Sunday 29 June 2014

Using SPSecurity.RunWithElevatedPrivileges

SPWeb oWeb = SPContext.Current.Web;
SPWeb oWeb = oSite.OpenWeb();
Diff b/w above two is:
when using SPSecurity.RunWithElevatedPrivileges:
1.in the delegate function, you must build a new SPSite/SPWeb object (like SPSite siteColl = new SPSite(App.SITE_COLLECTION_URL)) and you can't use the SPContext.Current.Web, because the SPContext runs with the current context (with current user).
2.Also set the AllowUnsafeUpdates property of the site/web where you will be updating/accessing stuff to true, to be sure you don't get an error like "The security validation for this page is invalid" (see more below). If you don't do it, you code will work, but when returning from the delegate function, the error will arise..