SharePoint security programming issue

0
votes

I am using SharePoint Server 2007 Enterprise with Windows Server 2008 Enterprise. I have deployed a publishing portal. I am developing a ASP.Net web application using VSTS 2008 + C# + .Net 3.5 + ASP.Net + SharePoint Server 2007 SDK.

I found sometimes we need to use SPWebApplication.FormDigestSettings.Enabled = false in order to walk around, e.g. using SharePoint API to create a site in a site collection. I want to know why we need to execute SPWebApplication.FormDigestSettings.Enabled = false? What is the reason behind the scene?

thanks in advance, George

1
c#securitysharepointsharepoint-2007

1 Answers

2
votes

Does the user that is executing the commands have permissions to run the commands? Based on documentation, it appears that you are disabling security validation when you set that property to false.

A better way to get "super user" permissions to execute a command that the current user doesn't have permissions to run is to use SPSecurity.RunWithElevatedPrivileges

SPSecurity.RunWithElevatedPrivileges(delegate() 
{
    // Note: It's important that you create all new SPSite and SPWeb
    // objects in the elevated context in order to actually use elevated
    // privileges. Failure to do so will cause your code to execute
    // without elevated privileges.
    using(SPSite site = new SPSite(SPContext.Current.Site.ID))
    {
        using(SPWeb web = site.OpenWeb(SPContext.Current.Web.ID))
        {
             // run code here that requires elevated privileges.
        }
    }
});