"RunWithElevatedPrivileges" in sharepoint

Question

"RunWithElevatedPrivileges": Programmatically in C# it doesn't help me to allow users without manage List permission to upload file to sharepoint list items. My code is:

SPSecurity.RunWithElevatedPrivileges(delegate
{
    SPWeb web = SPContext.Current.Site;

    // my logic to upload file and edit list item attachments.
});

Complete code

protected void btn_Upload_Click(object sender, EventArgs e)
    {
        StreamWriter sw = new StreamWriter(@"C:\Upload.txt", true);
        try
        {
            if (this.FileUpload1.HasFile)
            {
                string siteURL = SPContext.Current.Web.Url.ToString();
                if (Request["Items"] != null && Request["ListId"] != null)
                {

                    string SelectedItems = Convert.ToString(Request["Items"]);
                    string[] lstJobsIds = SelectedItems.Split(new string[] { "|" }, StringSplitOptions.None);
                    SPList list = null;

                    SPSecurity.RunWithElevatedPrivileges(delegate()
                    {

                        //SPSite site = SPContext.Current.Site;
                        using (SPSite site = new SPSite("http://sitrURL"))
                        {
                            using (SPWeb web = site.OpenWeb())
                            {
                                // Fetch the List
                                //list = web.Lists["ListName"];
                                sw.WriteLine("WEb is :" + web);
                                list = web.Lists["ListName"];

                                if (lstJobsIds.Length > 0)
                                {
                                    ////site.AllowUnsafeUpdates = true;

                                    ////web.AllowUnsafeUpdates = true;

                                    for (int i = 0; i < lstJobsIds.Length; i++)
                                    {
                                        // Get the List item
                                        if (lstJobsIds[i] != null && lstJobsIds[i] != string.Empty)
                                        {
                                            sw.WriteLine(lstJobsIds[i]);
                                            SPListItem listItem = list.GetItemById(int.Parse(lstJobsIds[i]));

                                            // Get the Attachment collection
                                            SPAttachmentCollection attachmentCollection = listItem.Attachments;
                                            Stream attachmentStream;
                                            Byte[] attachmentContent;
                                            sw.WriteLine(this.FileUpload1.PostedFile);
                                            sw.WriteLine(this.FileUpload1.FileName);

                                            attachmentStream = this.FileUpload1.PostedFile.InputStream;

                                            attachmentContent = new Byte[attachmentStream.Length];

                                            attachmentStream.Read(attachmentContent, 0, (int)attachmentStream.Length);

                                            attachmentStream.Close();
                                            attachmentStream.Dispose();

                                            // Add the file to the attachment collection
                                            attachmentCollection.Add(this.FileUpload1.FileName, attachmentContent);
                                            // Update th list item
                                            listItem.Update();

                                            web.AllowUnsafeUpdates = true;

                                        }
                                    }
                                    //web.AllowUnsafeUpdates = false;
                                    //site.AllowUnsafeUpdates = false;
                                }


                                sw.Close();

                            }
                        }
                    });
                }

            }
        }
        catch (Exception ex)
        {
            sw.WriteLine(ex);
            sw.Close();
        }
    }

Now When user click on button to upload file he gets HTTP Error 403 Forbidden.

So,how to allow users With limit permission to execute my custom function normally?

Answer 1

Sometimes in custom SharePoint solutions we need to execute custom code using System Account privileges than the current logged in user which may not have sufficient rights to execute custom code. In these situations we use RunWithElevatedPrivileges() method to delegate System Account rights to current logged in user.

In case current user does not have appropriate permissions to execute custom code then he will get “Access Denied” error. To bypass “Access Denied” error we use RunWithElevatedPrivileges() method.

Click on below link for more detailed answer

http://sharepointbag.com/latest/code-snippets/sharepoint/security/5/how-to-use-run-with-elevated-privileges-(rwep)-in-sharepoint/

Answer 2

Your code is wrong. Always create and dispose off the objects within the RunWithElevatedPrivileges delegate. So you should create new instance of SPweb inside the RunWithElevatedPrivileges block by using 'new' keyword.

Example:

private void yourFunction()
{
      SPSite site = SPContext.Current.Site;
      SPWeb web = SPContext.Current.Web;

      SPSecurity.RunWithElevatedPrivileges(delegate()
      {
            using (SPSite ElevatedSite = new SPSite(site.ID))
            {
                  using (SPWeb ElevatedWeb = ElevatedSite.OpenWeb(web.ID))
                  {
                        // Code Using the SPWeb Object Goes Here
                  }
            }
       });
}