SPWeb.EnsureUser with elevated privileges

by Christian Fredh 3. January 2010 00:07

When you work with groups and users and custom code in SharePoint you often use the SPWeb.EnsureUser method that according to MSDN documentation “checks whether the specified login name belongs to a valid user of the Web site, and if the login name does not already exist, adds it to the Web site”. The method returns an SPUser object.

The user who runs this method needs to be a site collection administrator and the user or group to resolve needs to come from an Active Directory source.

An alternative is to use SPWeb.SiteUsers[loginName] that also returns an SPUser object without requiring site collection administrator privileges. The issue you run into with using this property is that if the user haven’t logged in yet, the user will not be found, and that is why you want to use the EnsureUser method. But again, you need elevated privileges for this. EnsureUser actually uses the SiteUsers property for returning the user after adding it if needed.

Created a helper method for this purpose, that you might find helpful if working with users from the SharePoint object model. It is written as an extension method for the SPWeb class. It can easily be converted to a regular static method if not using C# 3.0 for SharePoint 2007 development.

public static class SPWebExtensions
    public static SPUser EnsureUserElevated(this SPWeb web, string loginName)
        if (web == null)
            throw new ArgumentNullException("web");

        if (string.IsNullOrEmpty(loginName))
            throw new ArgumentException("Login name cannot be null or empty.", "loginName");

        using (SPSite elevatedSite = new SPSite(web.Site.ID, web.Site.SystemAccount.UserToken))
            using (SPWeb elevatedWeb = elevatedSite.OpenWeb(web.ID))
                // Allow unsafe updates required, throws exception without, if not administrator.
                elevatedWeb.AllowUnsafeUpdates = true;

        return web.SiteUsers[loginName];

As you can see the SiteUsers property is still used to return the user, to get the correct user context, if you afterwards use SPUser.ParentWeb.CurrentUser for example.

Here is how you would retrieve a user using the method:

string loginName = "SOMEDOMAIN\someLoginName";
SPUser user = SPContext.Current.Web.EnsureUserElevated(loginName);

Tags: , , , ,

.NET | .NET 3.5 | SharePoint | SharePoint 2007


1/3/2010 12:20:49 AM #


Pingback from topsy.com

Twitter Trackbacks for
        Christian Fredh | SPWeb.EnsureUser with elevated privileges
        on Topsy.com

topsy.com |

5/26/2010 11:34:55 AM #


Pingback from 91.myipgirl.com

B150 Comand Dvd, B150 K5 Blazer Replacement Tail Light - 91.myipgirl.com

91.myipgirl.com |

Comments are closed

Powered by BlogEngine.NET
Theme by Mads Kristensen

About Christian Fredh

Christian Fredh

A twenty six year old solutions architect and developer living in Stockholm, Sweden. I work as a SharePoint consultant at Avega Group with .NET and SharePoint development.


The opinions expressed herein are my own personal opinions and do not represent my employer's view. Use the information on this site at your own risk.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.

© Copyright 2009, Christian Fredh.