = true;
foreach (SPListItem item in items)
{
     item["Title"] = "New Title";
     item.Update();
}
web.AllowUnsafeUpdates = false;

RunWithElevatedPrivileges

Executes the specified method with Full Control rights even if the user does not otherwise have Full Control.

Code

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
    // implementation details omitted
    }
});


Keep following SharePointCafe.Net for more blogs on SharePoint, ASP.Net, ASP.Net CoreWeb API, WCF, MVC


No comments:

Post a Comment

Dear Readers, Please post your valuable feedback in the comment section if you like this blog or if you have any suggestions. I would love to hear the same from you. Thanks