Subscribe via RSS Feed Connect with me on LinkedIn

How to Programmatically Impersonate Users in SharePoint

[ 4 ] April 9, 2009 |

Sometimes when creating SharePoint web or console applications, you may need to execute specific code blocks in another user’s context.

Impersonating users in SharePoint will require a couple of things:

  • the account that the web or console app uses has privileges to impersonate other users (typically this would be the system account)
  • specific users’ user tokens


Step 1: Log in as the system account, or get a handle to the system account in your code

string siteStr = "http://mysharepointsite/";

//we just need to get a handle to the site for us
//to get the system account user token
SPSite tempSite = new SPSite(siteStr);

SPUserToken systoken = tempSite.SystemAccount.UserToken;

using (SPSite site = new SPSite(siteStr, systoken))
{
   using (SPWeb web = site.OpenWeb())
   {
       //right now, logged in as Site System Account
       Console.WriteLine("Currently logged in as: " +
                        web.CurrentUser.ToString());

       //add your code here
   }
}

Step 2: Before you impersonate, get the user token of the user you are switching to. For example:

//get this current user's user token
SPUserToken userToken = web.AllUsers[user].UserToken;

//create an SPSite object in the context of this user
SPSite s = new SPSite(siteStr, userToken);

SPWeb w = s.OpenWeb();
Console.WriteLine("Currently logged in as: " +
                  w.CurrentUser.ToString() +
                  "(" + w.CurrentUser.Name + ")"
                 );

Complete code follows:

private static void impersonateTest()
{
   string siteStr = "http://mysharepointsite/";
   SPSite tempSite = new SPSite(siteStr);
   SPUserToken systoken = tempSite.SystemAccount.UserToken;
   using (SPSite site = new SPSite(siteStr, systoken))
   {
       using (SPWeb web = site.OpenWeb())
       {
           //right now, logged in as Site System Account
           Console.WriteLine("Currently logged in as: " +
                              web.CurrentUser.ToString());
           switchUser(web, siteStr, "BlackNinjaSoftware/MatthewCarriere");
           switchUser(web, siteStr, "BlackNinjaSoftware/ShereenQumsieh");
           switchUser(web, siteStr, "BlackNinjaSoftware/DonabelSantos");
       }
   }
}

private static void switchUser(SPWeb web, string siteStr, string user)
{
   //impersonate somebody else
   SPUserToken userToken = web.AllUsers[user].UserToken;
   SPSite s = new SPSite(siteStr, userToken);
   SPWeb w = s.OpenWeb();
   Console.WriteLine("Currently logged in as: " +
                     w.CurrentUser.ToString() +
                     "(" + w.CurrentUser.Name + ")"
                    );
}

Tags:

Category: Blog

About Shereen Qumsieh: View author profile.

Comments (4)

Trackback URL | Comments RSS Feed

  1. Make sure to dispose your impersonated SPWeb and SPSite.

    Nice article btw.

  2. dynDev says:

    Great! That solved my issue. Thanks.

  3. […] Check out the article here:¬†http://www.sharepointdeveloperhq.com/2009/04/how-to-programmatically-impersonate-users-in-sharepoint… […]

  4. keith says:

    Brilliant, helped me out loads :-)

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.