Allow unsafe update vs run with elevated privileges in sharepoint

In this blog, we will see the differences between AllowUnsafeUpdates and RunWithElevatedPrivileges

What is allow unsafe update and run with elevated privileges in SharePoint 2010? What are the differences between Allow unsafe update and RWEP.

AllowUnsafeUpdates Vs RunWithElevatedPrivileges


AllowUnsafeUpdates -

 AllowUnsafeUpdates is set to true when you are trying to update the database.
To GET the content from the content DB, we need to set the AllowUnsafeUpdates = true.
For reasons of security, Microsoft SharePoint does not allow you to make posts from a Web application to modify the content database unless you include security validation on the page.

SPList list= web.Lists["MyList"];
SPListItemCollection items= list.GetItems();
web.AllowUnsafeUpdates = true;
foreach (SPListItem item in items)
{
     item["Title"] = "New Title";
     item.Update();
}
web.AllowUnsafeUpdates = false;

RunWithElevatedPrivileges

Executes the specified method with Full Control rights even if the user does not otherwise have Full Control.

Code

SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
    // implementation details omitted
    }
});


Keep following SharePointCafe.Net for more blogs on SharePoint, ASP.Net, ASP.Net CoreWeb API, WCF, MVC



Comments

Popular